Adobe–Bridge
  Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-07-09 7.8 CVE-2024-34139
psirt@adobe.com Adobe–InDesign Desktop
  InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-07-09 7.8 CVE-2024-20781
psirt@adobe.com Adobe–InDesign Desktop
  InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-07-09 7.8 CVE-2024-20782
psirt@adobe.com Adobe–InDesign Desktop
  InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-07-09 7.8 CVE-2024-20783
psirt@adobe.com Adobe–InDesign Desktop
  InDesign Desktop versions ID19.3, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-07-09 7.8 CVE-2024-20785
psirt@adobe.com Adobe–Premiere Pro
  Premiere Pro versions 23.6.5, 24.4.1 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by inserting a malicious file into the search path, which the application might execute instead of the legitimate file. This could occur when the application uses a search path to locate executables or libraries. Exploitation of this issue requires user interaction, attack complexity is high. 2024-07-09 7 CVE-2024-34123
psirt@adobe.com Advanced File Manager–Advanced File Manager Shortcodes
  The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers with contributor access or above to upload arbitrary files on the affected site’s server which may make remote code execution possible. 2024-07-10 8.8 CVE-2023-7061
security@wordfence.com
security@wordfence.com Advanced File Manager–Advanced File Manager Shortcodes
  The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4. This makes it possible for attackers with contributor access or higher to read the contents of arbitrary files on the server, which can contain sensitive information. 2024-07-10 8.8 CVE-2023-7062
security@wordfence.com
security@wordfence.com airbytehq–airbyte
  Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new connectors. Sensitive information, such as credentials, could be exposed if a user tested a new connector on a compromised instance. The connection builder does not have access to any data processes. This vulnerability is fixed in 0.62.2. 2024-07-09 8.5 CVE-2024-38363
security-advisories@github.com Ali2Woo Team–Ali2Woo Lite
  Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Team Ali2Woo Lite allows Cross-Site Scripting (XSS).This issue affects Ali2Woo Lite: from n/a through 3.3.9. 2024-07-12 7.1 CVE-2024-37213
audit@patchstack.com Andy Moyle–Church Admin
  Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin allows Upload a Web Shell to a Web Server.This issue affects Church Admin: from n/a through 4.4.6. 2024-07-09 9.9 CVE-2024-37418
audit@patchstack.com anhvnit–Woocommerce OpenPos
  Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in anhvnit Woocommerce OpenPos.This issue affects Woocommerce OpenPos: from n/a through 6.4.4. 2024-07-12 9.3 CVE-2024-37933
audit@patchstack.com anhvnit–Woocommerce OpenPos
  Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in anhvnit Woocommerce OpenPos allows File Manipulation.This issue affects Woocommerce OpenPos: from n/a through 6.4.4. 2024-07-12 8.6 CVE-2024-37932
audit@patchstack.com ashanjay–EventON
  The EventON plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘eventon_import_settings’ ajax action in all versions up to, and including, 2.2.15. This makes it possible for unauthenticated attackers to update plugin settings, including adding stored cross-site scripting to settings options displayed on event calendar pages. 2024-07-09 7.2 CVE-2024-6180
security@wordfence.com
security@wordfence.com
security@wordfence.com Automattic–Newspack Blocks
  Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Newspack Blocks allows Upload a Web Shell to a Web Server.This issue affects Newspack Blocks: from n/a through 3.0.8. 2024-07-09 9.9 CVE-2024-37424
audit@patchstack.com Automattic–Newspack Blocks
  Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic Newspack Blocks.This issue affects Newspack Blocks: from n/a through 3.0.8. 2024-07-10 7.5 CVE-2024-37115
audit@patchstack.com bitpressadmin–Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder
  The Bit Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘iconUpload’ function in all versions up to, and including, 2.12.2. This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload arbitrary files on the affected site’s server which may make remote code execution possible. 2024-07-09 7.2 CVE-2024-6123
security@wordfence.com
security@wordfence.com Booking Ultra Pro–Booking Ultra Pro
  Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Booking Ultra Pro allows PHP Local File Inclusion.This issue affects Booking Ultra Pro: from n/a through 1.1.13. 2024-07-12 7.1 CVE-2024-38717
audit@patchstack.com Brainstorm Force–Ultimate Addons for Elementor
  Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.31. 2024-07-09 8.8 CVE-2024-37455
audit@patchstack.com Checkmk GmbH–Checkmk
  Incorrect permissions on the Checkmk Windows Agent’s data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges. 2024-07-10 8.8 CVE-2024-28827
security@checkmk.com Checkmk GmbH–Checkmk
  Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site. 2024-07-10 8.8 CVE-2024-28828
security@checkmk.com code-projects–Simple Task List
  A vulnerability was found in code-projects Simple Task List 1.0. It has been declared as critical. This vulnerability affects unknown code of the file loginForm.php of the component Login. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271060. 2024-07-11 7.3 CVE-2024-6653
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com Codeless–Cowidgets Elementor Addons
  Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Codeless Cowidgets – Elementor Addons allows Path Traversal.This issue affects Cowidgets – Elementor Addons: from n/a through 1.1.1. 2024-07-09 7.5 CVE-2024-37419
audit@patchstack.com codermy — my-springsecurity-plus
  my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user. 2024-07-12 9.8 CVE-2024-40539
cve@mitre.org codermy — my-springsecurity-plus
  my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept. 2024-07-12 9.8 CVE-2024-40540
cve@mitre.org codermy — my-springsecurity-plus
  my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build. 2024-07-12 9.8 CVE-2024-40541
cve@mitre.org codermy — my-springsecurity-plus
  my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset. 2024-07-12 9.8 CVE-2024-40542
cve@mitre.org Crocoblock–JetThemeCore
  Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Crocoblock JetThemeCore allows File Manipulation.This issue affects JetThemeCore: from n/a before 2.2.1. 2024-07-09 7.7 CVE-2024-37497
audit@patchstack.com deano1987–Advanced AJAX Page Loader
  The Advanced AJAX Page Loader plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 2.7.7. This is due to missing nonce validation in the ‘admin_init_AAPL’ function and missing file type validation in the ‘AAPL_options_validate’ function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-07-09 8.8 CVE-2024-6310
security@wordfence.com
security@wordfence.com
security@wordfence.com decidim–decidim
  Decidim is a participatory democracy framework. The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter `per_page`. This vulnerability is fixed in 0.27.6 and 0.28.1. 2024-07-10 7.1 CVE-2024-32469
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com Delta Electronics–CNCSoft-G2
  Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. 2024-07-09 7.8 CVE-2024-39880
ics-cert@hq.dhs.gov directus–directus
  Directus is a real-time API and App dashboard for managing SQL database content. When relying on SSO providers in combination with local authentication it can be possible to enumerate existing SSO users in the instance. This is possible because if an email address exists in Directus and belongs to a known SSO provider then it will throw a “helpful” error that the user belongs to another provider. This vulnerability is fixed in 10.13.0. 2024-07-08 7.5 CVE-2024-39896
security-advisories@github.com
security-advisories@github.com dlink — dir-823x_ax3000_firmware
  D-Link DIR-823X firmware – 240126 was discovered to contain a remote command execution (RCE) vulnerability via the dhcpd_startip parameter at /goform/set_lan_settings. 2024-07-08 8.8 CVE-2024-39202
cve@mitre.org docker — desktop
  In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-notes/#4290 fixes the issue on MacOS, Linux and Windows with Hyper-V backend. As exploitation requires “Allow only extensions distributed through the Docker Marketplace” to be disabled, Docker Desktop  v4.31.0 https://docs.docker.com/desktop/release-notes/#4310  additionally changes the default configuration to enable this setting by default. 2024-07-09 7 CVE-2024-6222
security@docker.com dwieeb–ScrollTo Bottom
  The ScrollTo Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.1.1. This is due to missing nonce validation and missing file type validation in the ‘options_page’ function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-07-09 8.8 CVE-2024-6321
security@wordfence.com
security@wordfence.com dwieeb–ScrollTo Top
  The ScrollTo Top plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.2.2. This is due to missing nonce validation and missing file type validation in the ‘options_page’ function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-07-09 8.8 CVE-2024-6320
security@wordfence.com
security@wordfence.com Dylan James–Zephyr Project Manager
  Improper Privilege Management vulnerability in Dylan James Zephyr Project Manager allows Privilege Escalation.This issue affects Zephyr Project Manager: from n/a through 3.3.97. 2024-07-09 8.8 CVE-2024-37484
audit@patchstack.com e4jconnect — vikrentcar
  The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks 2024-07-11 8.8 CVE-2024-1845
contact@wpscan.com electron — electron-builder
  electron-updater allows for automatic updates for Electron apps. The file `packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts` implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by `cmd.exe` expands any environment variable found in command-line above. This creates a situation where `verifySignature()` can be tricked into validating the certificate of a different file than the one that was just downloaded. If the step is successful, the malicious update will be executed even if its signature is invalid. This attack assumes a compromised update manifest (server compromise, Man-in-the-Middle attack if fetched over HTTP, Cross-Site Scripting to point the application to a malicious updater server, etc.). The patch is available starting from 6.3.0-alpha.6. 2024-07-09 7.5 CVE-2024-39698
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com embedded-solutions — freemodbus
  Buffer Overflow vulnerability in SILA Embedded Solutions GmbH freemodbus v.2018-09-12 allows a remtoe attacker to cause a denial of service via the LINUXTCP server component. 2024-07-08 7.5 CVE-2024-31504
cve@mitre.org EVerest–everest-core
  EVerest is an EV charging software stack. An integer overflow in the “v2g_incoming_v2gtp” function in the v2g_server.cpp implementation can allow a remote attacker to overflow the process’ heap. This vulnerability is fixed in 2024.3.1 and 2024.6.0. 2024-07-10 9 CVE-2024-37310
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com ExtremePacs–Extreme XDS
  Improper Privilege Management vulnerability in Ekstrem Bir Bilgisayar Danismanlik Ic Ve Dis Ticaret Ltd. Sti. Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3928. 2024-07-08 7.2 CVE-2024-4341
iletisim@usom.gov.tr Favethemes–Houzez Theme – Functionality
  The Houzez Theme – Functionality plugin for WordPress is vulnerable to SQL Injection via the ‘currency_code’ parameter in all versions up to, and including, 3.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Custom-level (seller) access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-07-09 8.8 CVE-2024-5793
security@wordfence.com
security@wordfence.com FOGProject–fogproject
  FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34. 2024-07-12 9.8 CVE-2024-39914
security-advisories@github.com
security-advisories@github.com Fortinet–FortiADC
  An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and various remote servers such as private SDN connectors and FortiToken Cloud. 2024-07-09 7.4 CVE-2023-50178
