GitLab–GitLab
  An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches. 2024-10-01 6.6 CVE-2023-3441
cve@gitlab.com
cve@gitlab.com
cve@gitlab.com
cve@gitlab.com
  Kiteworks–OwnCloud
  Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing CSRF check is bypassed in this case. An attacker can, for example, create a new administrator account if the request is executed in the browser of an authenticated victim. 2024-10-01 6.8 CVE-2023-7273
a341c0d1-ebf7-493f-a84e-38cf86618674
a341c0d1-ebf7-493f-a84e-38cf86618674
  Cisco–Cisco Unified Computing System (Managed)
  A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. This vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending crafted commands through the Redfish API on an affected device. A successful exploit could allow the attacker to elevate privileges to root. 2024-10-02 6.5 CVE-2024-20365
ykramarz@cisco.com
  Cisco–Cisco Data Center Network Manager
  A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited network-admin functions such as reading device configuration information, uploading files, and modifying uploaded files. Note: This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface. 2024-10-02 6.3 CVE-2024-20438
ykramarz@cisco.com
  Cisco–Cisco Data Center Network Manager
  A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensitive information. This vulnerability is due to the improper storage of sensitive information within config only and full backup files. An attacker could exploit this vulnerability by parsing the contents of a backup file that is generated from an affected device. A successful exploit could allow the attacker to access sensitive information, including NDFC-connected device credentials, the NDFC site manager private key, and the scheduled backup file encryption key. 2024-10-02 6.3 CVE-2024-20448
ykramarz@cisco.com
  Cisco–Cisco Small Business RV Series Router Firmware
  A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. In order to exploit this vulnerability, the attacker must have valid admin credentials. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. 2024-10-02 6.5 CVE-2024-20470
ykramarz@cisco.com
  Cisco–Cisco Data Center Network Manager
  A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view HTTP proxy server admin credentials in clear text that are configured on Nexus Dashboard to reach an external network. Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information. 2024-10-02 6.3 CVE-2024-20490
ykramarz@cisco.com
  Cisco–Cisco Nexus Dashboard Insights
  A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because remote controller credentials are recorded in an internal log that is stored in the tech support file. An attacker could exploit this vulnerability by accessing a tech support file that is generated from an affected system. A successful exploit could allow the attacker to view remote controller admin credentials in clear text. Note: Best practice is to store debug logs and tech support files safely and to share them only with trusted parties because they may contain sensitive information. 2024-10-02 6.3 CVE-2024-20491
ykramarz@cisco.com
  Cisco–Cisco TelePresence Video Communication Server (VCS) Expressway
  A vulnerability in the restricted shell of Cisco Expressway Series could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have Administrator-level credentials with read-write privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a series of crafted CLI commands. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of the affected device. Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. 2024-10-02 6 CVE-2024-20492
ykramarz@cisco.com
  Cisco–Cisco Identity Services Engine Software
  A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to a lack of proper data protection mechanisms for certain configuration settings. An attacker with Read-Only Administrator privileges could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to view device credentials that are normally not visible to Read-Only Administrators. 2024-10-02 6.5 CVE-2024-20515
ykramarz@cisco.com
  Cisco–Cisco Small Business RV Series Router Firmware
  A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. 2024-10-02 6.8 CVE-2024-20516
ykramarz@cisco.com
  Cisco–Cisco Small Business RV Series Router Firmware
  A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. 2024-10-02 6.8 CVE-2024-20517
ykramarz@cisco.com
  Cisco–Cisco Small Business RV Series Router Firmware
  A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. 2024-10-02 6.5 CVE-2024-20518
ykramarz@cisco.com
  Cisco–Cisco Small Business RV Series Router Firmware
  A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. 2024-10-02 6.5 CVE-2024-20519
ykramarz@cisco.com
  Cisco–Cisco Small Business RV Series Router Firmware
  A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. 2024-10-02 6.5 CVE-2024-20520
ykramarz@cisco.com
  Cisco–Cisco Small Business RV Series Router Firmware
  A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. 2024-10-02 6.5 CVE-2024-20521
ykramarz@cisco.com
  Cisco–Cisco Small Business RV Series Router Firmware
  A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. 2024-10-02 6.5 CVE-2024-20522
ykramarz@cisco.com
  Cisco–Cisco Small Business RV Series Router Firmware
  A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. 2024-10-02 6.8 CVE-2024-20523
ykramarz@cisco.com
  Cisco–Cisco Small Business RV Series Router Firmware
  A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. 2024-10-02 6.8 CVE-2024-20524
ykramarz@cisco.com
  Esri–Portal
  There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1, 10.9.1 and 10.8.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. 2024-10-04 6.1 CVE-2024-25691
psirt@esri.com
  n/a–n/a
  An issue was discovered in Infinera hiT 7300 5.60.50. Cleartext storage of sensitive information in the memory of the @CT desktop management application allows guest OS administrators to obtain various users’ passwords by accessing memory dumps of the desktop application. 2024-09-30 6.5 CVE-2024-28807
cve@mitre.org
  n/a–n/a
  An issue was discovered in Infinera hiT 7300 5.60.50. Sensitive information inside diagnostic files (exported by the @CT application) allows an attacker to achieve loss of confidentiality by analyzing these files. 2024-09-30 6.6 CVE-2024-28810
cve@mitre.org
  Schneider Elektronik–Series 700
  An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials. 2024-10-02 6.5 CVE-2024-35294
info@cert.vde.com
  Esri–Portal
  There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks. 2024-10-04 6.1 CVE-2024-38037
psirt@esri.com
  Esri–Portal
  There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. 2024-10-04 6.1 CVE-2024-38038
psirt@esri.com
  TECHNO SUPPORT COMPANY–Smart-tab Android app
  Smart-tab Android app installed April 2023 or earlier contains an active debug code vulnerability. If this vulnerability is exploited, an attacker with physical access to the device may exploit the debug function to gain access to the OS functions, escalate the privilege, change the device’s settings, or spoof devices in other rooms. 2024-09-30 6.8 CVE-2024-41999
vultures@jpcert.or.jp
vultures@jpcert.or.jp
  Trustmary–Review & testimonial widgets
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Trustmary Review & testimonial widgets allows Stored XSS.This issue affects Review & testimonial widgets: from n/a through 1.0.5. 2024-10-06 6.5 CVE-2024-44022
audit@patchstack.com
  NicheAddons–Medical Addon for Elementor
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in NicheAddons Medical Addon for Elementor allows Stored XSS.This issue affects Medical Addon for Elementor: from n/a through 1.4. 2024-10-06 6.5 CVE-2024-44024
audit@patchstack.com
  Nicejob–NiceJob
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Nicejob NiceJob allows Stored XSS.This issue affects NiceJob: from n/a before 3.6.5. 2024-10-06 6.5 CVE-2024-44025
audit@patchstack.com
  NicheAddons–Charity Addon for Elementor
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in NicheAddons Charity Addon for Elementor allows Stored XSS.This issue affects Charity Addon for Elementor: from n/a through 1.3.0. 2024-10-06 6.5 CVE-2024-44026
audit@patchstack.com
  TemeGUM–Gum Elementor Addon
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in TemeGUM Gum Elementor Addon allows Stored XSS.This issue affects Gum Elementor Addon: from n/a through 1.3.6. 2024-10-06 6.5 CVE-2024-44027
audit@patchstack.com
  NicheAddons–Restaurant & Cafe Addon for Elementor
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Stored XSS.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.5. 2024-10-06 6.5 CVE-2024-44032
audit@patchstack.com
  NicheAddons–Primary Addon for Elementor
