1000 Projects–Portfolio Management System MCA
  A vulnerability has been found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. 2024-11-26 7.3 CVE-2024-11744 1000 Projects–Portfolio Management System MCA
  A vulnerability classified as critical was found in 1000 Projects Portfolio Management System MCA 1.0. This vulnerability affects unknown code of the file /forgot_password_process.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-11-27 7.3 CVE-2024-11819 1000projects — beauty_parlour_management_system
  A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit-services.php. The manipulation of the argument sername leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-11-25 7.3 CVE-2024-11646 1000projects — beauty_parlour_management_system
  A vulnerability, which was classified as critical, has been found in 1000 Projects Beauty Parlour Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/view-appointment.php. The manipulation of the argument viewid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-11-25 7.3 CVE-2024-11647 1000projects — beauty_parlour_management_system
  A vulnerability, which was classified as critical, was found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/add-customer.php. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-11-25 7.3 CVE-2024-11648 1000projects — beauty_parlour_management_system
  A vulnerability has been found in 1000 Projects Beauty Parlour Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/search-appointment.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-11-25 7.3 CVE-2024-11649 AbsolutePlugins–Absolute Addons For Elementor
  Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in AbsolutePlugins Absolute Addons For Elementor allows Local Code Inclusion.This issue affects Absolute Addons For Elementor: from n/a through 1.0.14. 2024-11-28 7.5 CVE-2024-52496 Advantech–EKI-6333AC-2G
  A CWE-78 “Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)” was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default “edgserver” service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the “cfg_cmd_set_eth_conf” operation. 2024-11-26 9.8 CVE-2024-50370 Advantech–EKI-6333AC-2G
  A CWE-78 “Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)” was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default “edgserver” service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the “wlan_scan” operation. 2024-11-26 9.8 CVE-2024-50371 Advantech–EKI-6333AC-2G
  A CWE-78 “Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)” was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default “edgserver” service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the “backup_config_to_utility” operation. 2024-11-26 9.8 CVE-2024-50372 Advantech–EKI-6333AC-2G
  A CWE-78 “Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)” was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default “edgserver” service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the “restore_config_from_utility” operation. 2024-11-26 9.8 CVE-2024-50373 Advantech–EKI-6333AC-2G
  A CWE-78 “Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)” was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default “edgserver” service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the “capture_packages” operation. 2024-11-26 9.8 CVE-2024-50374 Advantech–EKI-6333AC-2G
  A CWE-306 “Missing Authentication for Critical Function” was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default “edgserver” service enabled on the access point. 2024-11-26 9.8 CVE-2024-50375 Advantech–EKI-6333AC-2G
  A CWE-15 “External Control of System or Configuration Setting” was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by authenticated users by restoring a tampered configuration backup. 2024-11-26 7.2 CVE-2024-50358 Advantech–EKI-6333AC-2G
  A CWE-78 “Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)” was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the “scan_ap” API which are not properly sanitized before being concatenated to OS level commands. 2024-11-26 7.2 CVE-2024-50359 Advantech–EKI-6333AC-2G
  A CWE-78 “Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)” was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the “snmp_apply” API which are not properly sanitized before being concatenated to OS level commands. 2024-11-26 7.2 CVE-2024-50360 Advantech–EKI-6333AC-2G
  A CWE-78 “Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)” was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the “certificate_file_remove” API which are not properly sanitized before being concatenated to OS level commands. 2024-11-26 7.2 CVE-2024-50361 Advantech–EKI-6333AC-2G