psirt@fortinet.com Fortinet–FortiAIOps
  Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps version 2.0.0 may allow an attacker to re-use stolen old session tokens to perform unauthorized operations via crafted requests. 2024-07-09 8.1 CVE-2024-27782
psirt@fortinet.com Fortinet–FortiAIOps
  Multiple Exposure of sensitive information to an unauthorized actor vulnerabilities [CWE-200] in FortiAIOps version 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files. 2024-07-09 8.8 CVE-2024-27784
psirt@fortinet.com Fortinet–FortiAIOps
  Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] in FortiAIOps version 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests. 2024-07-09 7.6 CVE-2024-27783
psirt@fortinet.com Fortinet–FortiExtender
  An improper access control in Fortinet FortiExtender 4.1.1 – 4.1.9, 4.2.0 – 4.2.6, 5.3.2, 7.0.0 – 7.0.4, 7.2.0 – 7.2.4 and 7.4.0 – 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request. 2024-07-09 8.8 CVE-2024-23663
psirt@fortinet.com fullservices–FULL Cliente
  The FULL – Cliente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the license plan parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping as well as missing authorization and capability checks on the related functions. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that will execute whenever an administrative user accesses wp-admin dashboard 2024-07-11 7.2 CVE-2024-6447
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com G5Theme–Ultimate Bootstrap Elements for Elementor
  Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows Path Traversal.This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.2. 2024-07-09 8.5 CVE-2024-37462
audit@patchstack.com genetechproducts–Registration Forms User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction
  The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation/deactivation due to missing capability checks on the pieregister_install_addon, pieregister_activate_addon and pieregister_deactivate_addon functions in all versions up to, and including, 3.8.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install, activate and deactivate arbitrary plugins. As a result attackers might achieve code execution on the targeted server 2024-07-09 8.8 CVE-2024-6069
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com gitlab — gitlab
  An issue was discovered in GitLab CE/EE affecting all versions starting from 15.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows an attacker to trigger a pipeline as another user under certain circumstances. 2024-07-11 9.8 CVE-2024-6385
cve@gitlab.com
cve@gitlab.com glpi-project–glpi
  GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in some AJAX scripts to alter another user account data and take control of it. Upgrade to 10.0.16. 2024-07-10 8.1 CVE-2024-37148
security-advisories@github.com glpi-project–glpi
  GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16. 2024-07-10 7.2 CVE-2024-37149
security-advisories@github.com Google–Android
  In CacheOpPMRExec of cache_km.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-07-09 8.4 CVE-2024-23695
security@android.com Google–Android
  In RGXCreateZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-07-09 8.4 CVE-2024-23696
security@android.com Google–Android
  In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-07-09 8.4 CVE-2024-31319
security@android.com
security@android.com Google–Android
  In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-07-09 8.4 CVE-2024-31332
security@android.com
security@android.com Google–Android
  In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-07-09 7.8 CVE-2023-21113
security@android.com
security@android.com
security@android.com
security@android.com Google–Android
  In RGXCreateHWRTData_aux of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-07-09 7.3 CVE-2024-23697
security@android.com Google–Android
  In RGXFWChangeOSidPriority of rgxfwutils.c, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-07-09 7.8 CVE-2024-23698
security@android.com Google–Android
  In DevmemXIntUnreserveRange of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-07-09 7.8 CVE-2024-23711
security@android.com Google–Android
  In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-07-09 7.8 CVE-2024-31316
security@android.com
security@android.com Google–Android
  In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to unsafe deserialization. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. 2024-07-09 7.8 CVE-2024-31317
security@android.com
security@android.com Google–Android
  In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-07-09 7.4 CVE-2024-31320
security@android.com
security@android.com
security@android.com Google–Android
  In onCreate of multiple files, there is a possible way to trick the user into granting health permissions due to tapjacking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-07-09 7.8 CVE-2024-31323
security@android.com
security@android.com Google–Android
  In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. 2024-07-09 7.8 CVE-2024-31324
security@android.com
security@android.com Google–Android
  In setMimeGroup of PackageManagerService.java, there is a possible way to hide the service from Settings due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. 2024-07-09 7.8 CVE-2024-31331
security@android.com
security@android.com Google–Android
  In multiple functions of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-07-09 7.8 CVE-2024-31339
security@android.com
security@android.com Google–Android
  In com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of com_android_internal_os_ZygoteCommandBuffer.cpp, there is a possible method to perform arbitrary code execution in any app zygote processes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-07-09 7.4 CVE-2024-34720
security@android.com
security@android.com Google–Android
  In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-07-09 7.4 CVE-2024-34722
security@android.com
security@android.com Google–Android
  In _UnrefAndMaybeDestroy of pmr.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-07-09 7 CVE-2024-34724
security@android.com Google–Android
  In PVRSRV_MMap of pvr_bridge_k.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-07-09 7.8 CVE-2024-34726
security@android.com hackmdio–codimd
  CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe `HTML` tags with an improperly sanitized `name` attribute. This vulnerability enables attackers to perform cross-site scripting (XSS) attacks via DOM clobbering. This vulnerability is fixed in 2.5.4. 2024-07-10 8.1 CVE-2024-38354
security-advisories@github.com HashiCorp–Vault
  Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not listed in proxy_protocol_authorized_addrs, the Vault API server would shut down and no longer respond to any HTTP requests, potentially resulting in denial of service. While this bug also affected versions of Vault up to 1.17.1 and 1.16.5, a separate regression in those release series did not allow Vault operators to configure the deny_unauthorized option, thus not allowing the conditions for the denial of service to occur. Fixed in Vault and Vault Enterprise 1.17.2, 1.16.6, and 1.15.12. 2024-07-11 7.5 CVE-2024-6468
security@hashicorp.com hcltech — domino
  This vulnerability is being re-assessed.  Vulnerability details will be updated. The security bulletin will be republished when further details are available. 2024-07-08 7.5 CVE-2024-23562
psirt@hcl.com Houzez–Houzez CRM
  The Houzez CRM plugin for WordPress is vulnerable to time-based SQL Injection via the notes ‘belong_to’ parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Custom-level (seller) access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-07-10 8.8 CVE-2024-5792
security@wordfence.com
security@wordfence.com ibm — i
  IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 295227. 2024-07-08 7.8 CVE-2024-38330
psirt@us.ibm.com
psirt@us.ibm.com IBM–MQ Operator
  IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169. 2024-07-08 8.1 CVE-2024-39742
psirt@us.ibm.com
psirt@us.ibm.com IBM–WebSphere Application Server
  IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641. 2024-07-09 7.2 CVE-2024-35154
psirt@us.ibm.com
psirt@us.ibm.com ifm–Smart PLC AC14xx Firmware
  An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges. 2024-07-09 9.8 CVE-2024-28747
info@cert.vde.com ifm–Smart PLC AC14xx Firmware
  An high privileged remote attacker can enable telnet access that accepts hardcoded credentials.  2024-07-09 9.1 CVE-2024-28751
info@cert.vde.com ifm–Smart PLC AC14xx Firmware
  A remote attacker with high privileges may use a reading file function to inject OS commands. 2024-07-09 7.2 CVE-2024-28748
info@cert.vde.com ifm–Smart PLC AC14xx Firmware
  A remote attacker with high privileges may use a writing file function to inject OS commands. 2024-07-09 7.2 CVE-2024-28749
info@cert.vde.com ifm–Smart PLC AC14xx Firmware
  A remote attacker with high privileges may use a deleting file function to inject OS commands. 2024-07-09 7.2 CVE-2024-28750
info@cert.vde.com inspireui–MStore API Create Native Android & iOS Apps On The Cloud
  The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7. This is due to insufficient verification on the ‘phone’ parameter of the ‘firebase_sms_login’ and ‘firebase_sms_login_v2’ functions. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email address or phone number. Additionally, if a new email address is supplied, a new user account is created with the default role, even if registration is disabled. 2024-07-12 9.8 CVE-2024-6328
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com instawp — instawp_connect
  The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1.0.44. This is due to insufficient verification of the API key. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username, and to perform a variety of other administrative tasks. NOTE: This vulnerability was partially fixed in 0.1.0.44, but was still exploitable via Cross-Site Request Forgery. 2024-07-11 9.8 CVE-2024-6397
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com IqbalRony–WP User Switch
  Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation.This issue affects WP User Switch: from n/a through 1.1.0. 2024-07-12 8 CVE-2024-37560
audit@patchstack.com isc — stork
  The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the Stork server and use it to connect to the Stork agent. Once this connection is established with the valid certificate, the attacker can send malicious commands to a monitored service (Kea or BIND 9), possibly resulting in confidential data loss and/or denial of service. It should be noted that this vulnerability is not related to BIND 9 or Kea directly, and only customers using the Stork management tool are potentially affected. This issue affects Stork versions 0.15.0 through 1.15.0. 2024-07-11 8.1 CVE-2024-28872
security-officer@isc.org jevnet–Easy Pixels
  The Easy Pixels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-07-09 7.2 CVE-2024-5479
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com Juniper Networks, Inc.–Junos OS
  An Improper Neutralization of Data within XPath Expressions (‘XPath Injection’) vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device.  While an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user’s credentials. In the worst case, the attacker will have full control over the device. This issue affects Junos OS:  * All versions before 21.2R3-S8,  * from 21.4 before 21.4R3-S7, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2, * from 23.4 before 23.4R1-S1, 23.4R2. 2024-07-10 8.8 CVE-2024-39565
sirt@juniper.net
sirt@juniper.net
sirt@juniper.net Juniper Networks–Junos OS
