Synology–Synology Drive Client
  Insertion of sensitive information into log file vulnerability in proxy settings component in Synology Drive Client before 3.3.0-15082 allows remote authenticated users to obtain sensitive information via unspecified vectors. 2024-09-26 6.5 CVE-2022-49037 security@synology.com
  Synology–Synology Drive Client
  Out-of-bounds write vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to execute arbitrary commands via unspecified vectors. 2024-09-26 6.7 CVE-2022-49039 security@synology.com
  Cisco–IOS
  A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system through the web UI. This vulnerability is due to incorrectly accepting configuration changes through the HTTP GET method. An attacker could exploit this vulnerability by persuading a currently authenticated administrator to follow a crafted link. A successful exploit could allow the attacker to change the configuration of the affected device. 2024-09-25 6.5 CVE-2024-20414 ykramarz@cisco.com
  Cisco–Cisco Catalyst SD-WAN Manager
  A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface. 2024-09-25 6.4 CVE-2024-20475 ykramarz@cisco.com
  Cisco–Cisco SD-WAN vEdge Cloud
  A vulnerability in the UDP packet validation code of Cisco SD-WAN vEdge Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to incorrect handling of a specific type of malformed UDP packet. An attacker in a machine-in-the-middle position could exploit this vulnerability by sending crafted UDP packets to an affected device. A successful exploit could allow the attacker to cause the device to reboot, resulting in a DoS condition on the affected system. 2024-09-25 6.1 CVE-2024-20496 ykramarz@cisco.com
  Sony–XAV-AX5500
  Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of software updates. The issue results from the lack of proper validation of software update packages. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-22939 2024-09-23 6.8 CVE-2024-23922 cve@asrg.io
cve@asrg.io
  Alpine–Halo9
  Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPDM_wemCmdCreatSHA256Hash function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23105 2024-09-28 6.8 CVE-2024-23924 cve@asrg.io
  Sony–XAV-AX5500
  Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Apple CarPlay protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23238 2024-09-23 6.8 CVE-2024-23933 cve@asrg.io
cve@asrg.io
  Autel–MaxiCharger AC Elite Business C50
  Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BLE AppAuthenRequest command handler. The handler uses hardcoded credentials as a fallback in case of an authentication request failure. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-23196 2024-09-28 6.5 CVE-2024-23958 cve@asrg.io
  Alpine–Halo9
  Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPDM_wemCmdUpdFSpeDecomp function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23306 2024-09-28 6.8 CVE-2024-23961 cve@asrg.io
  Sony–XAV-AX5500
  Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the USB host driver. A crafted USB configuration descriptor can trigger an overflow of a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23185 2024-09-23 6.8 CVE-2024-23972 cve@asrg.io
cve@asrg.io
  n/a–n/a
  A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php. 2024-09-27 6.1 CVE-2024-25411 cve@mitre.org
cve@mitre.org
cve@mitre.org
  HCL Software–HCL Traveler for Microsoft Outlook
  The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is being flagged as potentially Malicious Software or an Unrecognized Application. 2024-09-26 6.7 CVE-2024-30134 psirt@hcl.com
  n/a–n/a
  Entrust Instant Financial Issuance (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library (i.e. DCG.Security.dll) with a custom AES encryption process that relies on static hard-coded key values. These keys are not uniquely generated per installation of the software. Combined with the encrypted password that can be obtained from “WebAPI.cfg.xml” in CVE-2024-39341, the decryption is trivial and can lead to privilege escalation on the Windows host. 2024-09-23 6.6 CVE-2024-39342 cve@mitre.org
cve@mitre.org
cve@mitre.org
  Advantech–ADAM-5630
  Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user. These commands allow for restarting the operating system, rebooting the hardware, and stopping the execution. The commands can be sent to a simple HTTP request and are executed by the device automatically, without discrimination of origin or level of privileges of the user sending the commands. 2024-09-27 6.3 CVE-2024-39364 ics-cert@hq.dhs.gov
  Unisoc (Shanghai) Technologies Co., Ltd.–T606/T612/T616/T610/T618/T760/T770/T820/S8000
  In drm service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. 2024-09-27 6.2 CVE-2024-39433 security@unisoc.com
  Unisoc (Shanghai) Technologies Co., Ltd.–T606/T612/T616/T610/T618/T760/T770/T820/S8000
  In drm service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. 2024-09-27 6.2 CVE-2024-39434 security@unisoc.com
  Unisoc (Shanghai) Technologies Co., Ltd.–SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
  In Logmanager service, there is a possible missing verification incorrect input. This could lead to local escalation of privilege with no additional execution privileges needed. 2024-09-27 6.5 CVE-2024-39435 security@unisoc.com
  n/a–n/a
  A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs. 2024-09-23 6.7 CVE-2024-39843 cve@mitre.org
cve@mitre.org
  n/a–n/a
  An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via the model_attribs parameter. 2024-09-23 6.6 CVE-2024-40441 cve@mitre.org
cve@mitre.org
cve@mitre.org
  goTenna–Pro ATAK Plugin
  In the goTenna Pro ATAK Plugin there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing gotenna mesh networks. This vulnerability can be exploited if the device is being used in a unencrypted environment or if the cryptography has already been compromised. 2024-09-26 6.5 CVE-2024-41722 ics-cert@hq.dhs.gov
  ElementsKit–ElementsKit Pro
  Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in ElementsKit ElementsKit Pro allows PHP Local File Inclusion.This issue affects ElementsKit Pro: from n/a through 3.6.0. 2024-09-23 6.5 CVE-2024-43996 audit@patchstack.com
  wpWax–Product Carousel Slider & Grid Ultimate for WooCommerce
  Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce allows PHP Local File Inclusion.This issue affects Product Carousel Slider & Grid Ultimate for WooCommerce: from n/a through 1.9.10. 2024-09-23 6.5 CVE-2024-44048 audit@patchstack.com
  n/a–n/a
  Ubiquiti AirMax firmware version firmware version 8 allows attackers with physical access to gain a privileged command shell via the UART Debugging Port. 2024-09-23 6.6 CVE-2024-44540 cve@mitre.org
  Xiaomi–Xiaomi Router AX9000
  Xiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code. 2024-09-23 6.4 CVE-2024-45348 security@xiaomi.com
  goTenna–Pro ATAK Plugin
  The goTenna Pro ATAK Plugin does not use SecureRandom when generating its cryptographic keys. The random function in use is not suitable for cryptographic use. 2024-09-26 6.5 CVE-2024-45723 ics-cert@hq.dhs.gov
  n/a–n/a
  A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725’s Hospital Management System version 6.3.5. The vulnerability allows an attacker to craft a malicious HTML form that submits a request to delete a doctor record. By enticing an authenticated admin user to visit the specially crafted web page, the attacker can leverage the victim’s browser to make unauthorized requests to the vulnerable endpoint, effectively allowing the attacker to perform actions on behalf of the admin without their consent. 2024-09-26 6.3 CVE-2024-45983 cve@mitre.org
  n/a–n/a
  Cross Site Scripting vulnerability in CodeAstro Membership Management System 1.0 allows attackers to run malicious JavaScript via the membership_type field in the edit-type.php component. 2024-09-27 6.1 CVE-2024-46470 cve@mitre.org
cve@mitre.org
  n/a–n/a
  dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=addCate 2024-09-25 6.3 CVE-2024-46485 cve@mitre.org
  n/a–n/a
  A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user’s browser via a crafted payload or URL. 2024-09-25 6.1 CVE-2024-46655 cve@mitre.org
cve@mitre.org
  rocket.chat — rocket.chat
  Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting (XSS). Attackers may be able to abuse the UpdateOTRAck method to forge a message that contains an XSS payload. 2024-09-25 6.1 CVE-2024-46934 cve@mitre.org
cve@mitre.org
  mattermost — mattermost_server
  Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend. 2024-09-26 6.5 CVE-2024-47003 responsibledisclosure@mattermost.com
  rollup–rollup
  Rollup is a module bundler for JavaScript. Versions prior to 3.29.5 and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` (e.g., `import.meta.url`) in `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Versions 3.29.5 and 4.22.4 contain a patch for the vulnerability. 2024-09-23 6.1 CVE-2024-47068 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
  oveleon–contao-cookiebar
  Oveleon Cookie Bar is a cookie bar is for the Contao Open Source CMS and allows a visitor to define cookie & privacy settings for the website. Prior to versions 1.16.3 and 2.1.3, the `block/locale` endpoint does not properly sanitize the user-controlled `locale` input before including it in the backend’s HTTP response, thereby causing reflected cross-site scripting. Versions 1.16.3 and 2.1.3 contain a patch for the vulnerability. 2024-09-23 6.1 CVE-2024-47069 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
  layui–layui
  LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting (XSS) on web pages where attacker-controlled HTML elements (e.g., `img` tags with unsanitized `name` attributes) are present. Version 2.9.17 fixes this issue. 2024-09-26 6.4 CVE-2024-47075 security-advisories@github.com
security-advisories@github.com
  goauthentik–authentik
  authentik is an open-source identity provider. Prior to versions 2024.8.3 and 2024.6.5, access tokens issued to one application can be stolen by that application and used to impersonate the user against any other proxy provider. Also, a user can steal an access token they were legitimately issued for one application and use it to access another application that they aren’t allowed to access. Anyone who has more than one proxy provider application with different trust domains or different access control is affected. Versions 2024.8.3 and 2024.6.5 fix the issue. 2024-09-27 6.5 CVE-2024-47077 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
  ampache–ampache
  Ampache is a web based audio/video streaming application and file manager. Prior to version 6.6.0, the Democratic Playlist Name is vulnerable to a stored cross-site scripting. Version 6.6.0 fixes this issue. 2024-09-27 6.1 CVE-2024-47184 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
  filamentphp–filament
  Filament is a collection of full-stack components for Laravel development. Versions of Filament from v3.0.0 through v3.2.114 are affected by a cross-site scripting (XSS) vulnerability. If values passed to a `ColorColumn` or `ColumnEntry` are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a color column or entry is rendered. Filament v3.2.115 fixes this issue. 2024-09-27 6.1 CVE-2024-47186 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
  iredmail — iredadmin
  iRedAdmin before 2.6 allows XSS, e.g., via order_name. 2024-09-23 6.1 CVE-2024-47227 cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
  Huawei–HarmonyOS
  Path traversal vulnerability in the Bluetooth module Impact: Successful exploitation of this vulnerability may affect service confidentiality. 2024-09-27 6.2 CVE-2024-47292 psirt@huawei.com
  Livemesh–Livemesh Addons for Elementor
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Livemesh Livemesh Addons for Elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through 8.5. 2024-09-25 6.5 CVE-2024-47303 audit@patchstack.com
  javmah–Spreadsheet Integration Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table.
  The Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 3.7.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit post status, edit Google sheet integrations, and create Google sheet integrations. 2024-09-25 6.3 CVE-2024-6590 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  Microsoft–Windows 10
  A DLL Hijacking caused by drive remapping combined with a poisoning of the activation cache in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated attacker to elevate from a medium integrity process to a high integrity process without the intervention of a UAC prompt. 2024-09-26 6.7 CVE-2024-6769 df4dee71-de3a-4139-9588-11b62fe6c0ff
  Unknown–AI ChatBot with ChatGPT and Content Generator by AYS
  The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0. Multiple actions are accessible: ‘ays_chatgpt_disconnect’, ‘ays_chatgpt_connect’, and ‘ays_chatgpt_save_feedback’ 2024-09-27 6.5 CVE-2024-7714 contact@wpscan.com
  cguntur–WP Category Dropdown
  The WP Category Dropdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-09-25 6.4 CVE-2024-8103 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  princeahmed–Radio Player Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
  The Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the ‘wp:radio-player’ Gutenberg block in all versions up to, and including, 2.0.78 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-09-25 6.4 CVE-2024-8267 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  PaperCut–PaperCut NG, PaperCut MF
  An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the web-print.exe process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can be used to flood disk space and result in a Denial of Service (DoS) attack. Note: This CVE has been split from CVE-2024-4712. 2024-09-26 6.1 CVE-2024-8405 eb41dac7-0af8-4f84-9f6d-0272772514f4
  themesflat–Themesflat Addons For Elementor
  The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets like ‘TF E Slider Widget’, ‘TF Video Widget’, ‘TF Team Widget’ and more in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on URL attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-09-25 6.4 CVE-2024-8515 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  fatcatapps — pixel_cat
  The Pixel Cat – Conversion Pixel Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.0.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-09-24 6.1 CVE-2024-8544 security@wordfence.com
security@wordfence.com
security@wordfence.com
  xpeedstudio–ElementsKit Elementor addons
  The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Video widget in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-09-25 6.4 CVE-2024-8546 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  grimmdude–Simple Popup Plugin
  The Simple Popup Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s [popup] shortcode in all versions up to, and including, 4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-09-28 6.4 CVE-2024-8547 security@wordfence.com
security@wordfence.com
  simplecalendar–Simple Calendar Google Calendar Plugin
  The Simple Calendar – Google Calendar Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-09-25 6.1 CVE-2024-8549 security@wordfence.com
security@wordfence.com
security@wordfence.com
  ibericode — koko_analytics
  The Koko Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.12. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-09-24 6.1 CVE-2024-8662 security@wordfence.com
security@wordfence.com
security@wordfence.com
  devitemsllc–ShopLentor WooCommerce Builder for Elementor & Gutenberg +12 Modules All in One Solution (formerly WooLentor)
  The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tooltip and countdown functionality in all versions up to, and including, 2.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-09-25 6.4 CVE-2024-8668 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  leap13–Premium Addons for Elementor
  The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Media Grid widget in all versions up to, and including, 4.10.52 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-09-27 6.4 CVE-2024-8681 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  gtmserver–GTM Server Side
  The GTM Server Side plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.19. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-09-28 6.1 CVE-2024-8712 security@wordfence.com