  A CWE-78 “Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)” was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the “connection_profile_apply” API which are not properly sanitized before being concatenated to OS level commands. 2024-11-26 7.2 CVE-2024-50362 Advantech–EKI-6333AC-2G
  A CWE-78 “Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)” was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the “mp_apply” API which are not properly sanitized before being concatenated to OS level commands. 2024-11-26 7.2 CVE-2024-50363 Advantech–EKI-6333AC-2G
  A CWE-78 “Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)” was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the “export_log” API which are not properly sanitized before being concatenated to OS level commands. 2024-11-26 7.2 CVE-2024-50364 Advantech–EKI-6333AC-2G
  A CWE-78 “Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)” was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the “lan_apply” API which are not properly sanitized before being concatenated to OS level commands. 2024-11-26 7.2 CVE-2024-50365 Advantech–EKI-6333AC-2G
  A CWE-78 “Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)” was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the “applications_apply” API which are not properly sanitized before being concatenated to OS level commands. 2024-11-26 7.2 CVE-2024-50366 Advantech–EKI-6333AC-2G
  A CWE-78 “Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)” was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the “sta_log_htm” API which are not properly sanitized before being concatenated to OS level commands. 2024-11-26 7.2 CVE-2024-50367 Advantech–EKI-6333AC-2G
  A CWE-78 “Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)” was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the “basic_htm” API which are not properly sanitized before being concatenated to OS level commands. 2024-11-26 7.2 CVE-2024-50368 Advantech–EKI-6333AC-2G
  A CWE-78 “Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)” was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the “multiple_ssid_htm” API which are not properly sanitized before being concatenated to OS level commands. 2024-11-26 7.2 CVE-2024-50369 Advantech–EKI-6333AC-2G
  A CWE-79 “Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)” was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited remotely leveraging a rogue Wi-Fi access point with a malicious SSID. 2024-11-26 7.3 CVE-2024-50376 Anzia–Ni WooCommerce Cost Of Goods
  Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Anzia Ni WooCommerce Cost Of Goods allows SQL Injection.This issue affects Ni WooCommerce Cost Of Goods: from n/a through 3.2.8. 2024-11-30 7.6 CVE-2024-53783 Apache Software Foundation–Apache Arrow R package
  Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources (for example, user-supplied input files). This vulnerability only affects the arrow R package, not other Apache Arrow implementations or bindings unless those bindings are specifically used via the R package (for example, an R application that embeds a Python interpreter and uses PyArrow to read files from untrusted sources is still vulnerable if the arrow R package is an affected version). It is recommended that users of the arrow R package upgrade to 17.0.0 or later. Similarly, it is recommended that downstream libraries upgrade their dependency requirements to arrow 17.0.0 or later. If using an affected version of the package, untrusted data can read into a Table and its internal to_data_frame() method can be used as a workaround (e.g., read_parquet(…, as_data_frame = FALSE)$to_data_frame()). This issue affects the Apache Arrow R package: from 4.0.0 through 16.1.0. Users are recommended to upgrade to version 17.0.0, which fixes the issue. 2024-11-28 9.8 CVE-2024-52338 Apache Software Foundation–Apache NimBLE
  Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue. 2024-11-26 7.5 CVE-2024-51569 Astoundify–Jobify – Job Board WordPress Theme
  Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Astoundify Jobify – Job Board WordPress Theme allows Relative Path Traversal.This issue affects Jobify – Job Board WordPress Theme: from n/a through 4.2.3. 2024-11-28 7.5 CVE-2024-52481 Automation Web Platform–Wawp
  Authentication Bypass Using an Alternate Path or Channel vulnerability in Automation Web Platform Wawp allows Authentication Bypass.This issue affects Wawp: from n/a before 3.0.18. 2024-11-28 9.8 CVE-2024-52475 Axis Communications AB–AXIS Q6128-E PTZ Network Camera