  A Heap-based Buffer Overflow vulnerability in the telemetry sensor process (sensord) of Juniper Networks Junos OS on MX240, MX480, MX960 platforms using MPC10E causes a steady increase in memory utilization, ultimately leading to a Denial of Service (DoS). When the device is subscribed to a specific subscription on Junos Telemetry Interface, a slow memory leak occurs and eventually all resources are consumed and the device becomes unresponsive. A manual reboot of the Line Card will be required to restore the device to its normal functioning.  This issue is only seen when telemetry subscription is active. The Heap memory utilization can be monitored using the following command:   > show system processes extensive The following command can be used to monitor the memory utilization of the specific sensor   > show system info | match sensord PID NAME MEMORY PEAK MEMORY %CPU THREAD-COUNT CORE-AFFINITY UPTIME 1986 sensord 877.57MB 877.57MB 2 4 0,2-15 7-21:41:32 This issue affects Junos OS:  * from 21.2R3-S5 before 21.2R3-S7,  * from 21.4R3-S4 before 21.4R3-S6,  * from 22.2R3 before 22.2R3-S4,  * from 22.3R2 before 22.3R3-S2,  * from 22.4R1 before 22.4R3,  * from 23.2R1 before 23.2R2. 2024-07-10 7.5 CVE-2024-39518
sirt@juniper.net Juniper Networks–Junos OS
  A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are configured, and specific valid transit DNS traffic is received this causes a PFE crash and restart, leading to a Denial of Service. This issue affects Junos OS: * All versions before 21.4R3-S6, * 22.2 versions before 22.2R3-S3, * 22.3 versions before 22.3R3-S3, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R2. 2024-07-11 7.5 CVE-2024-39529
sirt@juniper.net Juniper Networks–Junos OS
  An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis management daemon (chassisd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an attempt is made to access specific sensors on platforms not supporting these sensors, either via GRPC or netconf, chassisd will crash and restart leading to a restart of all FPCs and thereby a complete outage. This issue affects Junos OS: * 21.4 versions from 21.4R3 before 21.4R3-S5, * 22.1 versions from 22.1R3 before 22.1R3-S4, * 22.2 versions from 22.2R2 before 22.2R3, * 22.3 versions from 22.3R1 before 22.3R2-S2, 22.3R3, * 22.4 versions from 22.4R1 before 22.4R2. This issue does not affect Junos OS versions earlier than 21.4. 2024-07-11 7.5 CVE-2024-39530
sirt@juniper.net Juniper Networks–Junos OS
  An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on SRX Series, and MX Series with SPC3 allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an affected device receives specific valid TCP traffic, the pfe crashes and restarts leading to a momentary but complete service outage. This issue affects Junos OS: 21.2 releases from 21.2R3-S5 before 21.2R3-S6. This issue does not affect earlier or later releases. 2024-07-11 7.5 CVE-2024-39540
sirt@juniper.net Juniper Networks–Junos OS
  An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MPC10/11 or LC9600, MX304, and Junos OS Evolved on ACX Series and PTX Series allows an unauthenticated, network based attacker to cause a Denial-of-Service (DoS). This issue can occur in two scenarios: 1. If a device, which is configured with SFLOW and ECMP, receives specific valid transit traffic, which is subject to sampling, the packetio process crashes, which in turn leads to an evo-aftman crash and causes the FPC to stop working until it is restarted. (This scenario is only applicable to PTX but not to ACX or MX.) 2. If a device receives a malformed CFM packet on an interface configured with CFM, the packetio process crashes, which in turn leads to an evo-aftman crash and causes the FPC to stop working until it is restarted. Please note that the CVSS score is for the formally more severe issue 1. The CVSS score for scenario 2. is: 6.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) This issue affects Junos OS: * All versions before 21.2R3-S4, * 21.4 versions before 21.4R2, * 22.2 versions before 22.2R3-S2;  Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.4 versions before 21.4R2-EVO. 2024-07-11 7.5 CVE-2024-39542
sirt@juniper.net Juniper Networks–Junos OS
  An Improper Check for Unusual or Exceptional Conditions vulnerability in the the IKE daemon (iked) of Juniper Networks Junos OS on SRX Series, MX Series with SPC3 and NFX350 allows allows an unauthenticated, network-based attacker sending specific mismatching parameters as part of the IPsec negotiation to trigger an iked crash leading to Denial of Service (DoS). This issue is applicable to all platforms that run iked. This issue affects Junos OS on SRX Series, MX Series with SPC3 and NFX350:  * All versions before 21.2R3-S8,  * from 21.4 before 21.4R3-S7,  * from 22.1 before 22.1R3-S2,  * from 22.2 before 22.2R3-S1,  * from 22.3 before 22.3R2-S1, 22.3R3,  * from 22.4 before 22.4R1-S2, 22.4R2, 22.4R3. 2024-07-11 7.5 CVE-2024-39545
sirt@juniper.net Juniper Networks–Junos OS
  A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not properly freed in all circumstances, leading to a Denial of Service (DoS). Consumed memory can be freed by manually restarting Routing Protocol Daemon (rpd). Memory utilization could be monitored by:  user@host> show system memory or show system monitor memory status This issue affects: Junos OS:  * All versions before 21.2R3-S8,  * from 21.4 before 21.4R3-S8, * from 22.2 before 22.2R3-S4,  * from 22.3 before 22.3R3-S3,  * from 22.4 before 22.4R3-S3, * from 23.2 before 23.2R2-S1,  * from 23.4 before 23.4R1-S2, 23.4R2, * from 24.2 before 24.2R2-EVO. Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * from 21.4 before 21.4R3-S8-EVO, * from 22.2 before 22.2R3-S4-EVO, * from 22.3 before 22.3R3-S3-EVO, * from 22.4 before 22.4R3-S3-EVO, * from 23.2 before 23.2R2-S1-EVO, * from 23.4 before 23.4R1-S2, 23.4R2, * from 24.2 before 24.2R2-EVO. 2024-07-11 7.5 CVE-2024-39549
sirt@juniper.net Juniper Networks–Junos OS
  An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of  Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an unauthenticated network-based attacker to send specific packets causing traffic loss leading to Denial of Service (DoS).  Continued receipt and processing of these specific packets will sustain the Denial of Service condition. The memory usage can be monitored using the below command.   user@host> show usp memory segment sha data objcache jsf  This issue affects SRX Series and MX Series with SPC3 and MS-MPC/MIC:  *  20.4 before 20.4R3-S10,  *  21.2 before 21.2R3-S6,  *  21.3 before 21.3R3-S5,  *  21.4 before 21.4R3-S6,  *  22.1 before 22.1R3-S4,  *  22.2 before 22.2R3-S2,  *  22.3 before 22.3R3-S1,  *  22.4 before 22.4R3,  *  23.2 before 23.2R2. 2024-07-11 7.5 CVE-2024-39551
sirt@juniper.net Juniper Networks–Junos OS
  An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause the RPD process to crash leading to a Denial of Service (DoS). When a malformed BGP UPDATE packet is received over an established BGP session, RPD crashes and restarts. Continuous receipt of the malformed BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices. This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote attacker to have at least one established BGP session. This issue affects: Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R2. Juniper Networks Junos OS Evolved: * All versions earlier than 21.2R3-S7; * 21.3-EVO versions earlier than 21.3R3-S5; * 21.4-EVO versions earlier than 21.4R3-S8; * 22.1-EVO versions earlier than 22.1R3-S4; * 22.2-EVO versions earlier than 22.2R3-S3; * 22.3-EVO versions earlier than 22.3R3-S2; * 22.4-EVO versions earlier than 22.4R3; * 23.2-EVO versions earlier than 23.2R2. 2024-07-11 7.5 CVE-2024-39552
sirt@juniper.net
sirt@juniper.net Juniper Networks–Junos OS
  An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service (DoS). Continued receipt and processing of these malformed BGP update messages will create a sustained Denial of Service (DoS) condition. Upon receipt of a BGP update message over an established BGP session containing a specifically malformed tunnel encapsulation attribute, when segment routing is enabled, internal processing of the malformed attributes within the update results in improper parsing of remaining attributes, leading to session reset: BGP SEND Notification code 3 (Update Message Error) subcode 1 (invalid attribute list) Only systems with segment routing enabled are vulnerable to this issue. This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations, and requires a remote attacker to have at least one established BGP session. This issue affects: Junos OS: * All versions before 21.4R3-S8, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S3, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R1-S2, 23.4R2. Junos OS Evolved:  * All versions before 21.4R3-S8-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-S3-EVO, * from 23.2-EVO before 23.2R2-S1-EVO, * from 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO. 2024-07-10 7.5 CVE-2024-39555
sirt@juniper.net Juniper Networks–Junos OS Evolved
  An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to ‘root’ leading to a full compromise of the system. The Junos OS Evolved CLI doesn’t properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved: * All version before 20.4R3-S6-EVO,  * 21.2-EVO versions before 21.2R3-S4-EVO, * 21.4-EVO versions before 21.4R3-S6-EVO,  * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO,  * 22.3-EVO versions before 22.3R2-EVO. 2024-07-11 7.8 CVE-2024-39520
sirt@juniper.net Juniper Networks–Junos OS Evolved
  An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to ‘root’ leading to a full compromise of the system. The Junos OS Evolved CLI doesn’t properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved:  * 21.1-EVO versions 21.1R1-EVO and later before 21.2R3-S8-EVO,  * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.1-EVO versions before 22.1R3-S6-EVO,  * 22.2-EVO versions before 22.2R3-EVO, * 22.3-EVO versions before 22.3R2-EVO. 2024-07-11 7.8 CVE-2024-39521
sirt@juniper.net Juniper Networks–Junos OS Evolved
  An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to ‘root’ leading to a full compromise of the system. The Junos OS Evolved CLI doesn’t properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved: * 22.3-EVO versions before 22.3R2-EVO, * 22.4-EVO versions before 22.4R1-S1-EVO, 22.4R2-EVO. 2024-07-11 7.8 CVE-2024-39522
sirt@juniper.net Juniper Networks–Junos OS Evolved
  An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to ‘root’ leading to a full compromise of the system. The Junos OS Evolved CLI doesn’t properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved:  * All versions before 20.4R3-S7-EVO, * 21.2-EVO versions before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.1-EVO versions before 22.1R3-S6-EVO,  * 22.2-EVO versions before 22.2R3-EVO, * 22.3-EVO versions before 22.3R2-EVO, * 22.4-EVO versions before 22.4R2-EVO. 2024-07-11 7.8 CVE-2024-39523
sirt@juniper.net Juniper Networks–Junos OS Evolved
  An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to ‘root’ leading to a full compromise of the system. The Junos OS Evolved CLI doesn’t properly handle command options in some cases, allowing users which execute specific CLI commands with a crafted set of parameters to escalate their privileges to root on shell level. This issue affects Junos OS Evolved: All versions before 20.4R3-S7-EVO, 21.2-EVO versions before 21.2R3-S8-EVO, 21.4-EVO versions before 21.4R3-S7-EVO,  22.2-EVO versions before 22.2R3-EVO, 22.3-EVO versions before 22.3R2-EVO, 22.4-EVO versions before 22.4R2-EVO. 2024-07-11 7.8 CVE-2024-39524
sirt@juniper.net Juniper Networks–Junos OS Evolved
  An Improper Handling of Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows a network-based, unauthenticated attacker to cause a Denial-of-Service (DoS). If a value is configured for DDoS bandwidth or burst parameters for any protocol in a queue, all protocols which share the same queue will have their bandwidth or burst value changed to the new value. If, for example, OSPF was configured with a certain bandwidth value, ISIS would also be limited to this value. So inadvertently either the control plane is open for a high level of specific traffic which was supposed to be limited to a lower value, or the limit for a certain protocol is so low that chances to succeed with a volumetric DoS attack are significantly increased.  This issue affects Junos OS Evolved on ACX 7000 Series: * All versions before 21.4R3-S7-EVO, * 22.1 versions before 22.1R3-S6-EVO,  * 22.2 versions before 22.2R3-S3-EVO, * 22.3 versions before 22.3R3-S3-EVO,  * 22.4 versions before 22.4R3-S2-EVO, * 23.2 versions before 23.2R2-EVO, * 23.4 versions before 23.4R1-S1-EVO, 23.4R2-EVO. 2024-07-11 7.5 CVE-2024-39531