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in NicheAddons Primary Addon for Elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through 1.5.7. 2024-10-06 6.5 CVE-2024-44033
audit@patchstack.com
  TemeGUM–Gum Elementor Addon
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in TemeGUM Gum Elementor Addon allows Stored XSS.This issue affects Gum Elementor Addon: from n/a through 1.3.7. 2024-10-06 6.5 CVE-2024-44035
audit@patchstack.com
  n/a–n/a
  In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows a remote attacker to exploit a stack-based buffer overflow upon deserialization of session information via a malformed browse-reply packet, aka KartLANPwn. The victim is not required to join a game session with an attacker. The victim must open the “Wireless Play” (or “LAN Play”) menu from the game’s title screen, and an attacker nearby (LDN) or on the same LAN network as the victim can send a crafted reply packet to the victim’s console. This enables a remote attacker to obtain complete denial-of-service on the game’s process, or potentially, remote code execution on the victim’s console. The issue is caused by incorrect use of the Nintendo Pia library, 2024-09-30 6.3 CVE-2024-45200
cve@mitre.org
cve@mitre.org
  Sonarr–Sonarr
  Sonarr – CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’) 2024-10-06 6.1 CVE-2024-45247
cna@cyber.gov.il
  n/a–n/a
  Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in sub_0x3d80fc via a crafted POC file. 2024-10-03 6.5 CVE-2024-45870
cve@mitre.org
  n/a–n/a
  Bandisoft BandiView 7.05 is Incorrect Access Control via sub_0x232bd8 resulting in denial of service (DOS). 2024-10-03 6.3 CVE-2024-45871
cve@mitre.org
  n/a–n/a
  Bandisoft BandiView 7.05 is vulnerable to Buffer Overflow via sub_0x410d1d. The vulnerability occurs due to insufficient validation of PSD files. 2024-10-03 6.3 CVE-2024-45872
cve@mitre.org
  n/a–n/a
  Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb. 2024-09-30 6.5 CVE-2024-45993
cve@mitre.org
cve@mitre.org
  n/a–n/a
  Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in proj_new.php via the Descricao parameter. 2024-10-01 6.1 CVE-2024-46079
cve@mitre.org
  n/a–n/a
  A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the target server, thereby obtaining system privileges. 2024-09-30 6.3 CVE-2024-46540
cve@mitre.org
cve@mitre.org
cve@mitre.org
  n/a–n/a
  TP-Link Tapo P125M and Kasa KP125M v1.0.3 was discovered to improperly validate certificates, allowing attackers to eavesdrop on communications and access sensitive information via a man-in-the-middle attack. 2024-09-30 6.3 CVE-2024-46548
cve@mitre.org
  FreePBX–security-reporting
  OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4. 2024-10-01 6.8 CVE-2024-47071
security-advisories@github.com
security-advisories@github.com
  BoldThemes–Bold Page Builder
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 5.1.1. 2024-10-06 6.5 CVE-2024-47298
audit@patchstack.com
  Essential Plugin–Meta slider and carousel with lightbox
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Essential Plugin Meta slider and carousel with lightbox allows Stored XSS.This issue affects Meta slider and carousel with lightbox: from n/a through 2.0.1. 2024-10-06 6.5 CVE-2024-47307
audit@patchstack.com
  Condless–Cities Shipping Zones for WooCommerce
  Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Condless Cities Shipping Zones for WooCommerce allows PHP Local File Inclusion.This issue affects Cities Shipping Zones for WooCommerce: from n/a through 1.2.7. 2024-10-05 6.6 CVE-2024-47309
audit@patchstack.com
  ARI Soft–ARI Fancy Lightbox
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ARI Soft ARI Fancy Lightbox allows Stored XSS.This issue affects ARI Fancy Lightbox: from n/a through 1.3.17. 2024-10-06 6.5 CVE-2024-47310
audit@patchstack.com
  QuomodoSoft–ElementsReady Addons for Elementor
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.0. 2024-10-06 6.5 CVE-2024-47329
audit@patchstack.com
  wowDevs–Sky Addons for Elementor
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in wowDevs Sky Addons for Elementor allows Stored XSS.This issue affects Sky Addons for Elementor: from n/a through 2.5.11. 2024-10-06 6.5 CVE-2024-47332
audit@patchstack.com
  PickPlugins–Post Grid and Gutenberg Blocks
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.2.89. 2024-10-06 6.5 CVE-2024-47340
audit@patchstack.com
  PickPlugins–Accordion
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in PickPlugins Accordion accordions allows Stored XSS.This issue affects Accordion: from n/a through 2.2.99. 2024-10-06 6.5 CVE-2024-47342
audit@patchstack.com
  Kraftplugins–Mega Elements
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a through 1.2.4. 2024-10-06 6.5 CVE-2024-47343
audit@patchstack.com
  CozyThemes–Cozy Blocks
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in CozyThemes Cozy Blocks allows Stored XSS.This issue affects Cozy Blocks: from n/a through 2.0.11. 2024-10-06 6.5 CVE-2024-47355
audit@patchstack.com
  Leevio–Happy Addons for Elementor
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.12.0. 2024-10-06 6.5 CVE-2024-47357
audit@patchstack.com
  Blockspare–Blockspare
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Blockspare allows Stored XSS.This issue affects Blockspare: from n/a through 3.2.4. 2024-10-06 6.5 CVE-2024-47363
audit@patchstack.com
  Move addons–Move Addons for Elementor
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Move addons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.4. 2024-10-06 6.5 CVE-2024-47364
audit@patchstack.com
  Atakan Au–Automatically Hierarchic Categories in Menu
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Atakan Au Automatically Hierarchic Categories in Menu allows Stored XSS.This issue affects Automatically Hierarchic Categories in Menu: from n/a through 2.0.5. 2024-10-06 6.5 CVE-2024-47365
audit@patchstack.com
  WPVibes–Elementor Addon Elements
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.6. 2024-10-06 6.5 CVE-2024-47366
audit@patchstack.com
  Leap13–Premium Blocks Gutenberg Blocks for WordPress
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Leap13 Premium Blocks – Gutenberg Blocks for WordPress allows Stored XSS.This issue affects Premium Blocks – Gutenberg Blocks for WordPress: from n/a through 2.1.33. 2024-10-06 6.5 CVE-2024-47368
audit@patchstack.com
  Paul Bearne–Author Avatars List/Block
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through 2.1.21. 2024-10-05 6.5 CVE-2024-47370
audit@patchstack.com
  LiteSpeed Technologies–LiteSpeed Cache
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 6.5.0.2. 2024-10-05 6.5 CVE-2024-47373
audit@patchstack.com
  Ashraf–XLTab Accordions and Tabs for Elementor Page Builder
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Ashraf XLTab – Accordions and Tabs for Elementor Page Builder allows Stored XSS.This issue affects XLTab – Accordions and Tabs for Elementor Page Builder: from n/a through 1.3. 2024-10-05 6.5 CVE-2024-47375
audit@patchstack.com
  Webvitaly–Page-list
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Webvitaly Page-list allows Stored XSS.This issue affects Page-list: from n/a through 5.6. 2024-10-05 6.5 CVE-2024-47382
audit@patchstack.com
  WPDeveloper–Essential Blocks for Gutenberg
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through 4.8.4. 2024-10-05 6.5 CVE-2024-47385
audit@patchstack.com
  Jegtheme–Jeg Elementor Kit
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Jegtheme Jeg Elementor Kit allows Stored XSS.This issue affects Jeg Elementor Kit: from n/a through 2.6.8. 2024-10-05 6.5 CVE-2024-47390
audit@patchstack.com
  BoldThemes–Bold Page Builder
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a before 5.1.1. 2024-10-05 6.5 CVE-2024-47391
audit@patchstack.com
  BdThemes–Element Pack Elementor Addons
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in BdThemes Element Pack Elementor Addons allows Stored XSS.This issue affects Element Pack Elementor Addons: from n/a through 5.7.5. 2024-10-05 6.5 CVE-2024-47392
audit@patchstack.com
  Quillforms–Quill Forms
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Quillforms Quill Forms allows Stored XSS.This issue affects Quill Forms: from n/a through 3.7.0. 2024-10-05 6.5 CVE-2024-47393
audit@patchstack.com
  moveaddons–Move Addons for Elementor
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.3. 2024-10-01 6.5 CVE-2024-47396
audit@patchstack.com
  pomerium–pomerium