  Florent Thiéry has found that selected Axis devices were vulnerable to handling certain ethernet frames which could lead to the Axis device becoming unavailable in the network. Axis has released patched AXIS OS versions for the highlighted flaw for products that are still under AXIS OS software support. Please refer to the Axis security advisory for more information and solution. 2024-11-26 7.5 CVE-2024-47257 Billion Electric–M100
  Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device. 2024-11-29 8.6 CVE-2024-11980 Billion Electric–M100
  Certain models of routers from Billion Electric has an Authentication Bypass vulnerability, allowing unautheticated attackers to retrive contents of arbitrary web pages. 2024-11-29 7.5 CVE-2024-11981 Billion Electric–M100
  Certain models of routers from Billion Electric has a Plaintext Storage of a Password vulnerability. Remote attackers with administrator privileges can access the user settings page to retrieve plaintext passwords. 2024-11-29 7.2 CVE-2024-11982 Billion Electric–M100
  Certain models of routers from Billion Electric has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject arbitrary system commands into a specific SSH function and execute them on the device. 2024-11-29 7.2 CVE-2024-11983 boldgrid–Total Upkeep WordPress Backup Plugin plus Restore & Migrate by BoldGrid
  The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the cron_interval parameter. This is due to missing input validation and sanitization. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server. 2024-11-26 7.2 CVE-2024-9461 cleantalk–Security & Malware scan by CleanTalk
  The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 2.145, as well as insufficient input sanitization and validation. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-11-26 7.5 CVE-2024-10570 cleantalk–Spam protection, Anti-Spam, FireWall by CleanTalk
  The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. 2024-11-26 9.8 CVE-2024-10542 cleantalk–Spam protection, Anti-Spam, FireWall by CleanTalk
  The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the ‘api_key’ value in the ‘perform’ function in all versions up to, and including, 6.44. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. 2024-11-26 8.1 CVE-2024-10781 code-projects–Concert Ticket Ordering System
  A vulnerability classified as critical has been found in code-projects Concert Ticket Ordering System 1.0. Affected is an unknown function of the file /tour(cor).php. The manipulation of the argument mai leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-11-28 7.3 CVE-2024-11970 code-projects–Simple Car Rental System
  A vulnerability classified as critical was found in code-projects Simple Car Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-11-28 7.3 CVE-2024-11962 Codezips–E-Commerce Site
  A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument keywords leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-11-25 7.3 CVE-2024-11663 contest-gallery–Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery Upload, Vote, Sell via PayPal, Social Share Buttons
  The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due to the plugin not properly validating a user’s identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user’s passwords, including administrators, and leverage that to gain access to their account. 2024-11-28 9.8 CVE-2024-11103 contiki-ng–contiki-ng
  Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG configuration. The vulnerability exists in the os/net/app-layer/snmp/snmp-ber.c module, where the function snmp_ber_decode_string_len_buffer decodes the string length from a received SNMP packet. In one place, one byte is read from the buffer, without checking that the buffer has another byte available, leading to a possible out-of-bounds read. The problem has been patched in Contiki-NG pull request #2936. It will be included in the next release of Contiki-NG. Users are advised to apply the patch manually or to wait for the next release. A workaround is to disable the SNMP module in the Contiki-NG build configuration. 2024-11-27 8.3 CVE-2024-41125 contiki-ng–contiki-ng
  Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG configuration. The vulnerability exists in the os/net/app-layer/snmp/snmp-message.c module, where the snmp_message_decode function fails to check the boundary of the message buffer when reading a byte from it immediately after decoding an object identifier (OID). The problem has been patched in Contiki-NG pull request 2937. It will be included in the next release of Contiki-NG. Users are advised to either apply the patch manually or to wait for the next release. A workaround is to disable the SNMP module in the Contiki-NG build configuration. 2024-11-27 8.3 CVE-2024-41126 contiki-ng–contiki-ng