security@wordfence.com
security@wordfence.com
  pierre-lebedel–Kodex Posts likes
  The Kodex Posts likes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-09-25 6.1 CVE-2024-8713 security@wordfence.com
security@wordfence.com
  clifgriffin–Simple LDAP Login
  The Simple LDAP Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-09-28 6.1 CVE-2024-8715 security@wordfence.com
security@wordfence.com
security@wordfence.com
  xplodedthemes — xt_ajax_add_to_cart_for_woocommerce
  The XT Ajax Add To Cart for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-09-24 6.1 CVE-2024-8716 security@wordfence.com
security@wordfence.com
security@wordfence.com
  ouhinit–012 Ps Multi Languages
  The 012 Ps Multi Languages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via translated titles in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-09-26 6.4 CVE-2024-8723 security@wordfence.com
security@wordfence.com
  modalweb–Advanced File Manager
  Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions. This is due to a lack of proper checks to ensure lower-privileged roles cannot upload .css and .js files to arbitrary directories. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an administrator, to upload .css and .js files to any directory within the WordPress root directory, which could lead to Stored Cross-Site Scripting. The Advanced File Manager Shortcodes plugin must be installed to exploit this vulnerability. 2024-09-26 6.8 CVE-2024-8725 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  castos — seriously_simple_stats
  The Seriously Simple Stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-09-24 6.1 CVE-2024-8738 security@wordfence.com
security@wordfence.com
security@wordfence.com
  outtheboxthemes–Beam me up Scotty Back to Top Button
  The Beam me up Scotty – Back to Top Button plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-09-25 6.1 CVE-2024-8741 security@wordfence.com
security@wordfence.com
security@wordfence.com
  github — enterprise_server
  A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program. 2024-09-23 6.1 CVE-2024-8770 product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
  omardabbas–EU/UK VAT Manager for WooCommerce
  The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.11. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-09-28 6.1 CVE-2024-8788 security@wordfence.com
security@wordfence.com
security@wordfence.com
  madfishdigital–Bulk NoIndex & NoFollow Toolkit
  The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.15. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-09-26 6.1 CVE-2024-8803 security@wordfence.com
security@wordfence.com
security@wordfence.com
  livemesh–Elementor Addons by Livemesh
  The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘piechart_settings’ parameter in all versions up to, and including, 8.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-09-25 6.4 CVE-2024-8858 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  metagauss–ProfileGrid User Profiles, Groups and Communities
  The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.9.3.2 due to incorrect use of the wp_kses_allowed_html function, which allows the ‘onclick’ attribute for certain HTML elements without sufficient restriction or context validation. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-09-26 6.4 CVE-2024-8861 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  bizswoop–Store Hours for WooCommerce
  The Store Hours for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.3.20. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-09-26 6.1 CVE-2024-8872 security@wordfence.com
security@wordfence.com
security@wordfence.com
  anwppro–AnWP Football Leagues
  The AnWP Football Leagues plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.16.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-09-25 6.4 CVE-2024-8917 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  shakeelu–Confetti Fall Animation
  The Confetti Fall Animation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘confetti-fall-animation’ shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-09-25 6.4 CVE-2024-8919 security@wordfence.com
security@wordfence.com
  Scriptcase–Scriptcase
  Vulnerability in Scriptcase version 9.4.019 that consists of a Cross-Site Scripting (XSS), due to the lack of input validation, affecting the “id_form_msg_title” parameter, among others. This vulnerability could allow a remote user to send a specially crafted URL to a victim and retrieve their credentials. 2024-09-25 6.3 CVE-2024-8942 cve-coordination@incibe.es
  Code Supply Co.–Absolute Reviews
  The Absolute Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Name’ field of a custom post criteria in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-09-27 6.4 CVE-2024-8965 security@wordfence.com
security@wordfence.com
  photoweblog–OSM OpenStreetMap
  The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s osm_map and osm_map_v3 shortcodes in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-09-27 6.4 CVE-2024-8991 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  axton–WP-WebAuthn
  The WP-WebAuthn plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s wwa_login_form shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-09-28 6.4 CVE-2024-9023 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  braginteractive–Material Design Icons
  The Material Design Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s mdi-icon shortcode in all versions up to, and including, 0.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-09-25 6.4 CVE-2024-9024 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  wpzoom–WPZOOM Shortcodes
  The WPZOOM Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘box’ shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-09-25 6.4 CVE-2024-9027 security@wordfence.com
security@wordfence.com
security@wordfence.com
  bastianonm–WP GPX Maps
  The WP GPX Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘sgpx’ shortcode in all versions up to, and including, 1.7.08 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-09-25 6.4 CVE-2024-9028 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  justinbusa–Beaver Builder WordPress Page Builder
  The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Button Group module in all versions up to, and including, 2.8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-09-27 6.4 CVE-2024-9049 security@wordfence.com
security@wordfence.com
  themexclub–OneElements Best Elementor Addons
  The OneElements – Best Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-09-25 6.4 CVE-2024-9068 security@wordfence.com
security@wordfence.com
  besnikac–Graphicsly The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery )
  The Graphicsly – The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-09-25 6.4 CVE-2024-9069 security@wordfence.com
security@wordfence.com
  wpopal–GutenGeek Free Gutenberg Blocks for WordPress
  The GutenGeek Free Gutenberg Blocks for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-09-25 6.4 CVE-2024-9073 security@wordfence.com
security@wordfence.com
  rems — profile_registration_without_reload/refresh
  A vulnerability was found in SourceCodester Profile Registration without Reload Refresh 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file add.php of the component Registration Form. The manipulation of the argument full_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. 2024-09-23 6.1 CVE-2024-9092 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  thechetanvaghela–Common Tools for Site
  The Common Tools for Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-09-26 6.4 CVE-2024-9115 security@wordfence.com
security@wordfence.com
  sekler–Mapplic Lite
  The Mapplic Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-09-26 6.4 CVE-2024-9117 security@wordfence.com
security@wordfence.com
  mohsensd1373–king_IE
  The king_IE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-09-26 6.4 CVE-2024-9125 security@wordfence.com
security@wordfence.com
  solaplugins–Super Testimonials
  The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alignment’ parameter in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-09-26 6.4 CVE-2024-9127 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  Huawei–HarmonyOS