  Pomerium is an identity and context-aware access proxy. The Pomerium databroker service is responsible for managing all persistent Pomerium application state. Requests to the databroker service API are authorized by the presence of a JSON Web Token (JWT) signed by a key known by all Pomerium services in the same deployment. However, incomplete validation of this JWT meant that some service account access tokens would incorrectly be treated as valid for the purpose of databroker API authorization. Improper access to the databroker API could allow exfiltration of user info, spoofing of user sessions, or tampering with Pomerium routes, policies, and other settings. A Pomerium deployment is susceptible to this issue if all of the following conditions are met, you have issued a service account access token using Pomerium Zero or Pomerium Enterprise, the access token has an explicit expiration date in the future, and the core Pomerium databroker gRPC API is not otherwise secured by network access controls. This vulnerability is fixed in 0.27.1. 2024-10-02 6.8 CVE-2024-47616
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
  sulu–sulu
  Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting (XSS) issue, which could potentially allow attackers to steal sensitive information, manipulate the website’s content, or perform actions on behalf of the victim. This vulnerability is fixed in 2.6.5 and 2.5.21. 2024-10-03 6.1 CVE-2024-47617
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
  Katie Seaborn–Zotpress
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Katie Seaborn Zotpress allows Stored XSS.This issue affects Zotpress: from n/a through 7.3.10. 2024-10-05 6.5 CVE-2024-47621
audit@patchstack.com
  ILLID–Advanced Woo Labels
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ILLID Advanced Woo Labels allows Stored XSS.This issue affects Advanced Woo Labels: from n/a through 2.01. 2024-10-05 6.5 CVE-2024-47622
audit@patchstack.com
  ThemeLooks–Enter Addons
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ThemeLooks Enter Addons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.8. 2024-10-05 6.5 CVE-2024-47625
audit@patchstack.com
  Rometheme–RomethemeKit For Elementor
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Rometheme RomethemeKit For Elementor allows Stored XSS.This issue affects RomethemeKit For Elementor: from n/a through 1.5.0. 2024-10-05 6.5 CVE-2024-47626
audit@patchstack.com
  WP Travel–WP Travel Gutenberg Blocks
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WP Travel WP Travel Gutenberg Blocks allows Stored XSS.This issue affects WP Travel Gutenberg Blocks: from n/a through 3.6.0. 2024-10-05 6.5 CVE-2024-47627
audit@patchstack.com
  LA-Studio–LA-Studio Element Kit for Elementor
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in LA-Studio LA-Studio Element Kit for Elementor allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.9.3. 2024-10-05 6.5 CVE-2024-47628
audit@patchstack.com
  BdThemes–Ultimate Store Kit Elementor Addons
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Stored XSS.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.0.5. 2024-10-05 6.5 CVE-2024-47629
audit@patchstack.com
  ElementInvader–ElementInvader Addons for Elementor
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.7. 2024-10-05 6.5 CVE-2024-47630
audit@patchstack.com
  bPlugins LLC–Logo Carousel Clients logo carousel for WP
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in bPlugins LLC Logo Carousel – Clients logo carousel for WP allows Stored XSS.This issue affects Logo Carousel – Clients logo carousel for WP: from n/a through 1.2. 2024-10-05 6.5 CVE-2024-47631
audit@patchstack.com
  deTheme–DethemeKit For Elementor
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in deTheme DethemeKit For Elementor allows Stored XSS.This issue affects DethemeKit For Elementor: from n/a through 2.1.7. 2024-10-05 6.5 CVE-2024-47632
audit@patchstack.com
  Zoho Forms–Zoho Forms
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Zoho Forms allows Stored XSS.This issue affects Zoho Forms: from n/a through 4.0. 2024-10-05 6.5 CVE-2024-47633
audit@patchstack.com
  VdoCipher–VdoCipher
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in VdoCipher allows Stored XSS.This issue affects VdoCipher: from n/a through 1.29. 2024-10-05 6.5 CVE-2024-47639
audit@patchstack.com
  WPDeveloperr–Confetti Fall Animation
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WPDeveloperr Confetti Fall Animation allows Stored XSS.This issue affects Confetti Fall Animation: from n/a through 1.3.0. 2024-09-30 6.5 CVE-2024-47641
audit@patchstack.com
  Keap–Keap Official Opt-in Forms
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Keap Keap Official Opt-in Forms allows Stored XSS.This issue affects Keap Official Opt-in Forms: from n/a through 2.0.1. 2024-10-05 6.5 CVE-2024-47642
audit@patchstack.com
  Alexander Bhm–Include Fussball.de Widgets
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Alexander Böhm Include Fussball.De Widgets allows Stored XSS.This issue affects Include Fussball.De Widgets: from n/a through 4.0.0. 2024-10-05 6.5 CVE-2024-47643
audit@patchstack.com
  Axton–WP-WebAuthn
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Axton WP-WebAuthn allows Stored XSS.This issue affects WP-WebAuthn: from n/a through 1.3.1. 2024-10-06 6.5 CVE-2024-47650
audit@patchstack.com
  n/a–n/a
  An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user. 2024-10-04 6.1 CVE-2024-47854
cve@mitre.org
  n/a–n/a
  In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to inject blind SQL commands. 2024-10-04 6.7 CVE-2024-47911
cve@mitre.org
  zephyrproject-rtos–Zephyr
  In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow. 2024-10-04 6.3 CVE-2024-6442
vulnerabilities@zephyrproject.org
  zephyrproject-rtos–Zephyr
  In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty. 2024-10-04 6.3 CVE-2024-6443
vulnerabilities@zephyrproject.org
  zephyrproject-rtos–Zephyr
  No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c. 2024-10-04 6.3 CVE-2024-6444
vulnerabilities@zephyrproject.org
  Canonical Ltd.–Juju
  Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm. 2024-10-02 6.5 CVE-2024-8037
security@ubuntu.com
security@ubuntu.com
  Revolution Slider–Slider Revolution
  The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. By default, this can only be exploited by administrators, but the ability to use and configure Slider Revolution can be extended to authors. 2024-10-01 6.4 CVE-2024-8107
security@wordfence.com
security@wordfence.com
security@wordfence.com
  Esri–Portal
  There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 10.8.1 – 11.2 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks. 2024-10-04 6.1 CVE-2024-8148
psirt@esri.com
  Faronics–DeepFreeze
  Deep Freeze 9.00.020.5760 is vulnerable to an out-of-bounds read vulnerability by triggering the 0x70014 IOCTL code of the FarDisk.sys driver. 2024-10-03 6.4 CVE-2024-8159
help@fluidattacks.com
help@fluidattacks.com
  vowelweb–Ibtana WordPress Website Builder
  The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the ‘wp:ive/ive-productscarousel’ Gutenberg block in all versions up to, and including, 1.2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-02 6.4 CVE-2024-8282
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  adreastrian–Guten Post Layout An Advanced Post Grid Collection for WordPress Gutenberg
  The Guten Post Layout – An Advanced Post Grid Collection for WordPress Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the ‘wp:guten-post-layout/post-grid’ Gutenberg block in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-01 6.4 CVE-2024-8288
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  ishitaka–XO Slider
  The XO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘get_slider’ function in all versions up to, and including, 3.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-01 6.4 CVE-2024-8324
security@wordfence.com
security@wordfence.com
security@wordfence.com
  planet — gs-4210-24p2s_firmware
  Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user’s password. 2024-09-30 6.8 CVE-2024-8449
twcert@cert.org.tw
twcert@cert.org.tw
  averta–Shortcodes and extra features for Phlox theme
  The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in the Modern Heading and Icon Picker widgets all versions up to, and including, 2.16.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-05 6.4 CVE-2024-8486
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  connekthq–WordPress Infinite Scroll Ajax Load More
  The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_label’ parameter in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-02 6.4 CVE-2024-8505
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  ultimatemember–Ultimate Member User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
  The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘um_loggedin’ shortcode in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-04 6.4 CVE-2024-8519
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  cagdasdag–KB Support WordPress Help Desk and Knowledge Base