  Contiki-NG is an open-source, cross-platform operating system for IoT devices. An unaligned memory access can be triggered in the two RPL implementations of the Contiki-NG operating system. The problem can occur when either one of these RPL implementations is enabled and connected to an RPL instance. If an IPv6 packet containing an odd number of padded bytes before the RPL option, it can cause the rpl_ext_header_hbh_update function to read a 16-bit integer from an odd address. The impact of this unaligned read is architecture-dependent, but can potentially cause the system to crash. The problem has not been patched as of release 4.9, but will be included in the next release. One can apply the changes in Contiki-NG pull request #2962 to patch the system or wait for the next release. 2024-11-27 7.5 CVE-2024-47181 Cool Plugins–Cryptocurrency Widgets For Elementor
  Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor allows PHP Local File Inclusion.This issue affects Cryptocurrency Widgets For Elementor: from n/a through 1.6.4. 2024-11-30 8.1 CVE-2024-53739 Cradlepoint–NetCloud Exchange Client
  The NetCloud Exchange client for Windows, version 1.110.50, contains an insecure file and folder permissions vulnerability. A normal (non-admin) user could exploit the weakness in file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. It has been identified that full control permissions exist on the ‘Everyone’ group (i.e. any user who has local access to the operating system regardless of their privileges). 2024-11-28 8.8 CVE-2024-11969 D-Link–DIR-605L
  A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-11-28 8.8 CVE-2024-11959 D-Link–DIR-605L
  A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-11-28 8.8 CVE-2024-11960 DapperDuckling–keycloak-connector
  @dapperduckling/keycloak-connector-server is an opinionated series of libraries for Node.js applications and frontend clients to interface with keycloak. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the authentication flow of the application. This issue arises due to improper sanitization of the URL parameters, allowing the URL bar’s contents to be injected and reflected into the HTML page. An attacker could craft a malicious URL to execute arbitrary JavaScript in the browser of a victim who visits the link. Any application utilizing this authentication library is vulnerable. Users of the application are at risk if they can be lured into clicking on a crafted malicious link. The vulnerability has been patched in version 2.5.5 by ensuring proper sanitization and escaping of user input in the affected URL parameters. Users are strongly encouraged to upgrade. If upgrading is not immediately possible, users can implement the following workarounds: 1. Employ a Web Application Firewall (WAF) to block malicious requests containing suspicious URL parameters. or 2. Apply input validation and escaping directly within the application’s middleware or reverse proxy layer, specifically targeting the affected parameters. 2024-11-26 8.1 CVE-2024-53843 Dell–Wyse Management Suite
  Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by Capture-replay vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service. 2024-11-26 7.6 CVE-2024-49595 Dell–Wyse Management Suite
  Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive Authentication Attempts vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. 2024-11-26 7.6 CVE-2024-49597 Eniture Technology–Distance Based Shipping Calculator
  Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Eniture Technology Distance Based Shipping Calculator allows SQL Injection.This issue affects Distance Based Shipping Calculator: from n/a through 2.0.21. 2024-11-28 8.5 CVE-2024-52495 Essential Marketer–Essential Breadcrumbs
  Cross-Site Request Forgery (CSRF) vulnerability in Essential Marketer Essential Breadcrumbs allows Stored XSS.This issue affects Essential Breadcrumbs: from n/a through 1.1.1. 2024-11-30 7.1 CVE-2024-53778 FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.–TELLUS
  There is an Out-of-bounds read vulnerability in TELLUS (v4.0.19.0 and earlier) and TELLUS Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed. 2024-11-28 7.8 CVE-2024-38389 FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.–V-Server