  Access permission verification vulnerability in the App Multiplier module Impact: Successful exploitation of this vulnerability may affect service confidentiality. 2024-09-27 6.7 CVE-2024-9136 psirt@huawei.com
  alefypf–GF Custom Style
  The GF Custom Style plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-09-26 6.4 CVE-2024-9173 security@wordfence.com
security@wordfence.com
  mahodder–Themedy Toolbox
  The Themedy Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s themedy_col, themedy_social_link, themedy_alertbox, and themedy_pullleft shortcodes in all versions up to, and including, 1.0.14, and up to, and including 1.0.15 for the plugin’s themedy_button shortcode due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-09-26 6.4 CVE-2024-9177 security@wordfence.com
security@wordfence.com
security@wordfence.com
  jeanmarc77–123solar
  A vulnerability was found in jeanmarc77 123solar up to 1.8.4.5. It has been rated as critical. This issue affects some unknown processing of the file /admin/admin_invt2.php. The manipulation of the argument PROTOCOLx leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-09-27 6.3 CVE-2024-9275 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  TP-LINK–TL-WR841ND
  A vulnerability was found in TP-LINK TL-WR841ND up to 20240920. It has been rated as critical. Affected by this issue is some unknown functionality of the file /userRpm/popupSiteSurveyRpm.htm. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-09-27 6.5 CVE-2024-9284 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  skyselang–yylAdmin
  A vulnerability classified as critical was found in skyselang yylAdmin up to 3.0. Affected by this vulnerability is the function list of the file /app/admin/controller/file/File.php of the component Backend. The manipulation of the argument is_disable leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-09-27 6.3 CVE-2024-9293 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  dingfanzu–CMS
  A vulnerability, which was classified as critical, has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. Affected by this issue is some unknown functionality of the file saveNewPwd.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. 2024-09-27 6.3 CVE-2024-9294 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  SourceCodester–Online Railway Reservation System
  A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument page with the input trains/schedules/system_info leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-09-28 6.3 CVE-2024-9297 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  SourceCodester–Employee and Visitor Gate Pass Logging System
  A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/maintenance/manage_department.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-09-28 6.3 CVE-2024-9315 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  code-projects–Blood Bank Management System
  A vulnerability classified as critical has been found in code-projects Blood Bank Management System 1.0. Affected is an unknown function of the file /admin/blood/update/B+.php. The manipulation of the argument Bloodname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-09-28 6.3 CVE-2024-9316 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  SourceCodester–Online Eyewear Shop
  A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is the function delete_category of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-09-28 6.3 CVE-2024-9317 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  SourceCodester–Advocate Office Management System
  A vulnerability, which was classified as critical, has been found in SourceCodester Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the file /control/activate.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-09-28 6.3 CVE-2024-9318 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  SourceCodester–Online Timesheet App
  A vulnerability, which was classified as critical, was found in SourceCodester Online Timesheet App 1.0. This affects an unknown part of the file /endpoint/delete-timesheet.php. The manipulation of the argument timesheet leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-09-29 6.3 CVE-2024-9319 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  code-projects–Supply Chain Management
  A vulnerability was found in code-projects Supply Chain Management 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit_manufacturer.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-09-29 6.3 CVE-2024-9322 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  Intelbras–InControl
  A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the argument fields leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was informed early on 2024-07-19 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20. 2024-09-29 6.3 CVE-2024-9324 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  code-projects–Blood Bank System
  A vulnerability was found in code-projects Blood Bank System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /forgot.php. The manipulation of the argument useremail leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-09-29 6.3 CVE-2024-9327 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  SourceCodester–Advocate Office Management System
  A vulnerability was found in SourceCodester Advocate Office Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /control/edit_client.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-09-29 6.3 CVE-2024-9328 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  n/a–n/a
  Cross Site Scripting (XSS) vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the product_data parameter of add/edit product in the administration interface. 2024-09-25 5.4 CVE-2023-26688 cve@mitre.org
cve@mitre.org
  n/a–n/a
  A reflected Cross-Site Scripting (XSS) vulnerability was found on Temenos T24 Browser R19.40 that enables a remote attacker to execute arbitrary JavaScript code via the skin parameter in the about.jsp and genrequest.jsp components. 2024-09-23 5.4 CVE-2023-46948 cve@mitre.org
cve@mitre.org
  n/a–n/a
  Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the Emp Name parameter. 2024-09-25 5.4 CVE-2023-51157 cve@mitre.org
  Synology–Synology Active Backup for Business Agent
  Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors. 2024-09-26 5 CVE-2023-52948 security@synology.com
  Synology–Synology Active Backup for Business Agent
  Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors. 2024-09-26 5.5 CVE-2023-52949 security@synology.com
  Synology–Synology Active Backup for Business Agent
  Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credential via unspecified vectors. 2024-09-26 5.3 CVE-2023-52950 security@synology.com
  Cisco–IOS
  A vulnerability in the access control list (ACL) programming of Cisco IOS Software running on Cisco Industrial Ethernet 4000, 4010, and 5000 Series Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the incorrect handling of IPv4 ACLs on switched virtual interfaces when an administrator enables and disables Resilient Ethernet Protocol (REP). An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. 2024-09-25 5.8 CVE-2024-20465 ykramarz@cisco.com
  Cisco–Cisco UTD SNORT IPS Engine Software
  A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of HTTP requests when they are processed by Cisco UTD Snort IPS Engine. An attacker could exploit this vulnerability by sending a crafted HTTP request through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process. If the action in case of Cisco UTD Snort IPS Engine failure is set to the default, fail-open, successful exploitation of this vulnerability could allow the attacker to bypass configured security policies. If the action in case of Cisco UTD Snort IPS Engine failure is set to fail-close, successful exploitation of this vulnerability could cause traffic that is configured to be inspected by Cisco UTD Snort IPS Engine to be dropped. 2024-09-25 5.8 CVE-2024-20508 ykramarz@cisco.com
  HCL Software–Nomad server on Domino