sirt@juniper.net Juniper Networks–Junos OS Evolved
  A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause any command to execute with root privileges leading to privilege escalation ultimately compromising the system.  This issue affects Junos OS Evolved:  * All versions prior to 21.2R3-S8-EVO,  * 21.4 versions prior to  21.4R3-S6-EVO,  * 22.1 versions prior to 22.1R3-S5-EVO,  * 22.2 versions prior to 22.2R3-S3-EVO,  * 22.3 versions prior to 22.3R3-S3-EVO,  * 22.4 versions prior to 22.4R3-EVO,  * 23.2 versions prior to 23.2R2-EVO. 2024-07-11 7.3 CVE-2024-39546
sirt@juniper.net Juniper Networks–Junos OS Evolved
  An Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to consume memory resources, resulting in a Denial of Service (DoS) condition. The processes do not recover on their own and must be manually restarted. This issue affects both IPv4 and IPv6.  Changes in memory usage can be monitored using the following CLI command: user@device> show system memory node <fpc slot> | grep evo-aftmann This issue affects Junos OS Evolved:  * All versions before 21.2R3-S8-EVO,  * 21.3 versions before 21.3R3-S5-EVO,  * 21.4 versions before 21.4R3-S5-EVO,  * 22.1 versions before 22.1R3-S4-EVO,  * 22.2 versions before 22.2R3-S4-EVO, * 22.3 versions before 22.3R3-S3-EVO, * 22.4 versions before 22.4R2-S2-EVO, 22.4R3-EVO,  * 23.2 versions before 23.2R1-S1-EVO, 23.2R2-EVO. 2024-07-11 7.5 CVE-2024-39548
sirt@juniper.net Juniper Networks–Junos OS Evolved
  A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS) by blocking SSH access for legitimate users. Continued receipt of these connections will create a sustained Denial of Service (DoS) condition. The issue is triggered when a high rate of concurrent SSH requests are received and terminated in a specific way, causing xinetd to crash, and leaving defunct sshd processes. Successful exploitation of this vulnerability blocks both SSH access as well as services which rely upon SSH, such as SFTP, and Netconf over SSH. Once the system is in this state, legitimate users will be unable to SSH to the device until service is manually restored.  See WORKAROUND section below. Administrators can monitor an increase in defunct sshd processes by utilizing the CLI command:   > show system processes | match sshd   root   25219 30901 0 Jul16 ?       00:00:00 [sshd] <defunct> This issue affects Juniper Networks Junos OS Evolved: * All versions prior to 21.4R3-S7-EVO * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S2-EVO; * 22.4-EVO versions prior to 22.4R3-EVO; * 23.2-EVO versions prior to 23.2R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved 22.1-EVO nor 22.2-EVO. 2024-07-10 7.5 CVE-2024-39562
sirt@juniper.net
sirt@juniper.net KaineLabs–Youzify
  Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in KaineLabs Youzify.This issue affects Youzify: from n/a through 1.2.5. 2024-07-09 8.5 CVE-2024-37494
audit@patchstack.com kaptinlin–Striking
  Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in kaptinlin Striking allows Path Traversal.This issue affects Striking: from n/a through 2.3.4. 2024-07-09 8.5 CVE-2024-37268
audit@patchstack.com level1 — wbr-6013_firmware
  A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A set of specially crafted network packets can lead to arbitrary command execution. 2024-07-08 9.8 CVE-2023-46685
talos-cna@cisco.com level1 — wbr-6013_firmware
  Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A specially crafted network request can lead to arbitrary command execution. 2024-07-08 7.2 CVE-2023-49593
talos-cna@cisco.com Membership Software–WishList Member X
  Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7. 2024-07-09 10 CVE-2024-37112
audit@patchstack.com Membership Software–WishList Member X
  Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7. 2024-07-10 9.8 CVE-2024-37113
audit@patchstack.com Membership Software–WishList Member X
  Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7. 2024-07-10 7.5 CVE-2024-37110
audit@patchstack.com metagauss–ProfileGrid User Profiles, Groups and Communities
  The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.8.9. This is due to a lack of validation on user-supplied data in the ‘pm_upload_image’ AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their user capabilities to Administrator. 2024-07-10 8.8 CVE-2024-6411
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com microsoft — .net
  .NET and Visual Studio Denial of Service Vulnerability 2024-07-09 7.5 CVE-2024-38095
secure@microsoft.com microsoft — 365_apps
  Microsoft Outlook Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-38021
secure@microsoft.com microsoft — azure_cyclecloud
  Azure CycleCloud Elevation of Privilege Vulnerability 2024-07-09 8.8 CVE-2024-38092
secure@microsoft.com microsoft — defender_for_iot
  Microsoft Defender for IoT Elevation of Privilege Vulnerability 2024-07-09 9.9 CVE-2024-38089
secure@microsoft.com microsoft — sharepoint_server
  Microsoft SharePoint Server Remote Code Execution Vulnerability 2024-07-09 7.2 CVE-2024-38023
secure@microsoft.com microsoft — sharepoint_server
  Microsoft SharePoint Server Remote Code Execution Vulnerability 2024-07-09 7.2 CVE-2024-38024
secure@microsoft.com microsoft — sharepoint_server
  Microsoft SharePoint Remote Code Execution Vulnerability 2024-07-09 7.2 CVE-2024-38094
secure@microsoft.com microsoft — windows_10_1507
  Secure Boot Security Feature Bypass Vulnerability 2024-07-09 8 CVE-2024-37986
secure@microsoft.com microsoft — windows_10_1507
  Secure Boot Security Feature Bypass Vulnerability 2024-07-09 8 CVE-2024-37987
secure@microsoft.com microsoft — windows_10_1507
  Secure Boot Security Feature Bypass Vulnerability 2024-07-09 8 CVE-2024-37988
secure@microsoft.com microsoft — windows_10_1507
  Secure Boot Security Feature Bypass Vulnerability 2024-07-09 8 CVE-2024-37989
secure@microsoft.com microsoft — windows_10_1507
  Secure Boot Security Feature Bypass Vulnerability 2024-07-09 8 CVE-2024-38010
secure@microsoft.com microsoft — windows_10_1507
  Secure Boot Security Feature Bypass Vulnerability 2024-07-09 8 CVE-2024-38011
secure@microsoft.com microsoft — windows_10_1507
  Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability 2024-07-09 8.1 CVE-2024-38049
secure@microsoft.com microsoft — windows_10_1507
  Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-38053
secure@microsoft.com microsoft — windows_10_1507
  Windows Imaging Component Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-38060
secure@microsoft.com microsoft — windows_10_1507
  Windows Fax Service Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-38104
secure@microsoft.com microsoft — windows_10_1507
  Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability 2024-07-09 7.2 CVE-2024-38019
secure@microsoft.com microsoft — windows_10_1507
  Windows Image Acquisition Elevation of Privilege Vulnerability 2024-07-09 7 CVE-2024-38022
secure@microsoft.com microsoft — windows_10_1507
  Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability 2024-07-09 7.2 CVE-2024-38025
secure@microsoft.com microsoft — windows_10_1507
  Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability 2024-07-09 7.2 CVE-2024-38028
secure@microsoft.com microsoft — windows_10_1507
  PowerShell Elevation of Privilege Vulnerability 2024-07-09 7.3 CVE-2024-38033
secure@microsoft.com microsoft — windows_10_1507
  Windows Filtering Platform Elevation of Privilege Vulnerability 2024-07-09 7.8 CVE-2024-38034
secure@microsoft.com microsoft — windows_10_1507
  Windows Workstation Service Elevation of Privilege Vulnerability 2024-07-09 7.8 CVE-2024-38050
secure@microsoft.com microsoft — windows_10_1507
  Windows Graphics Component Remote Code Execution Vulnerability 2024-07-09 7.8 CVE-2024-38051
secure@microsoft.com microsoft — windows_10_1507
  Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability 2024-07-09 7.8 CVE-2024-38052
secure@microsoft.com microsoft — windows_10_1507
  Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability 2024-07-09 7.8 CVE-2024-38054
secure@microsoft.com microsoft — windows_10_1507
  Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability 2024-07-09 7.8 CVE-2024-38057
secure@microsoft.com microsoft — windows_10_1507
  DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability 2024-07-09 7.5 CVE-2024-38061
secure@microsoft.com microsoft — windows_10_1507
  Windows TCP/IP Information Disclosure Vulnerability 2024-07-09 7.5 CVE-2024-38064
secure@microsoft.com microsoft — windows_10_1507
  Windows Win32k Elevation of Privilege Vulnerability 2024-07-09 7.8 CVE-2024-38066
secure@microsoft.com microsoft — windows_10_1507
  Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability 2024-07-09 7.5 CVE-2024-38068
secure@microsoft.com microsoft — windows_10_1507
  Windows Enroll Engine Security Feature Bypass Vulnerability 2024-07-09 7 CVE-2024-38069
secure@microsoft.com microsoft — windows_10_1507
  Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability 2024-07-09 7.8 CVE-2024-38070
secure@microsoft.com microsoft — windows_10_1507
  Windows Graphics Component Elevation of Privilege Vulnerability 2024-07-09 7.8 CVE-2024-38079
secure@microsoft.com microsoft — windows_10_1507
  Windows Graphics Component Elevation of Privilege Vulnerability 2024-07-09 7.8 CVE-2024-38085
secure@microsoft.com microsoft — windows_10_1507
  Microsoft WS-Discovery Denial of Service Vulnerability 2024-07-09 7.5 CVE-2024-38091
secure@microsoft.com microsoft — windows_10_1507
  Windows MSHTML Platform Spoofing Vulnerability 2024-07-09 7.5 CVE-2024-38112
secure@microsoft.com microsoft — windows_10_1607
  PowerShell Elevation of Privilege Vulnerability 2024-07-09 7.8 CVE-2024-38043
secure@microsoft.com microsoft — windows_10_1607
  PowerShell Elevation of Privilege Vulnerability 2024-07-09 7.8 CVE-2024-38047
secure@microsoft.com microsoft — windows_10_1607
  Windows Kernel-Mode Driver Elevation of Privilege Vulnerability 2024-07-09 7.8 CVE-2024-38062
secure@microsoft.com microsoft — windows_10_21h2
  Microsoft Xbox Remote Code Execution Vulnerability 2024-07-09 7.1 CVE-2024-38032
secure@microsoft.com microsoft — windows_10_21h2
  Win32k Elevation of Privilege Vulnerability 2024-07-09 7.8 CVE-2024-38059
secure@microsoft.com microsoft — windows_11_21h2
  Xbox Wireless Adapter Remote Code Execution Vulnerability 2024-07-09 7.5 CVE-2024-38078
secure@microsoft.com microsoft — windows_11_21h2
  Windows Hyper-V Elevation of Privilege Vulnerability 2024-07-09 7.8 CVE-2024-38080
secure@microsoft.com microsoft — windows_server_2008
  Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability 2024-07-09 9.8 CVE-2024-38074
secure@microsoft.com microsoft — windows_server_2008
  Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability 2024-07-09 9.8 CVE-2024-38077
secure@microsoft.com microsoft — windows_server_2008
  Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability 2024-07-09 7.5 CVE-2024-38031
secure@microsoft.com microsoft — windows_server_2008
  Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability 2024-07-09 7.5 CVE-2024-38067
secure@microsoft.com microsoft — windows_server_2008
  Windows Remote Desktop Licensing Service Denial of Service Vulnerability 2024-07-09 7.5 CVE-2024-38071
secure@microsoft.com microsoft — windows_server_2008
  Windows Remote Desktop Licensing Service Denial of Service Vulnerability 2024-07-09 7.5 CVE-2024-38073
secure@microsoft.com microsoft — windows_server_2012
  Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability 2024-07-09 7.5 CVE-2024-38015
secure@microsoft.com microsoft — windows_server_2012
  DHCP Server Service Remote Code Execution Vulnerability 2024-07-09 7.2 CVE-2024-38044
secure@microsoft.com microsoft — windows_server_2016
  Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability 2024-07-09 9.8 CVE-2024-38076
secure@microsoft.com microsoft — windows_server_2016
  Windows Remote Desktop Licensing Service Denial of Service Vulnerability 2024-07-09 7.5 CVE-2024-38072
secure@microsoft.com microsoft — windows_server_2016
  Windows File Explorer Elevation of Privilege Vulnerability 2024-07-09 7.8 CVE-2024-38100