  The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the ‘kbs_ajax_load_front_end_replies’ and ‘kbs_ajax_mark_reply_as_read’ functions in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to read replies of any ticket, and mark any reply as read. 2024-10-01 6.5 CVE-2024-8632
security@wordfence.com
security@wordfence.com
security@wordfence.com
  daveshine–Gravity Forms Toolbar
  The Gravity Forms Toolbar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-01 6.1 CVE-2024-8718
security@wordfence.com
security@wordfence.com
security@wordfence.com
  rumbletalk–RumbleTalk Live Group Chat HTML5
  The RumbleTalk Live Group Chat – HTML5 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘rumbletalk-admin-button’ shortcode in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-01 6.4 CVE-2024-8720
security@wordfence.com
security@wordfence.com
  torstenbulk–DK PDF
  The DK PDF plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-01 6.1 CVE-2024-8727
security@wordfence.com
security@wordfence.com
  brianbrey–Easy Load More
  The Easy Load More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-01 6.1 CVE-2024-8728
security@wordfence.com
security@wordfence.com
  bitpressadmin–Bit File Manager 100% Free & Open Source File Manager and Code Editor for WordPress
  The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.5.7. This is due to a lack of proper checks on allowed file types. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an administrator, to upload .css and .js files, which could lead to Stored Cross-Site Scripting. 2024-10-05 6.8 CVE-2024-8743
security@wordfence.com
security@wordfence.com
  brochris–Auto Featured Image from Title
  The Auto Featured Image from Title plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-01 6.1 CVE-2024-8786
security@wordfence.com
security@wordfence.com
  jkohlbach–Store Exporter for WooCommerce Export Products, Export Orders, Export Subscriptions, and More
  The Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.2.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-01 6.1 CVE-2024-8793
security@wordfence.com
security@wordfence.com
  ghuger–Custom Banners
  The Custom Banners plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-01 6.1 CVE-2024-8799
security@wordfence.com
security@wordfence.com
  sanrl–RabbitLoader Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more
  The RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.21.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-02 6.1 CVE-2024-8800
security@wordfence.com
security@wordfence.com
security@wordfence.com
  cliogrow–Clio Grow
  The Clio Grow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-04 6.1 CVE-2024-8802
security@wordfence.com
security@wordfence.com
  dartiss–Code Embed
  The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s script embed functionality in all versions up to, and including, 2.4 due to insufficient restrictions on who can utilize the functionality. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-04 6.4 CVE-2024-8804
security@wordfence.com
security@wordfence.com
  iworks–PWA easy way to Progressive Web App
  The PWA – easy way to Progressive Web App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-02 6.4 CVE-2024-8967
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  galdub–Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews Stars Testimonials
  The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s stars_testimonials shortcode in all versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-01 6.4 CVE-2024-8989
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  cyberhobo–Geo Mashup
  The Geo Mashup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s geo_mashup_visible_posts_list shortcode in all versions up to, and including, 1.13.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-01 6.4 CVE-2024-8990
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  grandplugins–AVIF Uploader
  The AVIF & SVG Uploader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-01 6.4 CVE-2024-9060
security@wordfence.com
security@wordfence.com
security@wordfence.com
  sigmadevs–Easy Demo Importer A Modern One-Click Demo Import Solution
  The Easy Demo Importer – A Modern One-Click Demo Import Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-04 6.4 CVE-2024-9071
security@wordfence.com
security@wordfence.com
security@wordfence.com
  ManageEngine–Analytics Plus
  Zohocorp ManageEngine Analytics Plus versions before 5410 and Zoho Analytics On-Premise versions before 5410 are vulnerable to Path traversal. 2024-10-03 6.5 CVE-2024-9100
0fc0942c-577d-436f-ae8e-945763c79b02
0fc0942c-577d-436f-ae8e-945763c79b02
  quomodosoft–QS Dark Mode Plugin
  The QS Dark Mode Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-01 6.4 CVE-2024-9118
security@wordfence.com
security@wordfence.com
security@wordfence.com
  automatic-rock–SVG Complete
  The SVG Complete plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-01 6.4 CVE-2024-9119
security@wordfence.com
security@wordfence.com
  rankmath–Rank Math SEO AI SEO Tools to Dominate SEO Rankings
  The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘update_metadata’ function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with ‘rank_math’, and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators. 2024-10-05 6.5 CVE-2024-9161
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  kraftplugins–Demo Importer Plus
  The Demo Importer Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-02 6.4 CVE-2024-9172
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  nerdpressteam–Smart Custom 404 Error Page
  The Smart Custom 404 Error Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER[‘REQUEST_URI’] in all versions up to, and including, 11.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-04 6.1 CVE-2024-9204
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  cornelraiu-1–WP Search Analytics
  The WP Search Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-01 6.1 CVE-2024-9209
security@wordfence.com
security@wordfence.com
  dvankooten–MC4WP: Mailchimp Top Bar
  The MC4WP: Mailchimp Top Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-02 6.1 CVE-2024-9210
security@wordfence.com
security@wordfence.com
security@wordfence.com
  wpblockart–Magazine Blocks Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid
  The Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.14. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-02 6.1 CVE-2024-9218
security@wordfence.com
security@wordfence.com
security@wordfence.com
  shawfactor–LH Copy Media File
  The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.08. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-01 6.1 CVE-2024-9220
security@wordfence.com
security@wordfence.com
  madalinungureanu–Paid Membership Subscriptions Effortless Memberships, Recurring Payments & Content Restriction
  The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-02 6.1 CVE-2024-9222
security@wordfence.com
security@wordfence.com
security@wordfence.com
  kau-boy–Hello World
  The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. 2024-10-01 6.5 CVE-2024-9224
security@wordfence.com
security@wordfence.com
security@wordfence.com
  rainbowgeek–SEOPress On-site SEO
  The SEOPress – On-site SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 8.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-02 6.1 CVE-2024-9225
security@wordfence.com
security@wordfence.com
security@wordfence.com
  joelcj91–Loggedin Limit Active Logins
  The Loggedin – Limit Active Logins plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is only exploitable when the leave a review notice is present. 2024-10-01 6.1 CVE-2024-9228
security@wordfence.com
security@wordfence.com
  wpcentrics–Fish and Ships Most flexible shipping table rate. A WooCommerce shipping rate
  The Fish and Ships – Most flexible shipping table rate. A WooCommerce shipping rate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-04 6.1 CVE-2024-9237
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  fishpie–PDF Image Generator
  The PDF Image Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-01 6.1 CVE-2024-9241
security@wordfence.com
security@wordfence.com
  memberful–Memberful Membership Plugin
  The Memberful – Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘memberful_buy_subscription_link’ and ‘memberful_podcasts_link’ shortcodes in all versions up to, and including, 1.73.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-04 6.4 CVE-2024-9242
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  optinhound–Easy WordPress Subscribe Optin Hound
  The Easy WordPress Subscribe – Optin Hound plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-01 6.1 CVE-2024-9267
security@wordfence.com
security@wordfence.com
security@wordfence.com
  cconover–Relogo