  HCL Nomad is susceptible to an insufficient session expiration vulnerability.   Under certain circumstances, an unauthenticated attacker could obtain old session information. 2024-09-27 5.3 CVE-2024-23586 psirt@hcl.com
  Advantech–ADAM-5630
  Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process. 2024-09-27 5.7 CVE-2024-34542 ics-cert@hq.dhs.gov
  Advantech–ADAM 5550
  Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding. 2024-09-27 5.7 CVE-2024-37187 ics-cert@hq.dhs.gov
  IBM–Storage Defender – Resiliency Service
  IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system. 2024-09-25 5.9 CVE-2024-38324 psirt@us.ibm.com
  TianoCore–EDK2
  EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. 2024-09-27 5.9 CVE-2024-38796 infosec@edk2.groups.io
  N/A–Spring Framework
  Applications that parse ETags from “If-Match” or “If-None-Match” request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on “If-Match” and “If-None-Match” headers, e.g. through a Filter. 2024-09-27 5.3 CVE-2024-38809 security@vmware.com
  Apache Software Foundation–Apache Answer
  Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user’s email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommended to upgrade to version 1.4.0, which fixes the issue. 2024-09-25 5.3 CVE-2024-40761 security@apache.org
  Mattermost–Mattermost
  Mattermost versions 9.11.x <= 9.11.0, 9.10.x <= 9.10.1, 9.9.x <= 9.9.2 and 9.5.x <= 9.5.8 fail to properly authorize requests when viewing archived channels is disabled, which allows an attacker to retrieve post and file information about archived channels. Examples are flagged or unread posts as well as files. 2024-09-26 5.4 CVE-2024-42406 responsibledisclosure@mattermost.com
  goTenna–Pro ATAK Plugin
  The goTenna Pro ATAK Plugin use AES CTR mode for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to any attacker that can access the message. 2024-09-26 5.3 CVE-2024-43108 ics-cert@hq.dhs.gov
  TaxoPress–WordPress Tag Cloud Plugin Tag Groups
  Exposure of Sensitive Information to an Unauthorized Actor vulnerability in TaxoPress WordPress Tag Cloud Plugin – Tag Groups.This issue affects WordPress Tag Cloud Plugin – Tag Groups: from n/a through 2.0.3. 2024-09-25 5.3 CVE-2024-43237 audit@patchstack.com
  StylemixThemes–Masterstudy LMS Starter
  Insertion of Sensitive Information into Log File vulnerability in StylemixThemes Masterstudy LMS Starter.This issue affects Masterstudy LMS Starter: from n/a through 1.1.8. 2024-09-25 5.3 CVE-2024-43990 audit@patchstack.com
  goTenna–Pro ATAK Plugin
  In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device. 2024-09-26 5.3 CVE-2024-45374 ics-cert@hq.dhs.gov
  TopQuadrant–TopBraid EDG
  TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML DTD file and execute JavaScript to read local files or access URLs (XXE). Fixed in 8.0.1 (bug fix: TBS-6721). 2024-09-27 5 CVE-2024-45745 9119a7d8-5eab-497f-8521-727c672e3725
9119a7d8-5eab-497f-8521-727c672e3725
  mattermost — mattermost_server
  Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, which allows an attacker to possibly cause an SSRF if Mattermost was deployed in Oracle Cloud or Alibaba. 2024-09-26 5.4 CVE-2024-45843 responsibledisclosure@mattermost.com
  Facebook–Facebook Thrift
  A null-dereference vulnerability involving parsing requests specifying invalid protocols can cause the application to crash or potentially result in other undesirable effects. This issue affects Facebook Thrift from v2024.09.09.00 until v2024.09.23.00. 2024-09-27 5.3 CVE-2024-45863 cve-assign@fb.com
  n/a–n/a
  A stored Cross-Site Scripting (XSS) vulnerability was identified in Projectworld Online Voting System 1.0 that occurs when an account is registered with a malicious javascript payload. The payload is stored and subsequently executed in the voter.php and profile.php pages whenever the account information is accessed. 2024-09-26 5.4 CVE-2024-45986 cve@mitre.org
  n/a–n/a
  PHPGurukul Dairy Farm Shop Management System v1.1 is vulnerable to Cross-Site Scripting (XSS) via the pname parameter in add_product.php and edit_product.php. 2024-09-23 5.9 CVE-2024-46241 cve@mitre.org
  n/a–n/a
  An issue in the Http_handle object of VONETS VAP11G-300 v3.3.23.6.9 allows attackers to access sensitive files via a directory traversal. 2024-09-26 5.7 CVE-2024-46327 cve@mitre.org
  NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION–Hikari Denwa router RT-400MI
  Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION are vulnerable to insufficient access restrictions for Device Setting pages. If this vulnerability is exploited, an attacker who identified WAN-side IPv6 address may access the product’s Device Setting page via WAN-side. Note that, the same products are also provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION, but the vulnerability only affects products subscribed and used in NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION areas. 2024-09-26 5.3 CVE-2024-47044 vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
  rocket.chat — rocket.chat
  Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier allows stored XSS in the description and release notes of the marketplace and private apps. 2024-09-25 5.4 CVE-2024-47048 cve@mitre.org
cve@mitre.org
  NixOS–nix
  Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, `<nix/fetchurl.nix>` did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle (MITM) attack. `<nix/fetchurl.nix>` is also known as the builtin derivation builder `builtin:fetchurl`. It’s not to be confused with the evaluation-time function `builtins.fetchurl`, which was not affected by this issue. A user may be affected by the risk of leaking credentials if they have a `netrc` file for authentication, or rely on derivations with `impureEnvVars` set to use credentials from the environment. In addition, the commonplace trust-on-first-use (TOFU) technique of updating dependencies by specifying an invalid hash and obtaining it from a remote store was also vulnerable to a MITM injecting arbitrary store objects. This also applied to the impure derivations experimental feature. Note that this may also happen when using Nixpkgs fetchers to obtain new hashes when not using the fake hash method, although that mechanism is not implemented in Nix itself but rather in Nixpkgs using a fixed-output derivation. The behavior was introduced in version 1.11 to make it consistent with the Nixpkgs `pkgs.fetchurl` and to make `<nix/fetchurl.nix>` work in the derivation builder sandbox, which back then did not have access to the CA bundles by default. Nowadays, CA bundles are bind-mounted on Linux. This issue has been fixed in Nix 2.18.8 and 2.24.8. As a workaround, implement (authenticated) fetching with `pkgs.fetchurl` from Nixpkgs, using `impureEnvVars` and `curlOpts` as needed. 2024-09-26 5.9 CVE-2024-47174 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
  Huawei–HarmonyOS
  Input validation vulnerability in the USB service module Impact: Successful exploitation of this vulnerability may affect availability. 2024-09-27 5.5 CVE-2024-47290 psirt@huawei.com
  Huawei–HarmonyOS
  Permission vulnerability in the ActivityManagerService (AMS) module Impact: Successful exploitation of this vulnerability may affect availability. 2024-09-27 5.6 CVE-2024-47291 psirt@huawei.com
  GiveWP–GiveWP
  Cross-Site Request Forgery (CSRF) vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.15.1. 2024-09-25 5.4 CVE-2024-47315 audit@patchstack.com
  Unknown–Chatbot with ChatGPT WordPress
  The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key 2024-09-25 5.3 CVE-2024-6845 contact@wpscan.com
  peepso–Community by PeepSo Social Network, Membership, Registration, User Profiles, Premium Mobile App
  The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.6.0. This is due to the plugin displaying errors and allowing direct access to the sse.php file. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. 2024-09-25 5.3 CVE-2024-7426 security@wordfence.com
security@wordfence.com
  realmag777–HUSKY Products Filter Professional for WooCommerce