secure@microsoft.com Microsoft–.NET 8.0
  .NET and Visual Studio Remote Code Execution Vulnerability 2024-07-09 8.1 CVE-2024-35264
secure@microsoft.com Microsoft–.NET 8.0
  .NET Core and Visual Studio Denial of Service Vulnerability 2024-07-09 7.5 CVE-2024-30105
secure@microsoft.com Microsoft–Azure DevOps Server 2022
  Azure DevOps Server Spoofing Vulnerability 2024-07-09 7.6 CVE-2024-35266
secure@microsoft.com Microsoft–Azure DevOps Server 2022
  Azure DevOps Server Spoofing Vulnerability 2024-07-09 7.6 CVE-2024-35267
secure@microsoft.com Microsoft–Azure Network Watcher VM Extension
  Azure Network Watcher VM Extension Elevation of Privilege Vulnerability 2024-07-09 7.8 CVE-2024-35261
secure@microsoft.com Microsoft–Microsoft Dynamics 365 (on-premises) version 9.1
  Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability 2024-07-09 7.3 CVE-2024-30061
secure@microsoft.com Microsoft–Microsoft SharePoint Enterprise Server 2016
  Microsoft SharePoint Server Information Disclosure Vulnerability 2024-07-09 7.5 CVE-2024-32987
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-20701
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-21308
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-21317
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-21331
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-21332
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-21333
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-21335
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-21373
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-21398
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-21414
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-21415
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-21428
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-21449
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-28928
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-35256
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-35271
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-35272
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-37319
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-37320
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-37321
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-37322
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-37323
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-37326
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-37327
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-37328
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-37329
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-37330
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-37331
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-37332
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-37333
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-37336
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-38087
secure@microsoft.com Microsoft–Microsoft SQL Server 2017 (GDR)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-38088
secure@microsoft.com Microsoft–Microsoft SQL Server 2019 (GDR)
  Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-37334
secure@microsoft.com Microsoft–Microsoft SQL Server 2019 for x64-based Systems (CU 27)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-21425
secure@microsoft.com Microsoft–Microsoft SQL Server 2019 for x64-based Systems (CU 27)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-37318
secure@microsoft.com Microsoft–Microsoft SQL Server 2022 for (CU 13)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-21303
secure@microsoft.com Microsoft–Microsoft SQL Server 2022 for (CU 13)
  SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-37324
secure@microsoft.com Microsoft–Microsoft Visual Studio 2022 version 17.4
  .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability 2024-07-09 7.3 CVE-2024-38081
secure@microsoft.com Microsoft–Windows 10 Version 1809
  Windows Text Services Framework Elevation of Privilege Vulnerability 2024-07-10 8.8 CVE-2024-21417
secure@microsoft.com Microsoft–Windows 10 Version 1809
  Secure Boot Security Feature Bypass Vulnerability 2024-07-09 8.8 CVE-2024-28899
secure@microsoft.com Microsoft–Windows 10 Version 1809
  Windows MultiPoint Services Remote Code Execution Vulnerability 2024-07-09 8.8 CVE-2024-30013
secure@microsoft.com Microsoft–Windows 10 Version 1809
  Secure Boot Security Feature Bypass Vulnerability 2024-07-09 8 CVE-2024-37969
secure@microsoft.com Microsoft–Windows 10 Version 1809
  Secure Boot Security Feature Bypass Vulnerability 2024-07-09 8 CVE-2024-37970
secure@microsoft.com Microsoft–Windows 10 Version 1809
  Secure Boot Security Feature Bypass Vulnerability 2024-07-09 8 CVE-2024-37971
secure@microsoft.com Microsoft–Windows 10 Version 1809
  Secure Boot Security Feature Bypass Vulnerability 2024-07-09 8 CVE-2024-37972
secure@microsoft.com Microsoft–Windows 10 Version 1809
  Secure Boot Security Feature Bypass Vulnerability 2024-07-09 8.4 CVE-2024-37973
secure@microsoft.com Microsoft–Windows 10 Version 1809
  Secure Boot Security Feature Bypass Vulnerability 2024-07-09 8 CVE-2024-37974
secure@microsoft.com Microsoft–Windows 10 Version 1809
  Secure Boot Security Feature Bypass Vulnerability 2024-07-09 8 CVE-2024-37975
secure@microsoft.com Microsoft–Windows 10 Version 1809
  Secure Boot Security Feature Bypass Vulnerability 2024-07-09 8 CVE-2024-37981
secure@microsoft.com Microsoft–Windows 10 Version 1809
  Secure Boot Security Feature Bypass Vulnerability 2024-07-09 8.4 CVE-2024-37984
secure@microsoft.com Microsoft–Windows 10 Version 1809
  Windows Remote Access Connection Manager Elevation of Privilege Vulnerability 2024-07-09 7.8 CVE-2024-30079
secure@microsoft.com Microsoft–Windows 10 Version 1809
  Windows NTLM Spoofing Vulnerability 2024-07-09 7.1 CVE-2024-30081
secure@microsoft.com Microsoft–Windows 10 Version 1809
  Windows Cryptographic Services Security Feature Bypass Vulnerability 2024-07-09 7.5 CVE-2024-30098
secure@microsoft.com Microsoft–Windows 11 version 22H2
  Secure Boot Security Feature Bypass Vulnerability 2024-07-09 8 CVE-2024-37978
secure@microsoft.com Microsoft–Windows Server 2022
  Secure Boot Security Feature Bypass Vulnerability 2024-07-09 8 CVE-2024-37977
secure@microsoft.com Mozilla–Firefox
  A mismatch between allocator and deallocator could have lead to memory corruption. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13. 2024-07-09 9.8 CVE-2024-6602
security@mozilla.org
security@mozilla.org
security@mozilla.org Mozilla–Firefox
  Clipboard code failed to check the index on an array access. This could have lead to an out-of-bounds read. This vulnerability affects Firefox < 128. 2024-07-09 9.8 CVE-2024-6606
security@mozilla.org
security@mozilla.org Mozilla–Firefox
  A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128. 2024-07-09 9.8 CVE-2024-6611
security@mozilla.org
security@mozilla.org Mozilla–Firefox
  In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128 and Firefox ESR < 115.13. 2024-07-09 7.4 CVE-2024-6603
security@mozilla.org
security@mozilla.org
security@mozilla.org N.O.U.S. Open Useful and Simple–Event post
  Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in N.O.U.S. Open Useful and Simple Event post allows PHP Local File Inclusion.This issue affects Event post: from n/a through 5.9.5. 2024-07-12 7.5 CVE-2024-38735
audit@patchstack.com n/a–@discordjs/opus
  All versions of the package @discordjs/opus are vulnerable to Denial of Service (DoS) due to providing an input object with a property toString to several different functions. Exploiting this vulnerability could lead to a system crash. 2024-07-10 7.5 CVE-2024-21521
report@snyk.io
report@snyk.io
report@snyk.io n/a–audify
  All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked for negative values. This can lead to a process crash. 2024-07-10 7.5 CVE-2024-21522
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io N/A–easyappointments
  A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user (admin) in the system. This results in privilege escalation. 2024-07-09 9.9 CVE-2023-3287
psirt@paloaltonetworks.com N/A–easyappointments
  A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider). This results in unauthorized access and unauthorized data manipulation. 2024-07-09 9.9 CVE-2023-38048
psirt@paloaltonetworks.com N/A–easyappointments
  A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin). This results in unauthorized access and unauthorized data manipulation. 2024-07-09 9.9 CVE-2023-38049
psirt@paloaltonetworks.com N/A–easyappointments
  A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to fetch, modify or delete a webhook of any user (including admin). This results in unauthorized access and unauthorized data manipulation. 2024-07-09 9.1 CVE-2023-38050
psirt@paloaltonetworks.com N/A–easyappointments
  A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user to fetch, modify or delete a low privileged user (secretary). This results in unauthorized access and unauthorized data manipulation. 2024-07-09 9.9 CVE-2023-38051
psirt@paloaltonetworks.com N/A–easyappointments
  A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch, modify or delete a high privileged user (admin). This results in unauthorized access and unauthorized data manipulation. 2024-07-09 9.9 CVE-2023-38052
psirt@paloaltonetworks.com N/A–easyappointments
  A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to fetch, modify or delete the settings of any user (including admin). This results in unauthorized access and unauthorized data manipulation. 2024-07-09 9.9 CVE-2023-38053
psirt@paloaltonetworks.com N/A–easyappointments
  A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation. 2024-07-09 9.9 CVE-2023-38054
psirt@paloaltonetworks.com N/A–easyappointments
  A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). This results in unauthorized access and unauthorized data manipulation. 2024-07-09 9.6 CVE-2023-38055
psirt@paloaltonetworks.com N/A–easyappointments
  A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user (provider) in the system. This results in privilege escalation. 2024-07-09 8.5 CVE-2023-3288
psirt@paloaltonetworks.com N/A–easyappointments
  A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to fetch, modify or delete the category of any user (including admin). This results in unauthorized access and unauthorized data manipulation. 2024-07-09 8.5 CVE-2023-38047
psirt@paloaltonetworks.com N/A–easyappointments
  A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment for any user in the system (including admin). This results in unauthorized data manipulation. 2024-07-09 7.7 CVE-2023-3285
psirt@paloaltonetworks.com N/A–easyappointments
  A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user (secretary) in the system. This results in unauthorized data manipulation. 2024-07-09 7.7 CVE-2023-3286
psirt@paloaltonetworks.com N/A–easyappointments
  A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system (including admin). This results in unauthorized data manipulation. 2024-07-09 7.7 CVE-2023-3289
psirt@paloaltonetworks.com n/a–images
  All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash. **Note:** By providing some specific integer values (like 0) to the size function, it is possible to obtain a Segmentation fault error, leading to the process crash. 2024-07-10 7.5 CVE-2024-21523
report@snyk.io
report@snyk.io
report@snyk.io N/A–N/A
  A race condition vulnerability was discovered in how signals are handled by OpenSSH’s server (sshd). If a remote attacker does not authenticate within a set time period, then sshd’s SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server. 2024-07-08 7 CVE-2024-6409
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com n/a–n/a
  An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules). An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code execution on a BMC. 2024-07-11 9.8 CVE-2024-36435
cve@mitre.org n/a–n/a
  14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload. 2024-07-10 9.1 CVE-2024-37770
cve@mitre.org
cve@mitre.org n/a–n/a