  The Relogo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-01 6.4 CVE-2024-9269
security@wordfence.com
security@wordfence.com
  remydcf–Re:WP
  The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-04 6.4 CVE-2024-9271
security@wordfence.com
security@wordfence.com
security@wordfence.com
  mascotdevelopers–R Animated Icon Plugin
  The R Animated Icon Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-01 6.4 CVE-2024-9272
security@wordfence.com
security@wordfence.com
  azexo–Elastik Page Builder
  The Elastik Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-01 6.4 CVE-2024-9274
security@wordfence.com
security@wordfence.com
  dgamoni–LocateAndFilter
  The LocateAndFilter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-01 6.4 CVE-2024-9304
security@wordfence.com
security@wordfence.com
  thevisionofhamza–BerqWP Automated All-In-One PageSpeed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript
  The BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-02 6.1 CVE-2024-9344
security@wordfence.com
security@wordfence.com
security@wordfence.com
  tychesoftwares–Product Delivery Date for WooCommerce Lite
  The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is only exploitable when notices are present. 2024-10-04 6.1 CVE-2024-9345
security@wordfence.com
security@wordfence.com
security@wordfence.com
  miunosoft–Auto Amazon Links Amazon Associates Affiliate Plugin
  The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.4.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-04 6.1 CVE-2024-9349
security@wordfence.com
security@wordfence.com
security@wordfence.com
  themes4wp–Popularis Extra
  The Popularis Extra plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-04 6.1 CVE-2024-9353
security@wordfence.com
security@wordfence.com
security@wordfence.com
  Red Hat–Red Hat Enterprise Linux 8
  A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack. 2024-10-01 6.5 CVE-2024-9355
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
  migumello–Aggregator Advanced Settings
  The Aggregator Advanced Settings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-04 6.4 CVE-2024-9368
security@wordfence.com
security@wordfence.com
  wpblockshub–WP Blocks Hub
  The WP Blocks Hub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-04 6.4 CVE-2024-9372
security@wordfence.com
security@wordfence.com
  contact-banker–WordPress Captcha Plugin by Captcha Bank
  The WordPress Captcha Plugin by Captcha Bank plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.0.36. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-04 6.1 CVE-2024-9375
security@wordfence.com
security@wordfence.com
  icopydoc–YML for Yandex Market
  The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 4.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-02 6.1 CVE-2024-9378
security@wordfence.com
security@wordfence.com
security@wordfence.com
  algoritmika–Quantity Dynamic Pricing & Bulk Discounts for WooCommerce
  The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-04 6.1 CVE-2024-9384
security@wordfence.com
security@wordfence.com
security@wordfence.com
  themifyme–Themify Builder
  The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-05 6.1 CVE-2024-9385
security@wordfence.com
security@wordfence.com
security@wordfence.com
  hashthemes–Hash Form Drag & Drop Form Builder
  The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to limited file uploads due to a misconfigured file type validation in the ‘handleUpload’ function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to upload files that are excluded from both the ‘allowedExtensions’ and ‘unallowed_extensions’ arrays on the affected site’s server, including files that may contain cross-site scripting. 2024-10-05 6.1 CVE-2024-9417
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  prontotools–Login Logout Shortcode
  The Login Logout Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-04 6.4 CVE-2024-9421
security@wordfence.com
security@wordfence.com
security@wordfence.com
  code-projects–Restaurant Reservation System
  A vulnerability has been found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter2.php. The manipulation of the argument from/to leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter “from” to be affected. But it must be assumed that parameter “to” is affected as well. 2024-10-02 6.3 CVE-2024-9429
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  plainware–ShiftController Employee Shift Scheduling
  The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL keys in all versions up to, and including, 4.9.66 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-04 6.1 CVE-2024-9435
security@wordfence.com
security@wordfence.com
security@wordfence.com
  acekyd–Display Medium Posts
  The Display Medium Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s display_medium_posts shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-04 6.4 CVE-2024-9445
security@wordfence.com
security@wordfence.com
security@wordfence.com
  guillaume-lostweb–WP Cleanup and Basic Functions
  The WP Cleanup and Basic Functions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-10-05 6.4 CVE-2024-9455
security@wordfence.com
security@wordfence.com
  ESAFENET–CDG
  A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /MultiServerBackService?path=1. The manipulation of the argument fileId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-10-05 6.3 CVE-2024-9536
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  ESAFENET–CDG
  A vulnerability was found in ESAFENET CDG V5. It has been rated as critical. Affected by this issue is the function delCatelogs of the file /CDGServer3/document/Catelogs;logindojojs?command=DelCatelogs. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-10-06 6.3 CVE-2024-9560
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  Cisco–Cisco Nexus Dashboard Orchestrator
  A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an unauthenticated, remote attacker to intercept sensitive information from an affected device.  This vulnerability exists because the Cisco NDO Validate Peer Certificate site management feature validates the certificates for Cisco Application Policy Infrastructure Controller (APIC), Cisco Cloud Network Controller (CNC), and Cisco Nexus Dashboard only when a new site is added or an existing one is reregistered. An attacker could exploit this vulnerability by using machine-in-the-middle techniques to intercept the traffic between the affected device and Cisco NDO and then using a crafted certificate to impersonate the affected device. A successful exploit could allow the attacker to learn sensitive information during communications between these devices. 2024-10-02 5.9 CVE-2024-20385
ykramarz@cisco.com
  Cisco–Cisco Data Center Network Manager
  A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API requests to the affected endpoint. A successful exploit could allow the attacker to download config only or full backup files and learn sensitive configuration information. This vulnerability only affects a specific REST API endpoint and does not affect the web-based management interface. 2024-10-02 5.7 CVE-2024-20441
ykramarz@cisco.com
  Cisco–Cisco Nexus Dashboard
  A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions such as viewing portions of the web UI, generating config only or full backup files, and deleting tech support files. This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface. 2024-10-02 5.4 CVE-2024-20442
ykramarz@cisco.com
  Cisco–Cisco Data Center Network Manager
  A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to perform a command injection attack against an affected device.   This vulnerability is due to insufficient validation of command arguments. An attacker could exploit this vulnerability by submitting crafted command arguments to a specific REST API endpoint. A successful exploit could allow the attacker to overwrite sensitive files or crash a specific container, which would restart on its own, causing a low-impact denial of service (DoS) condition. 2024-10-02 5.5 CVE-2024-20444
ykramarz@cisco.com
  Cisco–Cisco Data Center Network Manager
  A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API requests to the affected endpoint. A successful exploit could allow the attacker to upload files into a specific container or delete files from a specific folder within that container. This vulnerability only affects a specific REST API endpoint and does not affect the web-based management interface. 2024-10-02 5.4 CVE-2024-20477
ykramarz@cisco.com
  Cisco–Cisco Meraki MX Firmware
  A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. This vulnerability is due to insufficient resource management when establishing TLS/SSL sessions. An attacker could exploit this vulnerability by sending a series of crafted TLS/SSL messages to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. 2024-10-02 5.8 CVE-2024-20500