  The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woof_messenger_remove_subscr AJAX action due to missing validation on the ‘key’ user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to unsubscribe users from a product notification sign-ups, if they can successfully obtain or brute force the key value for users who signed up to receive notifications. This vulnerability requires the plugin’s Products Messenger extension to be enabled. 2024-09-25 5.3 CVE-2024-7491 security@wordfence.com
security@wordfence.com
  Unknown–YITH WooCommerce Ajax Search
  YITH WooCommerce Ajax Search is vulnerable to a XSS vulnerability due to insufficient sanitization of user supplied block attributes. This makes it possible for Contributors+ attackers to inject arbitrary scripts. 2024-09-23 5.4 CVE-2024-7846 contact@wpscan.com
  mailoptin — mailoptin
  The Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘post-meta’ shortcode in all versions up to, and including, 1.2.70.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-09-24 5.4 CVE-2024-8628 security@wordfence.com
security@wordfence.com
  10web–Form Maker by 10Web Mobile-Friendly Drag & Drop Contact Form Builder
  The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-09-26 5.5 CVE-2024-8633 security@wordfence.com
security@wordfence.com
security@wordfence.com
  ggnome — garden_gnome_package
  The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ggpkg shortcode in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-09-24 5.4 CVE-2024-8657 security@wordfence.com
security@wordfence.com
security@wordfence.com
  wpexpertsio–myCred Loyalty Points and Rewards plugin for WordPress and WooCommerce Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification
  The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mycred_update_database() function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to upgrade an out of date database. 2024-09-25 5.3 CVE-2024-8658 security@wordfence.com
security@wordfence.com
  revolutbusiness–Revolut Gateway for WooCommerce
  The Revolut Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wc/v3/revolut REST API endpoint in all versions up to, and including, 4.17.3. This makes it possible for unauthenticated attackers to mark orders as completed. 2024-09-25 5.3 CVE-2024-8678 security@wordfence.com
security@wordfence.com
  ba-booking — ba_book_everything
  The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all versions up to, and including, 1.6.20. This is due to the reset_user_password() function not verifying a user’s identity prior to setting a password. This makes it possible for unauthenticated attackers to reset any user’s passwords, including administrators. It’s important to note that the attacker will not have access to the generated password, therefore, privilege escalation is not possible. 2024-09-24 5.3 CVE-2024-8794 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  codesupplyco–Sight Professional Image Gallery and Portfolio
  The Sight – Professional Image Gallery and Portfolio plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘handler_post_title’ function in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to expose private, pending, trashed, and draft post titles. Successful exploitation requires the Elementor plugin to be installed and activated. 2024-09-26 5.3 CVE-2024-9025 security@wordfence.com
security@wordfence.com
  mayurik — modern_loan_management_system
  A vulnerability was found in SourceCodester Modern Loan Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file update_loan_record.php. The manipulation of the argument amount leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-09-23 5.4 CVE-2024-9089 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  Oct8ne–Oct8ne
  Cross-Site Scripting (XSS) vulnerability in the Oct8ne system. This flaw could allow an attacker to embed harmful JavaScript code into the body of a chat message. This manipulation occurs when the chat content is intercepted and altered, leading to the execution of the JavaScript payload. 2024-09-25 5.4 CVE-2024-9141 cve-coordination@incibe.es
  litespeedtech–LiteSpeed Cache
  The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin debug settings in all versions up to, and including, 6.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-09-25 5.5 CVE-2024-9169 security@wordfence.com
security@wordfence.com
  omardabbas–EU/UK VAT Manager for WooCommerce
  The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the alg_wc_eu_vat_exempt_vat_from_admin() function in all versions up to, and including, 2.12.12. This makes it possible for unauthenticated attackers to update the VAT status for any order. 2024-09-28 5.3 CVE-2024-9189 security@wordfence.com
security@wordfence.com
security@wordfence.com
  Clibo Manager–Clibo Manager
  Rate limit vulnerability in Clibo Manager v1.1.9.2 that could allow an attacker to send a large number of emails to the victim in a short time, affecting availability and leading to a denial of service (DoS). 2024-09-26 5.8 CVE-2024-9199 cve-coordination@incibe.es
  SourceCodester–Online Railway Reservation System
  A vulnerability was found in SourceCodester Online Railway Reservation System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/inquiries/view_details.php. The manipulation of the argument id leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-09-29 5.3 CVE-2024-9321 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  Synology–Synology Drive Client
  Buffer copy without checking size of input (‘Classic Buffer Overflow’) vulnerability in connection management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors. 2024-09-26 4.4 CVE-2022-49040 security@synology.com
  Synology–Synology Drive Client
  Buffer copy without checking size of input (‘Classic Buffer Overflow’) vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors. 2024-09-26 4.4 CVE-2022-49041 security@synology.com
  IBM–Cloud Pak for Multicloud Management
  IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user. 2024-09-26 4.4 CVE-2023-46175 psirt@us.ibm.com
  Synology–Synology Active Backup for Business Agent
  Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be affected by the logout. 2024-09-26 4 CVE-2023-52947 security@synology.com
  Google–Chrome
  Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) 2024-09-23 4.3 CVE-2023-7281 chrome-cve-admin@google.com
  Google–Chrome
  Inappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) 2024-09-23 4.3 CVE-2023-7282 chrome-cve-admin@google.com
  NVIDIA–Container Toolkit
  NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering. 2024-09-26 4.1 CVE-2024-0133 psirt@nvidia.com
  Cisco–Cisco IOS XE Software
  A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this vulnerability by sending crafted frames to an affected device. A successful exploit could allow the attacker to render the control plane of the affected device unresponsive. The device would not be accessible through the console or CLI, and it would not respond to ping requests, SNMP requests, or requests from other control plane protocols. Traffic that is traversing the device through the data plane is not affected. A reload of the device is required to restore control plane services. 2024-09-25 4.3 CVE-2024-20434 ykramarz@cisco.com
  Cisco–Cisco IOS XE Software
  A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication access control list (ACL), which could allow access to network resources before user authentication. This vulnerability is due to a logic error when activating the pre-authentication ACL that is received from the authentication, authorization, and accounting (AAA) server. An attacker could exploit this vulnerability by connecting to a wireless network that is configured for CWA and sending traffic through an affected device that should be denied by the configured ACL before user authentication. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device before the user authentication is completed, allowing the attacker to access trusted networks that the device might be protecting. 2024-09-25 4.7 CVE-2024-20510 ykramarz@cisco.com
  Alpine–Halo9
  Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware metadata signature validation mechanism. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-23102 2024-09-28 4.6 CVE-2024-23960 cve@asrg.io
  IBM–Cognos Command Center