  SQL injection vulnerability in processscore.php in Learning Management System Project In PHP With Source Code 1.0 allows attackers to execute arbitrary SQL commands via the id parameter. 2024-07-09 9.8 CVE-2024-37870
cve@mitre.org n/a–n/a
  Fujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in send_event.php. 2024-07-09 9.8 CVE-2024-39071
cve@mitre.org n/a–n/a
  A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, Exynos Modem 5300 that allows an out-of-bounds write in the heap in 2G (no auth). 2024-07-09 8.1 CVE-2023-50805
cve@mitre.org
cve@mitre.org n/a–n/a
  A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850 Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380 Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, Exynos Modem 5300 that allows out-of-bounds access to a heap buffer in the SIM Proactive Command. 2024-07-09 8.4 CVE-2023-50806
cve@mitre.org
cve@mitre.org n/a–n/a
  A vulnerability was discovered in Samsung Wearable Processor and Modems with versions Exynos 9110, Exynos Modem 5123, Exynos Modem 5300 that allows an out-of-bounds write in the heap in 2G (no auth). 2024-07-09 8.1 CVE-2023-50807
cve@mitre.org
cve@mitre.org n/a–n/a
  A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, and Exynos Modem 5300 that involves incorrect authorization of LTE NAS messages and leads to downgrading to lower network generations and repeated DDOS. 2024-07-09 8.1 CVE-2024-29153
cve@mitre.org
cve@mitre.org n/a–n/a
  An issue in Outline <= v0.76.1 allows attackers to execute a session hijacking attack via user interaction with a crafted magic sign-in link. 2024-07-09 8.8 CVE-2024-37829
cve@mitre.org n/a–n/a
  SQL injection vulnerability in login.php in Itsourcecode Online Discussion Forum Project in PHP with Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the email parameter. 2024-07-09 8.2 CVE-2024-37871
cve@mitre.org n/a–n/a
  SQL injection vulnerability in process.php in Itsourcecode Billing System in PHP 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. 2024-07-09 8.1 CVE-2024-37872
cve@mitre.org n/a–n/a
  idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=add&nohrefStr=close 2024-07-09 8.8 CVE-2024-40036
cve@mitre.org n/a–n/a
  idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=backup 2024-07-10 8.8 CVE-2024-40329
cve@mitre.org n/a–n/a
  idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/dbBakMySQL_deal.php?mudi=backup 2024-07-10 8.8 CVE-2024-40331
cve@mitre.org n/a–n/a
  idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=del&dataID=2 2024-07-10 8.8 CVE-2024-40333
cve@mitre.org n/a–n/a
  Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms. 2024-07-09 7.5 CVE-2024-36676
cve@mitre.org
cve@mitre.org
cve@mitre.org n/a–n/a
  An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets. 2024-07-10 7.5 CVE-2024-38875
cve@mitre.org
cve@mitre.org
cve@mitre.org n/a–node-stringbuilder
  All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. It’s possible to return previously allocated memory, for example, by providing negative indexes, leading to an Information Disclosure. 2024-07-10 8.2 CVE-2024-21524
report@snyk.io
report@snyk.io
report@snyk.io n/a–node-twain
  All versions of the package node-twain are vulnerable to Improper Check or Handling of Exceptional Conditions due to the length of the source data not being checked. Creating a new twain.TwainSDK with a productName or productFamily, manufacturer, version.info property of length >= 34 chars leads to a buffer overflow vulnerability. 2024-07-10 8.3 CVE-2024-21525
report@snyk.io
report@snyk.io n/a–speaker
  All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash. 2024-07-10 7.5 CVE-2024-21526
report@snyk.io
report@snyk.io NAVER–NAVER Whale browser
  Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension. 2024-07-11 9.6 CVE-2024-40618
cve@navercorp.com neutrinolabs–xrdp
  xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts. 2024-07-12 7.2 CVE-2024-39917
security-advisories@github.com
security-advisories@github.com nikolaystrikhar–Gutenberg Forms WordPress Form Builder Plugin
  The Gutenberg Forms plugin for WordPress is vulnerable to arbitrary file uploads due to the users can specify the allowed file types in the ‘upload’ function in versions up to, and including, 2.2.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. 2024-07-09 9.8 CVE-2024-6313
security@wordfence.com
security@wordfence.com
security@wordfence.com NooTheme–Jobmonster
  Improper Privilege Management vulnerability in NooTheme Jobmonster allows Privilege Escalation.This issue affects Jobmonster: from n/a through 4.7.0. 2024-07-12 9.8 CVE-2024-37927
audit@patchstack.com NooTheme–Jobmonster
  Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in NooTheme Jobmonster allows File Manipulation.This issue affects Jobmonster: from n/a through 4.7.0. 2024-07-12 8.6 CVE-2024-37928
audit@patchstack.com oisf — suricata
  Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6 or 6.0.20. When using af-packet, enable `defrag` to reduce the scope of the problem. 2024-07-11 7.5 CVE-2024-37151
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com oisf — suricata
  Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue. 2024-07-11 7.5 CVE-2024-38534
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com oisf — suricata
  Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6. 2024-07-11 7.5 CVE-2024-38535
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com oisf — suricata
  Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory allocation failure due to `http.memcap` being reached leads to a NULL-ptr reference leading to a crash. Upgrade to 7.0.6. 2024-07-11 7.5 CVE-2024-38536
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com openvpn — openvpn
  OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service. 2024-07-08 9.8 CVE-2024-27903
security@openvpn.net
security@openvpn.net
security@openvpn.net openvpn — openvpn
  The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service. 2024-07-08 7.5 CVE-2024-24974
security@openvpn.net
security@openvpn.net
security@openvpn.net openvpn — openvpn
  The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges. 2024-07-08 7.8 CVE-2024-27459
security@openvpn.net
security@openvpn.net
security@openvpn.net OpenVPN–tap-windows6
  tap-windows6 driver version 9.26 and earlier does not properly check the size data of incomming write operations which an attacker can use to overflow memory buffers, resulting in a bug check and potentially arbitrary code execution in kernel space 2024-07-08 9.8 CVE-2024-1305
security@openvpn.net
security@openvpn.net Paid Memberships Pro–Paid Memberships Pro
  Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 3.0.5. 2024-07-09 7.6 CVE-2024-37486
audit@patchstack.com pandavideo–Panda Video
  The Panda Video plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.0 via the ‘selected_button’ parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. 2024-07-09 8.8 CVE-2024-5456
security@wordfence.com
security@wordfence.com parorrey — json_api_user
  The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.9.3. This is due to improper controls on custom user meta fields. This makes it possible for unauthenticated attackers to register as administrators on the site. The plugin requires the JSON API plugin to also be installed. 2024-07-11 9.8 CVE-2024-6624
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com PayPlus LTD–PayPlus Payment Gateway
  Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in PayPlus LTD PayPlus Payment Gateway.This issue affects PayPlus Payment Gateway: from n/a through 7.0.7. 2024-07-12 8.5 CVE-2024-37564
audit@patchstack.com Pepperl+Fuchs–OIT1500-F113-B12-CB
  An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data. 2024-07-10 9.8 CVE-2024-6422
info@cert.vde.com Pepperl+Fuchs–OIT1500-F113-B12-CB
  An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service. 2024-07-10 7.5 CVE-2024-6421
info@cert.vde.com photoweblog–OSM OpenStreetMap
  The OSM – OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the ‘tagged_filter’ attribute of the ‘osm_map_v3’ shortcode in all versions up to, and including, 6.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-07-09 9.9 CVE-2024-3604
security@wordfence.com
security@wordfence.com phpvibe — phpvibe
  Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix. 2024-07-09 9.8 CVE-2024-39171
cve@mitre.org
cve@mitre.org pjgalbraith–Default Thumbnail Plus
  The Default Thumbnail Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘get_cache_image’ function in all versions up to, and including, 1.0.2.3. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site’s server which may make remote code execution possible. 2024-07-09 8.8 CVE-2024-6161
security@wordfence.com
security@wordfence.com PluginsWare–Advanced Classifieds & Directory Pro
  Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in PluginsWare Advanced Classifieds & Directory Pro allows Path Traversal.This issue affects Advanced Classifieds & Directory Pro: from n/a through 3.1.3. 2024-07-09 8.5 CVE-2024-37501
audit@patchstack.com praveen-rajan–Attachment File Icons (AF Icons)
  The Attachment File Icons (AF Icons) plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.3. This is due to missing nonce validation in the ‘afi_overview’ function and missing file type validation in the ‘upload_icons’ function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-07-09 8.8 CVE-2024-6309
security@wordfence.com
security@wordfence.com
security@wordfence.com publiccms — publiccms
  PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/ueditor?action=catchimage. 2024-07-12 8.8 CVE-2024-40543
cve@mitre.org publiccms — publiccms
  PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/#maintenance_sysTask/edit. 2024-07-12 8.8 CVE-2024-40544
cve@mitre.org publiccms — publiccms
  An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. 2024-07-12 8.8 CVE-2024-40545
cve@mitre.org publiccms — publiccms
  An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. 2024-07-12 8.8 CVE-2024-40546
cve@mitre.org publiccms — publiccms
  An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. 2024-07-12 8.8 CVE-2024-40548
cve@mitre.org publiccms — publiccms
  An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlace of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. 2024-07-12 8.8 CVE-2024-40549
cve@mitre.org publiccms — publiccms
  An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. 2024-07-12 8.8 CVE-2024-40550
cve@mitre.org publiccms — publiccms
  An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. 2024-07-12 8.8 CVE-2024-40551
cve@mitre.org publiccms — publiccms
  PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java. 2024-07-12 8.8 CVE-2024-40552
cve@mitre.org realtek — rtl819x_jungle_software_development_kit
  A cross-site request forgery (csrf) vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network request can lead to CSRF. An attacker can send an HTTP request to trigger this vulnerability. 2024-07-08 8.8 CVE-2023-47677
talos-cna@cisco.com realtek — rtl819x_jungle_software_development_kit
  A firmware update vulnerability exists in the boa formUpload functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network packets can lead to arbitrary firmware update. An attacker can provide a malicious file to trigger this vulnerability. 2024-07-08 7.2 CVE-2023-34435
talos-cna@cisco.com realtek — rtl819x_jungle_software_development_kit
  A stack-based buffer overflow vulnerability exists in the boa formRoute functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. 2024-07-08 7.2 CVE-2023-41251
talos-cna@cisco.com realtek — rtl819x_jungle_software_development_kit
  A stack-based buffer overflow vulnerability exists in the boa setRepeaterSsid functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability. 2024-07-08 7.2 CVE-2023-45215
talos-cna@cisco.com realtek — rtl819x_jungle_software_development_kit
  An integer overflow vulnerability exists in the boa updateConfigIntoFlash functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability. 2024-07-08 7.2 CVE-2023-45742
talos-cna@cisco.com realtek — rtl819x_jungle_software_development_kit
  A stack-based buffer overflow vulnerability exists in the boa set_RadvdPrefixParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. 2024-07-08 7.2 CVE-2023-47856