  There is an Out-of-bounds read vulnerability in V-Server (v4.0.19.0 and earlier) and V-Server Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed. 2024-11-28 7.8 CVE-2024-38658 FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.–V-SFT
  There are multiple stack-based buffer overflow vulnerabilities in V-SFT (v6.2.2.0 and earlier), TELLUS (v4.0.19.0 and earlier), and TELLUS Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed. 2024-11-28 7.8 CVE-2024-38309 GitLab–GitLab
  An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim’s Personal Access Token (PAT) to escalate privileges. 2024-11-26 8.2 CVE-2024-8114 Google–Android
  In checkPermissions of RecognitionService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-11-27 8.4 CVE-2017-13316 Google–Android
  In String16 of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-11-27 8.4 CVE-2017-13323 Google–Android
  In pvmp3_get_main_data_size of pvmp3_get_main_data_size.cpp, there is a possible buffer overread due to a missing bounds check. This could lead to remote information disclosure of global static variables with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-11-27 7.5 CVE-2017-13319 Google–Android
  In installPackageLI of PackageManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. 2024-11-28 7.8 CVE-2018-9374 Google–Chrome
  Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2024-11-27 8.8 CVE-2024-7025 Hewlett Packard Enterprise (HPE)–HPE Insight Remote Support
  A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution. 2024-11-27 9.8 CVE-2024-53676 Hewlett Packard Enterprise (HPE)–HPE Insight Remote Support
  An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. 2024-11-26 7.3 CVE-2024-11622 Hewlett Packard Enterprise (HPE)–HPE Insight Remote Support
  An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. 2024-11-26 7.3 CVE-2024-53674 Hewlett Packard Enterprise (HPE)–HPE Insight Remote Support
  An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. 2024-11-26 7.3 CVE-2024-53675 Hewlett Packard Enterprise (HPE)–Insight Remote Support
  A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code. 2024-11-26 8.1 CVE-2024-53673 https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856–JobSearch WP Job Board
  The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the user_account_activation function. This makes it possible for unauthenticated attackers to log in as any user, including site administrators if the users email is known. 2024-11-28 9.8 CVE-2024-11925 IBM–Data Virtualization Manager for z/OS
  IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server. 2024-11-26 8.5 CVE-2024-52899 IBM–Security Verify Access
  IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. 2024-11-29 9.8 CVE-2024-49803 IBM–Security Verify Access
  IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. 2024-11-29 9.4 CVE-2024-49805 IBM–Security Verify Access
  IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. 2024-11-29 9.4 CVE-2024-49806 IBM–Security Verify Access
  IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks. 2024-11-29 7.8 CVE-2024-49804 IBM–Watson Speech Services Cartridge for IBM Cloud Pak for Data
  IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 through 5.0.2 does not properly check inputs to resources that are used concurrently, which might lead to unexpected states, possibly resulting in a crash. 2024-11-26 7.5 CVE-2024-49353 Idealien Studios–Idealien Category Enhancements
  Cross-Site Request Forgery (CSRF) vulnerability in Idealien Studios Idealien Category Enhancements allows Stored XSS.This issue affects Idealien Category Enhancements: from n/a through 1.2. 2024-11-28 7.1 CVE-2024-53734 Imagination Technologies–Graphics DDK
  Software installed and run as a non-privileged user may conduct improper GPU system calls to allow unprivileged access to arbitrary physical memory page. 2024-11-30 8.1 CVE-2024-43702 Imagination Technologies–Graphics DDK
  Software installed and run as a non-privileged user may conduct improper GPU system calls to achieve unauthorised reads and writes of physical memory from the GPU HW. 2024-11-30 8.1 CVE-2024-43703 Interinfo–DreamMaker
  DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. 2024-11-29 9.8 CVE-2024-11979 Interinfo–DreamMaker
  DreamMaker from Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. 2024-11-29 7.5 CVE-2024-11978 Jason Grim–Custom Shortcode Sidebars
  Cross-Site Request Forgery (CSRF) vulnerability in Jason Grim Custom Shortcode Sidebars allows Stored XSS.This issue affects Custom Shortcode Sidebars: from n/a through 1.2. 2024-11-28 7.1 CVE-2024-53736 Jenkins Project–Jenkins Simple Queue Plugin
  Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission. 2024-11-27 8 CVE-2024-54003 Kardi–Pricing table addon for elementor
  Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Kardi Pricing table addon for elementor allows PHP Local File Inclusion.This issue affects Pricing table addon for elementor: from n/a through 1.0.0. 2024-11-28 7.5 CVE-2024-52499 laurent22–joplin
  Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. In affected versions attackers are able to abuse the fact that openExternal is used without any filtering of URI schemes to obtain remote code execution in Windows environments. This issue has been addressed in version 3.0.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-11-25 7.2 CVE-2024-53268 lfprojects–mlflow
  Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the spark_udf() MLflow API is called. 2024-11-25 7 CVE-2024-27134 LLC «TriIncom–Express Payments Module
  Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in LLC «TriIncom» Express Payments Module allows Blind SQL Injection.This issue affects Express Payments Module: from n/a through 1.1.8. 2024-11-28 9.3 CVE-2024-52474 lobehub–lobe-chat
  Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. The jwt token header X-Lobe-Chat-Auth strored proxy address and OpenAI API Key, can be modified to scan an internal network in the target lobe-web environment. This issue has been addressed in release version 1.19.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-11-26 8.1 CVE-2024-32965 Maeve Lander–PayPal Responder
  Cross-Site Request Forgery (CSRF) vulnerability in Maeve Lander PayPal Responder allows Stored XSS.This issue affects PayPal Responder: from n/a through 1.2. 2024-12-01 7.1 CVE-2024-53750 ManageEngine–Analytics Plus
  Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account. 2024-11-27 8.1 CVE-2024-52323 marketingfire–Widget Options The #1 WordPress Widget & Block Control Plugin
  The Widget Options – The #1 WordPress Widget & Block Control Plugin plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.0.7 via the display logic functionality that extends several page builders. This is due to the plugin allowing users to supply input that will be passed through eval() without any filtering or capability checks. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server. Special note: We suggested the vendor implement an allowlist of functions and limit the ability to execute commands to just administrators, however, they did not take our advice. We are considering this patched, however, we believe it could still be further hardened and there may be residual risk with how the issue is currently patched. 2024-11-28 9.9 CVE-2024-8672 Mattermost–Mattermost
  Mattermost versions 10.0.x <= 10.0.1, 10.1.x <= 10.1.1, 9.11.x <= 9.11.3, 9.5.x <= 9.5.11 fail to properly validate email addresses which allows an unauthenticated user to bypass email domain restrictions via carefully crafted input on email registration. 2024-11-28 8.2 CVE-2024-11599 Microsoft–Dynamics 365 Sales for Android
  Microsoft Dynamics 365 Sales Spoofing Vulnerability 2024-11-26 7.6 CVE-2024-49053 Microsoft–Microsoft Azure Functions
  Missing authentication for critical function in Microsoft Azure PolicyWatch allows an unauthorized attacker to elevate privileges over a network. 2024-11-26 8.2 CVE-2024-49052 Microsoft–Microsoft Copilot Studio
  Improper neutralization of input during web page generation (‘Cross-site Scripting’) in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network. 2024-11-26 9.3 CVE-2024-49038 Microsoft–Microsoft Partner Center
  An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network. 2024-11-26 8.7 CVE-2024-49035 Mitsubishi Electric Corporation–GENESIS64
  Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products. 2024-11-28 7.8 CVE-2024-8299 Mitsubishi Electric Corporation–GENESIS64
  Dead Code vulnerability in ICONICS GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 and Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products. 2024-11-28 7 CVE-2024-8300 Mitsubishi Electric Corporation–GENESIS64
  Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products. 2024-11-28 7.8 CVE-2024-9852 Mozilla–Convict
  Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) vulnerability in Mozilla Convict. This allows an attacker to inject attributes that are used in other components, or to override existing attributes with ones that have incompatible type, which may lead to a crash. The main use case of Convict is for handling server-side configurations written by the admins owning the servers, and not random users. So it’s unlikely that an admin would deliberately sabotage their own server. Still, a situation can happen where an admin not knowledgeable about JavaScript could be tricked by an attacker into writing the malicious JavaScript code into some config files. This issue affects Convict: before 6.2.4. 2024-11-26 8.4 CVE-2023-0163 Mozilla–Firefox