  IBM Cognos Command Center 10.2.4.1 and 10.2.5 could disclose highly sensitive user information to an authenticated user with physical access to the device. 2024-09-26 4.3 CVE-2024-31899 psirt@us.ibm.com
  Zyxel–VMG8825-T50K firmware
  An improper restriction of operations within the bounds of a memory buffer in the parameter type parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device. 2024-09-24 4.9 CVE-2024-38266 security@zyxel.com.tw
  Zyxel–VMG8825-T50K firmware
  An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device. 2024-09-24 4.9 CVE-2024-38267 security@zyxel.com.tw
  Zyxel–VMG8825-T50K firmware
  An improper restriction of operations within the bounds of a memory buffer in the MAC address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device. 2024-09-24 4.9 CVE-2024-38268 security@zyxel.com.tw
  Zyxel–VMG8825-T50K firmware
  An improper restriction of operations within the bounds of a memory buffer in the USB file-sharing handler of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device. 2024-09-24 4.9 CVE-2024-38269 security@zyxel.com.tw
  kstover–Ninja Forms The Contact Form Builder That Grows With You
  The Ninja Forms Contact Form plugin for WordPress is vulnerable to Reflected Self-Based Cross-Site Scripting via the ‘Referer’ header in all versions up to, and including, 3.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Successful exploitation of this vulnerability requires “maintenance mode” for a targeted form to be enabled. However, there is no setting available to the attacker or even an administrator-level user to enable this mode. The mode is only enabled during a required update, which is a very short window of time. Additionally, because of the self-based nature of this vulnerability, attackers would have to rely on additional techniques to execute a supplied payload in the context of targeted user. 2024-09-25 4.7 CVE-2024-3866 security@wordfence.com
security@wordfence.com
  goTenna–Pro ATAK Plugin
  The goTenna Pro ATAK Plugin has a payload length vulnerability that makes it possible to tell the length of the payload regardless of the encryption used. 2024-09-26 4.3 CVE-2024-41715 ics-cert@hq.dhs.gov
  goTenna–Pro ATAK Plugin
  The goTenna Pro ATAK Plugin broadcast key name is always sent unencrypted and could reveal the location of operation. 2024-09-26 4.3 CVE-2024-41931 ics-cert@hq.dhs.gov
  goTenna–Pro ATAK Plugin
  In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device. 2024-09-26 4.3 CVE-2024-43694 ics-cert@hq.dhs.gov
  goTenna–Pro ATAK Plugin
  goTenna Pro ATAK Plugin by default enables frequent unencrypted Position, Location and Information (PLI) transmission. This transmission is done without user’s knowledge, revealing the exact location transmitted in unencrypted form. 2024-09-26 4.3 CVE-2024-43814 ics-cert@hq.dhs.gov
  ory–kratos
  Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 1.3.0, given a number of preconditions, the `highest_available` setting will incorrectly assume that the identity’s highest available AAL is `aal1` even though it really is `aal2`. This means that the `highest_available` configuration will act as if the user has only one factor set up, for that particular user. This means that they can call the settings and whoami endpoint without a `aal2` session, even though that should be disallowed. An attacker would need to steal or guess a valid login OTP of a user who has only OTP for login enabled and who has an incorrect `available_aal` value stored, to exploit this vulnerability. All other aspects of the session (e.g. the session’s aal) are not impacted by this issue. On the Ory Network, only 0.00066% of registered users were affected by this issue, and most of those users appeared to be test users. Their respective AAL values have since been updated and they are no longer vulnerable to this attack. Version 1.3.0 is not affected by this issue. As a workaround, those who require MFA should disable the passwordless code login method. If that is not possible, check the sessions `aal` to identify if the user has `aal1` or `aal2`. 2024-09-26 4.4 CVE-2024-45042 security-advisories@github.com
  goTenna–Pro ATAK Plugin
  The goTenna Pro ATAK Plugin does not encrypt the callsigns of its users. These callsigns reveal information about the users and can also be leveraged for other vulnerabilities. 2024-09-26 4.3 CVE-2024-45838 ics-cert@hq.dhs.gov
  n/a–n/a
  A Cross Site Scripting (XSS) vulnerability in add_donor.php of Blood Bank And Donation Management System 1.0 allows an attacker to inject malicious scripts that will be executed when the Donor List is viewed. 2024-09-26 4.7 CVE-2024-45984 cve@mitre.org
  n/a–n/a
  A Cross Site Scripting (XSS) vulnerability in update_contact.php of Blood Bank and Donation Management System v1.0 allows an attacker to inject malicious scripts via the name parameter of the update_contact.php 2024-09-26 4.7 CVE-2024-45985 cve@mitre.org
  n/a–n/a
  Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. A prompt injection allows an attacker to modify chatbot answer with an unloaded image that exfiltrates the user’s sensitive chat data of the current session to a malicious third-party or attacker-controlled server. 2024-09-26 4 CVE-2024-45989 cve@mitre.org
cve@mitre.org
  n/a–n/a
  An authenticated cross-site scripting (XSS) vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under the Add Album function. 2024-09-27 4.8 CVE-2024-46333 cve@mitre.org
  n/a–n/a
  dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/doAdminAction.php?act=delCate&id=31 2024-09-25 4.7 CVE-2024-46600 cve@mitre.org
  n/a–n/a
  Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function. 2024-09-26 4.3 CVE-2024-46632 cve@mitre.org
  strawberry-graphql–strawberry
  Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable to cross-site request forgery (CSRF) attacks if users did not explicitly enable CSRF preventing security mechanism for their servers. Additionally, the Django HTTP view integration, in particular, had an exemption for Django’s built-in CSRF protection (i.e., the `CsrfViewMiddleware` middleware) by default. In affect, all Strawberry integrations were vulnerable to CSRF attacks by default. Version `v0.243.0` is the first `strawberry-graphql` including a patch. 2024-09-25 4.6 CVE-2024-47082 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
  mattermost — mattermost_server
  Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links. 2024-09-26 4.3 CVE-2024-47145 responsibledisclosure@mattermost.com
  agnaistic–agnai
  Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chosen locations on the server. This issue can lead to unauthorized access to sensitive information and exposure of confidential configuration files. This only affects installations with `JSON_STORAGE` enabled which is intended to local/self-hosting only. Version 1.0.330 fixes this issue. 2024-09-26 4.3 CVE-2024-47170 security-advisories@github.com
  agnaistic–agnai
  Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload image files at attacker-chosen location on the server. This issue can lead to image file uploads to unauthorized or unintended directories, including overwriting of existing images which may be used for defacement. This does not affect `agnai.chat`, installations using S3-compatible storage, or self-hosting that is not publicly exposed. Version 1.0.330 fixes this vulnerability. 2024-09-26 4.3 CVE-2024-47171 security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
  amir20–dozzle
  Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3. 2024-09-27 4.8 CVE-2024-47182 security-advisories@github.com
security-advisories@github.com
  Huawei–HarmonyOS
  Out-of-bounds write vulnerability in the HAL-WIFI module Impact: Successful exploitation of this vulnerability may affect availability. 2024-09-27 4.7 CVE-2024-47293 psirt@huawei.com
  Huawei–HarmonyOS
  Access permission verification vulnerability in the input method framework module Impact: Successful exploitation of this vulnerability may affect availability. 2024-09-27 4.4 CVE-2024-47294 psirt@huawei.com
  Dnesscarkey–Use Any Font
  Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any Font allows Cross Site Request Forgery.This issue affects Use Any Font: from n/a through 6.3.08. 2024-09-25 4.3 CVE-2024-47305 audit@patchstack.com