talos-cna@cisco.com realtek — rtl819x_jungle_software_development_kit
  A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability. 2024-07-08 7.2 CVE-2023-48270
talos-cna@cisco.com realtek — rtl819x_jungle_software_development_kit
  A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability. 2024-07-08 7.2 CVE-2023-49073
talos-cna@cisco.com realtek — rtl819x_jungle_software_development_kit
  A stack-based buffer overflow vulnerability exists in the boa rollback_control_code functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability. 2024-07-08 7.2 CVE-2023-49595
talos-cna@cisco.com realtek — rtl819x_jungle_software_development_kit
  A stack-based buffer overflow vulnerability exists in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability. 2024-07-08 7.2 CVE-2023-49867
talos-cna@cisco.com realtek — rtl819x_jungle_software_development_kit
  Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `interfacename` request’s parameter. 2024-07-08 7.2 CVE-2023-50239
talos-cna@cisco.com realtek — rtl819x_jungle_software_development_kit
  Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `AdvDefaultPreference` request’s parameter. 2024-07-08 7.2 CVE-2023-50240
talos-cna@cisco.com realtek — rtl819x_jungle_software_development_kit
  Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `comment` request’s parameter. 2024-07-08 7.2 CVE-2023-50243
talos-cna@cisco.com realtek — rtl819x_jungle_software_development_kit
  Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `entry_name` request’s parameter. 2024-07-08 7.2 CVE-2023-50244
talos-cna@cisco.com realtek — rtl819x_jungle_software_development_kit
  A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability. 2024-07-08 7.2 CVE-2023-50330
talos-cna@cisco.com realtek — rtl819x_jungle_software_development_kit
  Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `targetAPSsid` request’s parameter. 2024-07-08 7.2 CVE-2023-50381
talos-cna@cisco.com realtek — rtl819x_jungle_software_development_kit
  Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `peerPin` request’s parameter. 2024-07-08 7.2 CVE-2023-50382
talos-cna@cisco.com realtek — rtl819x_jungle_software_development_kit
  Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `localPin` request’s parameter. 2024-07-08 7.2 CVE-2023-50383
talos-cna@cisco.com realtek — rtl819x_jungle_software_development_kit
  A heap-based buffer overflow vulnerability exists in the configuration file mib_init_value_array functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted .dat file can lead to arbitrary code execution. An attacker can upload a malicious file to trigger this vulnerability. 2024-07-08 7.2 CVE-2024-21778
talos-cna@cisco.com Realtyna–Realtyna Organic IDX plugin
  Unrestricted Upload of File with Dangerous Type vulnerability in Realtyna Realtyna Organic IDX plugin allows Code Injection.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.13. 2024-07-12 9.1 CVE-2024-38736
audit@patchstack.com Red Hat–Red Hat JBoss Enterprise Application Platform 8
  A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0rn termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios. 2024-07-08 7.5 CVE-2024-5971
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com rmac0001–IQ Testimonials
  The IQ Testimonials plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the ‘process_image_upload’ function in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. This can only be exploited if the ‘gd’ php extension is not loaded on the server. 2024-07-09 9.8 CVE-2024-6314
security@wordfence.com
security@wordfence.com samsung — exynos_1280_firmware
  A vulnerability was discovered in Samsung Mobile Processors Exynos 1280, Exynos 2200, Exynos 1330, Exynos 1380, and Exynos 2400 where they do not properly check the length of the data, which can lead to a Information disclosure. 2024-07-09 7.5 CVE-2024-27362
cve@mitre.org
cve@mitre.org samsung — exynos_2200_firmware
  A vulnerability was discovered in Samsung Mobile Processors Exynos 2200 and Exynos 2400 where they lack a check for the validation of native handles, which can result in a DoS(Denial of Service) attack by unmapping an invalid length. 2024-07-09 7.5 CVE-2024-31957
cve@mitre.org
cve@mitre.org samsung — exynos_850_firmware
  A vulnerability was discovered in Samsung Mobile Processors Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, and Exynos W930 where they do not properly check length of the data, which can lead to a Denial of Service. 2024-07-09 7.5 CVE-2024-27360
cve@mitre.org
cve@mitre.org SAP_SE–SAP Commerce
  In SAP Commerce, a user can misuse the forgotten password functionality to gain access to a Composable Storefront B2B site for which early login and registration is activated, without requiring the merchant to approve the account beforehand. If the site is not configured as isolated site, this can also grant access to other non-isolated early login sites, even if registration is not enabled for those other sites. 2024-07-09 7.2 CVE-2024-39597
cna@sap.com
cna@sap.com SAP_SE–SAP PDCE
  Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This allows an attacker to read sensitive information causing high impact on the confidentiality of the application. 2024-07-09 7.7 CVE-2024-39592
cna@sap.com
cna@sap.com schneider-electric — ecostruxure_foxboro_dcs_control_core_services
  CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, or kernel memory leak when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. 2024-07-11 7.1 CVE-2024-5679
cybersecurity@se.com schneider-electric — ecostruxure_foxboro_dcs_control_core_services
  CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. 2024-07-11 7.8 CVE-2024-5681
cybersecurity@se.com schneider-electric — foxrtu_station
  CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has been tampered by a malicious actor. 2024-07-11 7.8 CVE-2024-2602
cybersecurity@se.com schneider-electric — whc-5918a_firmware
  CWE-200: Information Exposure vulnerability exists that could cause disclosure of credentials when a specially crafted message is sent to the device. 2024-07-11 7.5 CVE-2024-6407
cybersecurity@se.com seacms — seacms
  SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. 2024-07-12 8.8 CVE-2024-40518
cve@mitre.org seacms — seacms
  SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. 2024-07-12 8.8 CVE-2024-40519
cve@mitre.org seacms — seacms
  SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_config_mark.php directly splicing and writing the user input data into inc_photowatermark_config.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. 2024-07-12 8.8 CVE-2024-40520
cve@mitre.org seacms — seacms
  SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admin_template.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. 2024-07-12 8.8 CVE-2024-40521
cve@mitre.org seacms — seacms
  There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit this vulnerability to execute arbitrary commands and obtain system permissions. 2024-07-12 8.8 CVE-2024-40522
cve@mitre.org Seraphinite Solutions–Seraphinite Accelerator (Full, premium)
  Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutions Seraphinite Accelerator (Full, premium).This issue affects Seraphinite Accelerator (Full, premium): from n/a through 2.21.13. 2024-07-12 7.4 CVE-2024-37940
audit@patchstack.com ServiceNow–Now Platform
  ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible. 2024-07-10 9.8 CVE-2024-4879
psirt@servicenow.com
psirt@servicenow.com ServiceNow–Now Platform
  ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible. 2024-07-10 9.8 CVE-2024-5217
psirt@servicenow.com
psirt@servicenow.com siemens — medicalis_workflow_orchestrator
  A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The affected application executes as a trusted account with high privileges and network access. This could allow an authenticated local attacker to escalate privileges. 2024-07-08 7.8 CVE-2024-37999
productcert@siemens.com Siemens–JT Open
  A vulnerability has been identified in JT Open (All versions < V11.5), PLM XML SDK (All versions < V7.1.0.014). The affected applications contain a stack based overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process. 2024-07-09 7.8 CVE-2024-37997
productcert@siemens.com Siemens–Mendix Encryption
  A vulnerability has been identified in Mendix Encryption (All versions >= V10.0.0 < V10.0.2). Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant, which is used in projects where no individual EncryptionKey was specified. This could allow to an attacker to decrypt any encrypted project data, as the default encryption key can be considered compromised. 2024-07-09 7.5 CVE-2024-39888
productcert@siemens.com Siemens–RUGGEDCOM i800
  A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The web server of the affected devices allow a low privileged user to access hashes and password salts of all system’s users, including admin users. An attacker could use the obtained information to brute force the passwords offline. 2024-07-09 7.5 CVE-2023-52237
productcert@siemens.com Siemens–RUGGEDCOM RMC30
  A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (All versions < V4.3.10), RUGGEDCOM RP110 (All versions < V4.3.10), RUGGEDCOM RP110NC (All versions < V4.3.10), RUGGEDCOM RS400 (All versions < V4.3.10), RUGGEDCOM RS400NC (All versions < V4.3.10), RUGGEDCOM RS401 (All versions < V4.3.10), RUGGEDCOM RS401NC (All versions < V4.3.10), RUGGEDCOM RS416 (All versions < V4.3.10), RUGGEDCOM RS416NC (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416P (All versions < V4.3.10), RUGGEDCOM RS416PNC (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS910 (All versions < V4.3.10), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910LNC (All versions), RUGGEDCOM RS910NC (All versions < V4.3.10), RUGGEDCOM RS910W (All versions < V4.3.10), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920LNC (All versions), RUGGEDCOM RS920W (All versions). In some configurations the affected products wrongly enable the Modbus service in non-managed VLANS. Only serial devices are affected by this vulnerability. 2024-07-09 8.8 CVE-2024-39675
productcert@siemens.com Siemens–SIMATIC PCS neo V4.0
  A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions < V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. This is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300. 2024-07-09 7.8 CVE-2022-45147
productcert@siemens.com Siemens–Simcenter Femap
  A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS part file. This could allow an attacker to execute code in the context of the current process. 2024-07-09 7.8 CVE-2024-32056
productcert@siemens.com Siemens–Simcenter Femap
  A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process. 2024-07-09 7.8 CVE-2024-33653
productcert@siemens.com Siemens–Simcenter Femap
  A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process. 2024-07-09 7.8 CVE-2024-33654
productcert@siemens.com Siemens–SINEMA Remote Connect Client
  A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges. 2024-07-09 7.8 CVE-2024-39567
productcert@siemens.com Siemens–SINEMA Remote Connect Client
  A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading proxy configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges. 2024-07-09 7.8 CVE-2024-39568
productcert@siemens.com Siemens–SINEMA Remote Connect Server
  A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly assign rights to temporary files created during its update process. This could allow an authenticated attacker with the ‘Manage firmware updates’ role to escalate their privileges on the underlying OS level. 2024-07-09 9.6 CVE-2024-39872
productcert@siemens.com Siemens–SINEMA Remote Connect Server
  A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading VxLAN configurations. This could allow an authenticated attacker to execute arbitrary code with root privileges. 2024-07-09 8.8 CVE-2024-39570
productcert@siemens.com Siemens–SINEMA Remote Connect Server
  A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading SNMP configurations. This could allow an attacker with the right to modify the SNMP configuration to execute arbitrary code with root privileges. 2024-07-09 8.8 CVE-2024-39571