ykramarz@cisco.com
  Cisco–Cisco Meraki MX Firmware
  A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to insufficient resource management while establishing SSL VPN sessions. An attacker could exploit this vulnerability by sending a series of crafted HTTPS requests to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to stop accepting new connections, preventing new SSL VPN connections from being established. Existing SSL VPN sessions are not impacted. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. 2024-10-02 5.8 CVE-2024-20502
ykramarz@cisco.com
  Cisco–Cisco Meraki MX Firmware
  A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for individual users of the AnyConnect VPN service on an affected device. This vulnerability is due to weak entropy for handlers that are used during the VPN authentication process as well as a race condition that exists in the same process. An attacker could exploit this vulnerability by correctly guessing an authentication handler and then sending crafted HTTPS requests to an affected device. A successful exploit could allow the attacker to take over the AnyConnect VPN session from a target user or prevent the target user from establishing an AnyConnect VPN session with the affected device. 2024-10-02 5.8 CVE-2024-20509
ykramarz@cisco.com
  Cisco–Cisco Meraki MX Firmware
  A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device. This vulnerability is due to insufficient entropy for handlers that are used during SSL VPN session establishment. An unauthenticated attacker could exploit this vulnerability by brute forcing valid session handlers. An authenticated attacker could exploit this vulnerability by connecting to the AnyConnect VPN service of an affected device to retrieve a valid session handler and, based on that handler, predict further valid session handlers. The attacker would then send a crafted HTTPS request using the brute-forced or predicted session handler to the AnyConnect VPN server of the device. A successful exploit could allow the attacker to terminate targeted SSL VPN sessions, forcing remote users to initiate new VPN connections and reauthenticate. 2024-10-02 5.8 CVE-2024-20513
ykramarz@cisco.com
  n/a–git-shallow-clone
  All versions of the package git-shallow-clone are vulnerable to Command injection due to missing sanitization or mitigation flags in the process variable of the gitShallowClone function. 2024-10-01 5.3 CVE-2024-21531
report@snyk.io
report@snyk.io
  n/a–n/a
  A cross-site scripting (XSS) vulnerability has been identified in Flatpress 1.3. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users. 2024-10-02 5.4 CVE-2024-33210
cve@mitre.org
  Esri–Portal
  There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered). 2024-10-04 5.4 CVE-2024-38039
psirt@esri.com
  draytek — vigor3910_firmware
  Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6. 2024-10-03 5.4 CVE-2024-41587
cve@mitre.org
cve@mitre.org
  Catch Themes–Full frame
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Catch Themes Full frame allows Stored XSS.This issue affects Full frame: from n/a through 2.7.2. 2024-10-06 5.1 CVE-2024-44010
audit@patchstack.com
  Pierre Lebedel–Kodex Posts likes
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Pierre Lebedel Kodex Posts likes allows Stored XSS.This issue affects Kodex Posts likes: from n/a through 2.5.0. 2024-10-06 5.9 CVE-2024-44036
audit@patchstack.com
  MagePeople Team–Multipurpose Ticket Booking Manager
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in MagePeople Team Multipurpose Ticket Booking Manager allows Stored XSS.This issue affects Multipurpose Ticket Booking Manager: from n/a through 4.2.2. 2024-10-06 5.9 CVE-2024-44037
audit@patchstack.com
  WP Travel–WP Travel
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WP Travel allows Stored XSS.This issue affects WP Travel: from n/a through 9.3.1. 2024-10-06 5.9 CVE-2024-44039
audit@patchstack.com
  Plainware–ShiftController Employee Shift Scheduling
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Plainware ShiftController Employee Shift Scheduling allows Stored XSS.This issue affects ShiftController Employee Shift Scheduling: from n/a through 4.9.64. 2024-10-06 5.9 CVE-2024-44040
audit@patchstack.com
  Martin Gibson–IdeaPush
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Martin Gibson IdeaPush allows Stored XSS.This issue affects IdeaPush: from n/a through 8.66. 2024-10-06 5.9 CVE-2024-44041
audit@patchstack.com
  Fahad Mahmood–WP Datepicker
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Fahad Mahmood WP Datepicker allows Stored XSS.This issue affects WP Datepicker: from n/a through 2.1.1. 2024-10-06 5.9 CVE-2024-44042
audit@patchstack.com
  10Web–Photo Gallery by 10Web
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in 10Web Photo Gallery by 10Web allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.27. 2024-10-06 5.9 CVE-2024-44043
audit@patchstack.com
  Kevon Adonis–WP Abstracts
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Kevon Adonis WP Abstracts allows Stored XSS.This issue affects WP Abstracts: from n/a through 2.6.5. 2024-10-06 5.9 CVE-2024-44045
audit@patchstack.com
  Themify–Themify WooCommerce Product Filter
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Themify Themify – WooCommerce Product Filter allows Stored XSS.This issue affects Themify – WooCommerce Product Filter: from n/a through 1.5.1. 2024-10-06 5.9 CVE-2024-44046
audit@patchstack.com
  apple — ipados
  A logic issue was addressed with improved validation. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. A user’s saved passwords may be read aloud by VoiceOver. 2024-10-04 5.5 CVE-2024-44204
product-security@apple.com
  n/a–n/a
  PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before 2.11.0 are vulnerable to Command injection via shell metacharacters in a Software Update to processing.php. 2024-10-01 5.6 CVE-2024-44610
cve@mitre.org
cve@mitre.org
  n/a–n/a
  An issue in Malwarebytes Premium Security v5.0.0.883 allows attackers to execute arbitrary code via placing crafted binaries into unspecified directories. NOTE: Malwarebytes argues that this issue requires admin privileges and that the contents cannot be altered by non-admin users. 2024-10-01 5.7 CVE-2024-44744
cve@mitre.org
cve@mitre.org
  n/a–n/a
  A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.4.2 allows remote attackers to inject malicious scripts into the application. This issue arises due to insufficient input validation and sanitization in “Intrest” feature. 2024-09-30 5.4 CVE-2024-45920
cve@mitre.org
  n/a–n/a
  Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads in the To-Do List. The assigned user will trigger a stored XSS, which is particularly dangerous because tasks are assigned to various users on the platform. 2024-10-01 5.4 CVE-2024-46081
cve@mitre.org
  n/a–n/a
  Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters. 2024-10-01 5.4 CVE-2024-46082
cve@mitre.org
cve@mitre.org
  n/a–n/a
  Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads using the messages feature, which allows the injection of malicious code into any user’s account on the platform. It is important to note that regular users can trigger actions for administrator users. 2024-10-01 5.4 CVE-2024-46083
cve@mitre.org
  cvat-ai–cvat
  Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account may retrieve certain information about any project, task, job or membership resource on the CVAT instance. The information exposed in this way is the same as the information returned on a GET request to the resource. In addition, the attacker can also alter the default source and target storage associated with any project or task. Upgrade to CVAT 2.19.1 or any later version to fix the issue. 2024-09-30 5.4 CVE-2024-47172
security-advisories@github.com
security-advisories@github.com
  SeedProd–Coming Soon Page, Under Construction & Maintenance Mode by SeedProd
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd allows Stored XSS.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.17.4. 2024-10-06 5.9 CVE-2024-47299
audit@patchstack.com
  Catch Themes–Catch Base
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Catch Themes Catch Base allows Stored XSS.This issue affects Catch Base: from n/a through 3.4.6. 2024-10-06 5.1 CVE-2024-47313
audit@patchstack.com
  Vladimir Statsenko–Terms descriptions
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Vladimir Statsenko Terms descriptions allows Stored XSS.This issue affects Terms descriptions: from n/a through 3.4.6. 2024-10-06 5.9 CVE-2024-47336
audit@patchstack.com
  Brainstorm Force–Starter Templates