  Supsystic–Slider by Supsystic
  Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons by Supsystic: from n/a through 2.2.9. 2024-09-26 4.3 CVE-2024-47330 audit@patchstack.com
audit@patchstack.com
  Stuart Wilson–Joy Of Text Lite
  Missing Authorization vulnerability in Stuart Wilson Joy Of Text Lite.This issue affects Joy Of Text Lite: from n/a through 2.3.1. 2024-09-26 4.3 CVE-2024-47337 audit@patchstack.com
  Google–Chrome
  Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) 2024-09-23 4.3 CVE-2024-7019 chrome-cve-admin@google.com
  Google–Chrome
  Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) 2024-09-23 4.3 CVE-2024-7020 chrome-cve-admin@google.com
  Red Hat–Red Hat Virtualization 4
  A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext. 2024-09-26 4.4 CVE-2024-7259 secalert@redhat.com
secalert@redhat.com
  codename065–Premium Packages Sell Digital Products Securely
  The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.1. This is due to missing nonce validation on the addRefund() function. This makes it possible for unauthenticated attackers to perform actions such as initiating refunds via a forged request granted they can trick a site administrator or shop manager into performing an action such as clicking on a link. 2024-09-25 4.3 CVE-2024-7386 security@wordfence.com
security@wordfence.com
  Unknown–WP ULike
  The WP ULike WordPress plugin before 4.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2024-09-25 4.8 CVE-2024-7878 contact@wpscan.com
  Unknown–adstxt Plugin
  The adstxt Plugin WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack 2024-09-25 4.3 CVE-2024-7892 contact@wpscan.com
  thangnv27–WP MultiTasking WP Utilities
  The WP MultiTasking – WP Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpmt_menu_name’ parameter in all versions up to, and including, 0.1.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-09-28 4.4 CVE-2024-8189 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  webba-booking — webba_booking
  The Appointment & Event Booking Calendar Plugin – Webba Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_appearance() function in all versions up to, and including, 5.0.48. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the booking form’s CSS. 2024-09-24 4.3 CVE-2024-8432 security@wordfence.com
security@wordfence.com
security@wordfence.com
  themehunk–Easy Mega Menu Plugin for WordPress ThemeHunk
  The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform actions like updating plugin settings. 2024-09-25 4.3 CVE-2024-8434 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  hahncgdev–WP Easy Gallery WordPress Gallery Plugin
  The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX like wpeg_settings and wpeg_add_gallery in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify galleries. 2024-09-25 4.3 CVE-2024-8437 security@wordfence.com
security@wordfence.com
  scottpaterson–Easy PayPal Events
  The Easy PayPal Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the wpeevent_plugin_buttons() function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-09-25 4.3 CVE-2024-8476 security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  farookibrahim–MAS Static Content
  The MAS Static Content plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.8 via the static_content() function. This makes it possible for authenticated attackers, with contributor-level access and above, to extract potentially sensitive information from private static content pages. 2024-09-25 4.3 CVE-2024-8483 security@wordfence.com
security@wordfence.com
security@wordfence.com
  themesflat–Themesflat Addons For Elementor
  The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract limited post information from draft and future scheduled posts. 2024-09-25 4.3 CVE-2024-8516 security@wordfence.com
security@wordfence.com
  wpchill–Download Monitor
  The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable shop functionality. 2024-09-26 4.3 CVE-2024-8552 security@wordfence.com
security@wordfence.com
security@wordfence.com
  expresstech — quiz_and_survey_master
  The Quiz and Survey Master (QSM) WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2024-09-23 4.8 CVE-2024-8758 contact@wpscan.com
  icegram–Email Subscribers by Icegram Express Email Marketing, Newsletters, Automation for WordPress & WooCommerce
  The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘preview_email_template_design’ function in all versions up to, and including, 5.7.34. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including the content of private, password protected, pending, and draft posts and pages. 2024-09-26 4.3 CVE-2024-8771 security@wordfence.com
security@wordfence.com
security@wordfence.com
  thehappymonster–Happy Addons for Elementor
  The Happy Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.2 via the Content Switcher widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including private, draft, and pending Elementor templates. 2024-09-25 4.3 CVE-2024-8801 security@wordfence.com
security@wordfence.com
security@wordfence.com
  devitemsllc–HT Mega Absolute Addons For Elementor
  The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in includes/widgets/htmega_accordion.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. 2024-09-25 4.3 CVE-2024-8910 security@wordfence.com
security@wordfence.com
  Mattermost–Mattermost
  Mattermost versions 9.10.x <= 9.10.1, 9.9.x <= 9.9.2, 9.5.x <= 9.5.8 fail to limit access to channels files that have not been linked to a post which allows an attacker to view them in channels that they are a member of. 2024-09-26 4.3 CVE-2024-9155 responsibledisclosure@mattermost.com
  HuankeMao–SCRM
  A vulnerability, which was classified as critical, has been found in HuankeMao SCRM up to 0.0.3. Affected by this issue is the function upload_domain_verification_file of the file WxkConfig.php of the component Administrator Backend. The manipulation of the argument domain_verification_file leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-09-27 4.7 CVE-2024-9278 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  kalvinGit–kvf-admin
  A vulnerability has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff and classified as critical. This vulnerability affects the function fileUpload of the file FileUploadKit.java. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. 2024-09-27 4.7 CVE-2024-9280 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  bg5sbk–MiniCMS
  A vulnerability was found in bg5sbk MiniCMS up to 1.11 and classified as problematic. This issue affects some unknown processing of the file post-edit.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions confusing version and file name information. The vendor was contacted early about this disclosure but did not respond in any way. 2024-09-27 4.3 CVE-2024-9281 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  bg5sbk–MiniCMS
  A vulnerability was found in bg5sbk MiniCMS 1.11. It has been classified as problematic. Affected is an unknown function of the file page-edit.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions confusing version and file name information. The vendor was contacted early about this disclosure but did not respond in any way. 2024-09-27 4.3 CVE-2024-9282 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  SourceCodester–Online Railway Reservation System
  A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /?page=tickets of the component Ticket Handler. The manipulation of the argument id leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-09-28 4.3 CVE-2024-9298 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  SourceCodester–Online Railway Reservation System
  A vulnerability classified as problematic was found in SourceCodester Online Railway Reservation System 1.0. This vulnerability affects unknown code of the file contact_us.php of the component Message Us Form. The manipulation of the argument fullname/email/message leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-09-28 4.3 CVE-2024-9300 cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com