productcert@siemens.com Siemens–SINEMA Remote Connect Server
  A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. As part of this backup, files can be restored without correctly checking the path of the restored file. This could allow an attacker with access to the backup encryption key to upload malicious files, that could potentially lead to remote code execution. 2024-07-09 8.8 CVE-2024-39865
productcert@siemens.com Siemens–SINEMA Remote Connect Server
  A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files to create a user with administrative privileges. 2024-07-09 8.8 CVE-2024-39866
productcert@siemens.com Siemens–SINEMA Remote Connect Server
  A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit device configuration information of devices for which they have no privileges. 2024-07-09 7.6 CVE-2024-39867
productcert@siemens.com Siemens–SINEMA Remote Connect Server
  A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit VxLAN configuration information of networks for which they have no privileges. 2024-07-09 7.6 CVE-2024-39868
productcert@siemens.com Siemens–SINEMA Remote Connect Server
  A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its web API. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks. 2024-07-09 7.5 CVE-2024-39873
productcert@siemens.com Siemens–SINEMA Remote Connect Server
  A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its Client Communication component. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks. 2024-07-09 7.5 CVE-2024-39874
productcert@siemens.com Smartypants–SP Project & Document Manager
  Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Smartypants SP Project & Document Manager allows Path Traversal.This issue affects SP Project & Document Manager: from n/a through 4.71. 2024-07-09 7.5 CVE-2024-37224
audit@patchstack.com smub–User Feedback Create Interactive Feedback Form, User Surveys, and Polls in Seconds
  The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name parameter in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in feedback form responses that will execute whenever a high-privileged user tries to view them. 2024-07-12 7.2 CVE-2024-5902
security@wordfence.com
security@wordfence.com SpreadsheetConverter–Import Spreadsheets from Microsoft Excel
  Unrestricted Upload of File with Dangerous Type vulnerability in SpreadsheetConverter Import Spreadsheets from Microsoft Excel allows Code Injection.This issue affects Import Spreadsheets from Microsoft Excel: from n/a through 10.1.4. 2024-07-12 9.1 CVE-2024-38734
audit@patchstack.com Spring by VMware Tanzu–Spring Cloud Function Framework
  In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Spring Cloud Function Web module Affected Spring Products and Versions Spring Cloud Function Framework 4.1.0 to 4.1.2 4.0.0 to 4.0.8 References https://spring.io/security/cve-2022-22979   https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/  History 2020-01-16: Initial vulnerability report published. 2024-07-09 8.2 CVE-2024-22271
security@vmware.com StylemixThemes–Masterstudy Elementor Widgets
  Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in StylemixThemes Masterstudy Elementor Widgets, StylemixThemes Consulting Elementor Widgets.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2; Consulting Elementor Widgets: from n/a through 1.3.0. 2024-07-09 8.5 CVE-2024-37090
audit@patchstack.com
audit@patchstack.com subratamal–Wallet for WooCommerce
  The Wallet for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘search[value]’ parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-07-12 8.8 CVE-2024-6353
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com Tencent–RapidJSON
  Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege. 2024-07-09 7.8 CVE-2024-38517
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com Tencent–RapidJSON
  Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer overflow vulnerability (when the file is parsed), leading to elevation of privilege. 2024-07-09 7.8 CVE-2024-39684
security-advisories@github.com tenda — ac8v4_firmware
  Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with x0. After executing set_client_qos, control over the gp register can be obtained. 2024-07-09 9.8 CVE-2023-48194
cve@mitre.org
cve@mitre.org themeenergy–BookYourTravel
  Improper Privilege Management vulnerability in themeenergy BookYourTravel allows Privilege Escalation.This issue affects BookYourTravel: from n/a through 8.18.17. 2024-07-09 8.8 CVE-2024-37952
audit@patchstack.com Themeum–Tutor LMS
  Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.1. 2024-07-09 7.6 CVE-2024-37256
audit@patchstack.com Themewinter–WPCafe
  Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Themewinter WPCafe allows Path Traversal.This issue affects WPCafe: from n/a through 2.2.27. 2024-07-09 8.5 CVE-2024-37513
audit@patchstack.com Unknown–ContentLock
  The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when deleting groups or emails, which could allow attackers to make a logged in admin remove them via a CSRF attack 2024-07-12 8.8 CVE-2024-6024
contact@wpscan.com Unknown–SEOPress 
  The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another Object Injection vulnerability can allow unauthenticated attackers to unserialize malicious gadget chains, compromising the site if a suitable chain is present. 2024-07-09 9.8 CVE-2024-5488
contact@wpscan.com unlimited-elements — unlimited_elements_for_elementor_(free_widgets,_addons,_templates)
  The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘addons_order’ parameter in all versions up to, and including, 1.5.112 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above and granted plugin setting edit permissions by an administrator, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-07-09 8.8 CVE-2024-6166
security@wordfence.com
security@wordfence.com
security@wordfence.com vercel–next.js
  Next.js is a React framework. A Denial of Service (DoS) condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server. his vulnerability was resolved in Next.js 13.5 and later. 2024-07-10 7.5 CVE-2024-39693
security-advisories@github.com vmware — aria_automation
  VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database. 2024-07-11 8.1 CVE-2024-22280
security@vmware.com vnotex–vnote
  VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim’s system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example, file:///C:/WINDOWS/system32/cmd.exe. This allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as file:///C:/WINDOWS/system32/cmd.exe and file:///C:/WINDOWS/system32/calc.exe. This vulnerability can be exploited by creating and sharing specially crafted notes. An attacker could send a crafted note file and perform further attacks. This vulnerability is fixed in 3.18.1. 2024-07-11 8.8 CVE-2024-39904
security-advisories@github.com
security-advisories@github.com WatchGuard–Fireware OS
  A buffer overflow in WatchGuard Fireware OS could may allow an authenticated remote attacker with privileged management access to execute arbitrary code with system privileges on the firewall. This issue affects Fireware OS: from 11.9.6 through 12.10.3. 2024-07-09 7.2 CVE-2024-5974
5d1c2695-1a31-4499-88ae-e847036fd7e3 WatchGuard–Mobile VPN with SSL Client
  A local privilege escalation vlnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileged. 2024-07-09 7.8 CVE-2024-4944
5d1c2695-1a31-4499-88ae-e847036fd7e3 Webmin–Webmin
  Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploited, a console session may be hijacked by an unauthorized user. As a result, data within a system may be referred, a webpage may be altered, or a server may be permanently halted. 2024-07-10 8.8 CVE-2024-36451
vultures@jpcert.or.jp
vultures@jpcert.or.jp webnus — modern_events_calendar
  The Modern Events Calendar plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_featured_image function in all versions up to, and including, 7.11.0. This makes it possible for authenticated attackers, with subscriber access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. The plugin allows administrators (via its settings) to extend the ability to submit events to unauthenticated users, which would allow unauthenticated attackers to exploit this vulnerability. 2024-07-09 8.8 CVE-2024-5441
security@wordfence.com
security@wordfence.com wedevs — wp_erp
  The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendor_id’ parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Accounting Manager access (erp_ac_view_sales_summary capability) and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-07-11 8.8 CVE-2024-6666
security@wordfence.com
security@wordfence.com whisperfish–rust-phonenumber
  phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber, e.g. over the network, specifically strings of the form `+dwPAA;phone-context=AA`, where the “number” part potentially parses as a number larger than 2^56. This vulnerability is fixed in 0.3.6. 2024-07-09 8.6 CVE-2024-39697
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com widgetti–solara
  Solara is a pure Python, React-style framework for scaling Jupyter and web apps. A Local File Inclusion (LFI) vulnerability was identified in widgetti/solara, in version <1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application’s failure to properly validate URI fragments for directory traversal sequences such as ‘../’ when serving static files. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system. 2024-07-12 8.6 CVE-2024-39903
security-advisories@github.com
security-advisories@github.com woobewoo–Product Table by WBW
  The Product Table by WBW plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.1 via the ‘saveCustomTitle’ function. This is due to missing authorization and lack of sanitization of appended data in the languages/customTitle.php file. This makes it possible for unauthenticated attackers to execute code on the server. 2024-07-09 9.8 CVE-2024-6365
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com WPJohnny, zerOneIT–Comment Reply Email
  Cross-Site Request Forgery (CSRF) vulnerability in WPJohnny, zerOneIT Comment Reply Email allows Cross-Site Scripting (XSS).This issue affects Comment Reply Email: from n/a through 1.3. 2024-07-12 7.1 CVE-2024-35773
audit@patchstack.com wpvibes–Form Vibes Database Manager for Forms
  The Form Vibes plugin for WordPress is vulnerable to SQL Injection via the ‘fv_export_data’ parameter in all versions up to, and including, 1.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-07-12 8.8 CVE-2024-5325
security@wordfence.com
security@wordfence.com WPZita–Zita Elementor Site Library
  Unrestricted Upload of File with Dangerous Type vulnerability in WPZita Zita Elementor Site Library allows Upload a Web Shell to a Web Server.This issue affects Zita Elementor Site Library: from n/a through 1.6.1. 2024-07-09 9.9 CVE-2024-37420
audit@patchstack.com zealopensource–Generate PDF using Contact Form 7
  The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.0.6. This is due to missing nonce validation and missing file type validation in the ‘wp_cf7_pdf_dashboard_html_page’ function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-07-09 8.8 CVE-2024-6316
security@wordfence.com
security@wordfence.com zealopensource–Generate PDF using Contact Form 7
  The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.0.6. This is due to missing nonce validation and the plugin not properly validating a file or its path prior to deleting it in the ‘wp_cf7_pdf_dashboard_html_page’ function. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-07-09 8.8 CVE-2024-6317
security@wordfence.com
security@wordfence.com ZealousWeb–Generate PDF using Contact Form 7
  Unrestricted Upload of File with Dangerous Type vulnerability in ZealousWeb Generate PDF using Contact Form 7.This issue affects Generate PDF using Contact Form 7: from n/a through 4.0.6. 2024-07-09 9.1 CVE-2024-37555
audit@patchstack.com Zoho Marketing Automation–Zoho Marketing Automation
  Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Zoho Marketing Automation.This issue affects Zoho Marketing Automation: from n/a through 1.2.7. 2024-07-09 8.5 CVE-2024-37225
audit@patchstack.com