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Brainstorm Force Starter Templates allows Stored XSS.This issue affects Starter Templates: from n/a through 4.4.0. 2024-10-06 5.9 CVE-2024-47345
audit@patchstack.com
  Catch Themes–Create
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Catch Themes Create allows Stored XSS.This issue affects Create: from n/a through 2.9.1. 2024-10-06 5.1 CVE-2024-47356
audit@patchstack.com
  Walter Pinem–WP MyLinks
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Walter Pinem WP MyLinks allows Stored XSS.This issue affects WP MyLinks: from n/a through 1.0.6. 2024-10-05 5.9 CVE-2024-47371
audit@patchstack.com
  ThemeNcode LLC–TNC PDF viewer
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a through 3.1.0. 2024-10-05 5.9 CVE-2024-47372
audit@patchstack.com
  Tribulant–Slideshow Gallery
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Tribulant Slideshow Gallery allows Stored XSS.This issue affects Slideshow Gallery: from n/a through 1.8.3. 2024-10-05 5.9 CVE-2024-47376
audit@patchstack.com
  ThemeKraft–BuddyForms
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ThemeKraft BuddyForms allows Stored XSS.This issue affects BuddyForms: from n/a through 2.8.12. 2024-10-05 5.9 CVE-2024-47377
audit@patchstack.com
  Averta–Depicter Slider
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.2.2. 2024-10-05 5.9 CVE-2024-47381
audit@patchstack.com
  Webangon–The Pack Elementor addons
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Webangon The Pack Elementor addons allows Stored XSS.This issue affects The Pack Elementor addons: from n/a through 2.0.8.8. 2024-10-05 5.9 CVE-2024-47383
audit@patchstack.com
  LinkGraph–Search Atlas SEO
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in LinkGraph Search Atlas SEO allows Stored XSS.This issue affects Search Atlas SEO: from n/a through 1.8.2. 2024-10-05 5.9 CVE-2024-47387
audit@patchstack.com
  librenms–librenms
  LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with “admin” role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload which will trigger on load. This led to Stored Cross-Site Scripting (XSS). The vulnerability is fixed in 24.9.0. 2024-10-01 5.4 CVE-2024-47528
security-advisories@github.com
security-advisories@github.com
  Clinical-Genomics–scout
  Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lack of scheme validation, HTTPS Downgrade Attack can be performed on the users. This vulnerability is fixed in 4.89. 2024-09-30 5.4 CVE-2024-47530
security-advisories@github.com
security-advisories@github.com
  GhozyLab, Inc.–Gallery Lightbox
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in GhozyLab, Inc. Gallery Lightbox allows Stored XSS.This issue affects Gallery Lightbox: from n/a through 1.0.0.39. 2024-10-05 5.9 CVE-2024-47623
audit@patchstack.com
  TinyPNG–TinyPNG
  Cross-Site Request Forgery (CSRF) vulnerability in TinyPNG.This issue affects TinyPNG: from n/a through 3.4.3. 2024-10-05 5.4 CVE-2024-47635
audit@patchstack.com
  HelpieWP–Accordion & FAQ Helpie WordPress Accordion FAQ Plugin
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in HelpieWP Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin allows Stored XSS.This issue affects Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin: from n/a through 1.27. 2024-10-05 5.9 CVE-2024-47647
audit@patchstack.com
  backstage–backstage
  Backstage is an open framework for building developer portals. Configuration supplied through APP_CONFIG_* environment variables, for example APP_CONFIG_backend_listen_port=7007, where unexpectedly ignoring the visibility defined in configuration schema. This occurred even if the configuration schema specified that they should have backend or secret visibility. This was an intended feature of the APP_CONFIG_* way of supplying configuration, but now clearly goes against the expected behavior of the configuration system. This behavior leads to a risk of potentially exposing sensitive configuration details intended to remain private or restricted to backend processes. The issue has been resolved in version 0.3.75 of the @backstage/plugin-app-backend package. As a temporary measure, avoid supplying secrets using the APP_CONFIG_ configuration pattern. Consider alternative methods for setting secrets, such as the environment substitution available for Backstage configuration. 2024-10-03 5.8 CVE-2024-47762
security-advisories@github.com
security-advisories@github.com
  Unknown–Starbox
  The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user’s profile or pages where the starbox shortcode is used, which may be abused by users with at least the contributor role to conduct Stored XSS attacks. 2024-09-30 5.4 CVE-2024-8239
contact@wpscan.com
  icegram–Email Subscribers by Icegram Express Email Marketing, Newsletters, Automation for WordPress & WooCommerce
  The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.7.34. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. 2024-10-02 5.4 CVE-2024-8254
security@wordfence.com
security@wordfence.com
security@wordfence.com
  spicethemes–Spice Starter Sites
  The Spice Starter Sites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the spice_starter_sites_importer_creater function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to import demo content. 2024-10-01 5.3 CVE-2024-8430
security@wordfence.com
security@wordfence.com
  planet — gs-4210-24p2s_firmware
  The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords. 2024-09-30 5.9 CVE-2024-8455
twcert@cert.org.tw
twcert@cert.org.tw
  NLnet Labs–Unbound
  NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic. 2024-10-03 5.3 CVE-2024-8508
sep@nlnetlabs.nl
  ultimatemember–Ultimate Member User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
  The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the admin_init or user_action_hook function. This makes it possible for unauthenticated attackers to modify a users membership status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-10-04 5.3 CVE-2024-8520
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
  dotcamp — ultimate_blocks
  The Ultimate Blocks WordPress plugin before 3.2.2 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 2024-09-30 5.4 CVE-2024-8536
contact@wpscan.com
  Red Hat–Red Hat Enterprise Linux 8
  A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system. 2024-10-01 5.4 CVE-2024-9341
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
  n/a–ThingsBoard
  A vulnerability has been found in ThingsBoard up to 3.7.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP RPC API. The manipulation leads to resource consumption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 3.7.1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed on 2024-07-24 about this vulnerability and announced the release of 3.7.1 for the second half of September 2024. 2024-10-01 5.3 CVE-2024-9358
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
  Pluck CMS–Pluck CMS
  An incorrect limitation of a path to a restricted directory (path traversal) has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information from the server via the absolute path of a file located in the same directory or subdirectory as the module, but not from recursive directories. 2024-10-01 5.3 CVE-2024-9405
cve-coordination@incibe.es
  Ada Support–Ada.cx Sentry Component
  Ada.cx’s Sentry configuration allowed for blind server-side request forgeries (SSRF) through the use of a data scraping endpoint. 2024-10-04 5.3 CVE-2024-9410
vulnreport@tenable.com
  HP Inc.–Certain HP LaserJet Printers
  Certain HP LaserJet printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer. The printer displays a “JPEG Unsupported” message which may not clear, potentially blocking queued print jobs. 2024-10-02 5.3 CVE-2024-9423
hp-security-alert@hp.com
  brian_voelker–slim_select
  Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption(), the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate lists using unsanitized user-provided input may be vulnerable to cross-site scripting, resulting in attacker executed JavaScript. At this time, no patch is available. 2024-10-02 5.4 CVE-2024-9440
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
  AVG/Avast–Antivirus
  An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed eml file to crash the application during file processing. 2024-10-04 5.1 CVE-2024-9481
security@nortonlifelock.com
  AVG/Avast–Antivirus
  An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed Mach-O file to crash the application during file processing. 2024-10-04 5.1 CVE-2024-9482
security@nortonlifelock.com
  AVG/Avast–Antivirus
  A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing. 2024-10-04 5.1 CVE-2024-9483
security@nortonlifelock.com
  AVG/Avast–Antivirus