  The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. 2024-11-26 9.8 CVE-2024-11693 Mozilla–Firefox
  A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing “Esc” or accessing right-click menus, resulting in a disrupted browsing experience until the browser is restarted. *This bug only affects the application when running on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. 2024-11-26 9.8 CVE-2024-11698 Mozilla–Firefox
  A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133 and Thunderbird < 133. 2024-11-26 9.8 CVE-2024-11704 Mozilla–Firefox
  `NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows `phKey` to be NULL for certain mechanisms. This vulnerability affects Firefox < 133 and Thunderbird < 133. 2024-11-26 9.1 CVE-2024-11705 Mozilla–Firefox
  Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple’s GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, and Thunderbird < 128.5. 2024-11-26 8.8 CVE-2024-11691 Mozilla–Firefox
  When handling keypress events, an attacker may have been able to trick a user into bypassing the “Open Executable File?” confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. 2024-11-26 8.8 CVE-2024-11697 Mozilla–Firefox
  Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. 2024-11-26 8.8 CVE-2024-11699 Mozilla–Firefox
  Malicious websites may have been able to user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133. 2024-11-26 8.1 CVE-2024-11700 Mozilla–Firefox
  Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133. 2024-11-26 7.5 CVE-2024-11702 Mozilla–sccache
  On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LD_PRELOAD. If the server is run as root (which is the default when installing the snap package https://snapcraft.io/sccache ), this means a user running the sccache client can get root privileges. 2024-11-26 7.8 CVE-2023-1521 n/a–eNMS
  A vulnerability, which was classified as critical, has been found in eNMS up to 4.2. Affected by this issue is the function multiselect_filtering of the file eNMS/controller.py of the component TGZ File Handler. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 22b0b443acca740fc83b5544165c1f53eff3f529. It is recommended to apply a patch to fix this issue. 2024-11-25 8.8 CVE-2024-11664 n/a–n/a
  A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the “Reset password” feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in Mongoose’s find() function. This makes it possible for attackers to perform a full takeover of the administrator account. Attackers can then use the newly gained administrative privileges to upload a custom plugin to perform remote code execution (RCE) on the server hosting the web application. 2024-11-25 9.8 CVE-2024-50672 n/a–n/a
  DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L, <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/license_update.php. 2024-11-29 9.8 CVE-2024-52777 n/a–n/a
  DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist.php. 2024-11-29 9.8 CVE-2024-52778 n/a–n/a
  DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_top10.php. 2024-11-29 9.8 CVE-2024-52779 n/a–n/a
  DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/mgmt_edit.php. 2024-11-29 9.8 CVE-2024-52780 n/a–n/a
  DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/tool/traceroute.php. 2024-11-29 9.8 CVE-2024-52781 n/a–n/a
  DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist_new.php. 2024-11-29 9.8 CVE-2024-52782 n/a–n/a
  An issue in the upload_documents method of libre-chat v0.0.6 allows attackers to execute a path traversal via supplying a crafted filename in an uploaded file. 2024-11-25 9.1 CVE-2024-52787 n/a–n/a
  A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the mobnumber POST request parameter. 2024-11-27 9.8 CVE-2024-53604 n/a–n/a
  EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker to execute arbitrary OS commands via the Controller connectivity parameter. 2024-11-27 8 CVE-2024-31976 n/a–n/a
  Stored Cross-Site Scripting in the Access Request History in Omada Identity before version 15 update 1 allows an authenticated attacker to execute arbitrary code in the browser of a victim via a specially crafted link or by viewing a manipulated Access Request History 2024-11-27 8 CVE-2024-52951 n/a–n/a