  An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing. 2024-10-04 5.1 CVE-2024-9484
security@nortonlifelock.com
  NVIDIA–Triton Inference Server
  NVIDIA Triton Inference Server contains a vulnerability where a user may cause an out-of-bounds read issue by releasing a shared memory region while it is in use. A successful exploit of this vulnerability may lead to denial of service. 2024-10-01 4.9 CVE-2024-0116
psirt@nvidia.com
  n/a–cocoon
  Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. **Note:** The issue does NOT affect objects created with Cocoon::new which utilizes ThreadRng. 2024-10-02 4.5 CVE-2024-21530
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
  Esri–Enterprise Web App Builder
  There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise versions 10.8.1 – 10.9.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the Layer Showcase application configuration which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal. 2024-10-04 4.8 CVE-2024-25694
psirt@esri.com
  Esri–Portal for ArcGIS Enterprise Experience Builder
  There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Experience Builder versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the Experience Builder Embed widget which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal. 2024-10-04 4.8 CVE-2024-25701
psirt@esri.com
  Esri–ArcGIS Enterprise Web App Builder
  There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal. 2024-10-04 4.8 CVE-2024-25702
psirt@esri.com
  Esri–Portal
  There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser (Self XSS). A user cannot be phished into clicking a link to execute code. 2024-10-04 4.8 CVE-2024-25707
psirt@esri.com
  radiustheme — the_post_grid
  The Post Grid WordPress plugin before 7.5.0 does not sanitise and escape some of its Grid settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2024-09-30 4.8 CVE-2024-3635
contact@wpscan.com
  Esri–Portal for ArcGIS Enterprise Experience Builder
  There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. 2024-10-04 4.6 CVE-2024-38036
psirt@esri.com
  n/a–n/a
  DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting (XSS) by authenticated users due to poor sanitization of the router name. 2024-10-03 4.7 CVE-2024-41583
cve@mitre.org
cve@mitre.org
  n/a–n/a
  DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users, caused by missing validation of the sFormAuthStr parameter. 2024-10-03 4.7 CVE-2024-41584
cve@mitre.org
cve@mitre.org
  Hewlett Packard Enterprise–HPE IceWall Agent products
  A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a Cross-Site Request Forgery (CSRF) in the login flow. 2024-10-03 4.3 CVE-2024-42504
security-alert@hpe.com
  apple — ipados
  This issue was addressed with improved checks. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. Audio messages in Messages may be able to capture a few seconds of audio before the microphone indicator is activated. 2024-10-04 4.3 CVE-2024-44207
product-security@apple.com
  IBM–WebSphere Application Server
  IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2024-09-30 4.8 CVE-2024-45073
psirt@us.ibm.com
  ZKteco–iClock v3.1-168
  ZKteco – CWE 200 Exposure of Sensitive Information to an Unauthorized Actor 2024-10-06 4.3 CVE-2024-45250
cna@cyber.gov.il
  n/a–n/a
  Zenario 9.7.61188 allows authenticated admin users to upload PDF files containing malicious code into the target system. If the PDF file is accessed through the website, it can trigger a Cross Site Scripting (XSS) attack. 2024-10-02 4.8 CVE-2024-45960
cve@mitre.org
  n/a–n/a
  October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted JavaScript to the target. 2024-10-02 4.7 CVE-2024-45962
cve@mitre.org
  n/a–n/a
  Zenario 9.7.61188 is vulnerable to Cross Site Scripting (XSS) in the Image library via the “Organizer tags” field. 2024-10-02 4.8 CVE-2024-45964
cve@mitre.org
  n/a–n/a
  Contao 5.4.1 allows an authenticated admin account to upload a SVG file containing malicious javascript code into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted javascript to the target. 2024-10-02 4.7 CVE-2024-45965
cve@mitre.org
  n/a–n/a
  Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in index.php/admin/site/widget. 2024-10-01 4.7 CVE-2024-45967
cve@mitre.org
  n/a–n/a
  A reflected cross-site scripting (XSS) vulnerability on the homepage of Metronic Admin Dashboard Template v2.0 allows attackers to execute arbitrary code in the context of a user’s browser via injecting a crafted payload. 2024-09-30 4.8 CVE-2024-46475
cve@mitre.org
  Salon Booking System–Salon booking system
  Authorization Bypass Through User-Controlled Key vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.9. 2024-10-05 4.3 CVE-2024-47316
audit@patchstack.com
  Clinical-Genomics–scout
  Scout is a web-based visualizer for VCF-files. Due to the lack of sanitization in the filename, it is possible bypass intended file extension and make users download malicious files with any extension. With malicious content injected inside the file data and users unknowingly downloading it and opening may lead to the compromise of users’ devices or data. This vulnerability is fixed in 4.89. 2024-09-30 4.6 CVE-2024-47531
security-advisories@github.com
security-advisories@github.com
  Payflex–Payflex Payment Gateway
  URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Payflex Payflex Payment Gateway.This issue affects Payflex Payment Gateway: from n/a through 2.6.1. 2024-10-05 4.7 CVE-2024-47646
audit@patchstack.com
  Esri–Portal
  There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. 2024-10-04 4.6 CVE-2024-8149
psirt@esri.com
  Unknown–Slider by 10Web
  The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2024-09-30 4.8 CVE-2024-8283
contact@wpscan.com
  planet — gs-4210-24p2s_firmware
  Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext passwords. 2024-09-30 4.9 CVE-2024-8453
twcert@cert.org.tw
twcert@cert.org.tw
  planet — gs-4210-24p2s_firmware
  Certain switch models from PLANET Technology have a web application that does not properly validate specific parameters, allowing remote authenticated users with administrator privileges to inject arbitrary JavaScript, leading to Stored XSS attack. 2024-09-30 4.8 CVE-2024-8457
twcert@cert.org.tw
twcert@cert.org.tw
  planet — gs-4210-24p2s_firmware
  Certain switch models from PLANET Technology store SNMPv3 users’ passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obtain the credentials. 2024-09-30 4.9 CVE-2024-8459
twcert@cert.org.tw
twcert@cert.org.tw
  themehigh–Checkout Field Editor (Checkout Manager) for WooCommerce
  The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘render_review_request_notice’ function in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-10-04 4.7 CVE-2024-8499
security@wordfence.com
security@wordfence.com
security@wordfence.com
  soumettre–Soumettre.fr
  The Soumettre.fr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the soumettre_disconnect_gateway function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disconnect the gateway and delete the API key. 2024-10-01 4.3 CVE-2024-8675
security@wordfence.com
security@wordfence.com
  James Low–CSS JS Files
  Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in James Low CSS JS Files allows Path Traversal.This issue affects CSS JS Files: from n/a through 1.5.0. 2024-10-05 4.9 CVE-2024-9146
audit@patchstack.com
  Linux and Microsoft Windows–Octopus Server
  Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affects Octopus Server: from 2024.1.0 before 2024.1.13038, from 2024.2.0 before 2024.2.9482, from 2024.3.0 before 2024.3.12766. 2024-09-30 4.3 CVE-2024-9194
security@octopus.com
  expressjs–express
  URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0. 2024-10-03 4.7 CVE-2024-9266
36c7be3b-2937-45df-85ea-ca7133ea542c
  wpdevelop–WP Booking Calendar
  The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 10.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. In addition, site administrators have the option to grant lower-level users with access to manage the plugin’s settings which may extend this vulnerability to those users. 2024-10-04 4.4 CVE-2024-9306
security@wordfence.com
security@wordfence.com
  Red Hat–Red Hat Enterprise Linux 8
  A vulnerability exists in the bind-propagation option of the Dockerfile RUN –mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files. 2024-10-01 4.7 CVE-2024-9407
secalert@redhat.com
secalert@redhat.com
  techjewel–Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder
  The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form label fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to edit forms (administrator by default), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-10-05 4.9 CVE-2024-9528
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com