  A Client-Side Template Injection (CSTI) vulnerability in the component /project/new/scrum of Taiga v 8.6.1 allows remote attackers to execute arbitrary code by injecting a malicious payload within the new project details. 2024-11-25 8 CVE-2024-53554 n/a–n/a
  A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file. 2024-11-26 8.8 CVE-2024-53555 n/a–n/a
  In Click Studios Passwordstate before build 9920, there is a potential permission escalation on the edit folder screen. 2024-11-29 8.8 CVE-2024-54124 n/a–n/a
  An issue was discovered in Centreon centreon-dsm-server 24.10.x before 24.10.0, 24.04.x before 24.04.3, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. SQL injection can occur in the form to configure Centreon DSM slots. Exploitation is only accessible to authenticated users with high-privileged access. 2024-11-25 7.2 CVE-2024-45755 n/a–n/a
  An issue was discovered in Centreon centreon-open-tickets 24.10.x before 24.10.0, 24.04.x before 24.04.2, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. SQL injection can occur in the form to create a ticket. Exploitation is only accessible to authenticated users with high-privileged access. 2024-11-25 7.2 CVE-2024-45756 n/a–n/a
  In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from mod_sql. 2024-11-29 7.5 CVE-2024-48651 n/a–n/a
  A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter. 2024-11-27 7.3 CVE-2024-53603 n/a–n/a
  In OpenStack Neutron through 25.0.0, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. NOTE: 935883 has the “Work in Progress” status as of 2024-11-24. 2024-11-25 7.5 CVE-2024-53916 NEC Corporation–UNIVERGE IX
  Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27, for Ver10.9 up to Ver10.9.14 and UNIVERGE IX-R/IX-V Ver1.2.15 and earlier allows a attacker to inject an arbitrary CLI commands to be executed on the device via the management interface. 2024-11-29 7.2 CVE-2024-11013 ngtcp2–ngtcp2
  The ngtcp2 project is an effort to implement IETF QUIC protocol in C. In affected versions acks are not validated before being written to the qlog leading to a buffer overflow. In `ngtcp2_conn::conn_recv_pkt` for an ACK, there was new logic that got added to skip `conn_recv_ack` if an ack has already been processed in the payload. However, this causes us to also skip `ngtcp2_pkt_validate_ack`. The ack which was skipped still got written to qlog. The bug occurs in `ngtcp2_qlog::write_ack_frame`. It is now possible to reach this code with an invalid ack, suppose `largest_ack=0` and `first_ack_range=15`. Subtracting `largest_ack – first_ack_range` will lead to an integer underflow which is 20 chars long. However, the ngtcp2 qlog code assumes the number written is a signed integer and only accounts for 19 characters of overhead (see `NGTCP2_QLOG_ACK_FRAME_RANGE_OVERHEAD`). Therefore, we overwrite the buffer causing a heap overflow. This is high priority and could potentially impact many users if they enable qlog. qlog is disabled by default. Due to its overhead, it is most likely used for debugging purpose, but the actual use is unknown. ngtcp2 v1.9.1 fixes the bug and users are advised to upgrade. Users unable to upgrade should not turn on qlog. 2024-11-25 8.2 CVE-2024-52811 ninjateam–File Manager Pro Filester
  The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the ‘fsConnector’ function in all versions up to, and including, 1.8.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload a new .htaccess file allowing them to subsequently upload arbitrary files on the affected site’s server which may make remote code execution possible. 2024-11-28 7.5 CVE-2024-8066 ninjateam–File Manager Pro Filester
  The File Manager Pro – Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the ‘fm_locale’ parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. The vulnerability was partially patched in version 1.8.5. 2024-11-28 7.2 CVE-2024-9669 Pathomation–Pathomation
  Unrestricted Upload of File with Dangerous Type vulnerability in Pathomation allows Upload a Web Shell to a Web Server.This issue affects Pathomation: from n/a through 2.5.1. 2024-11-28 10 CVE-2024-52490 PHPGurukul–Complaint Management system
  A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management system 1.0. This affects an unknown part of the file /user/index.php. The manipulation of the argument emailid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-11-28 7.3 CVE-2024-11964 PHPGurukul–Complaint Management system
  A vulnerability has been found in PHPGurukul Complaint Management system 1.0 and classified as critical. This vulnerability affects unknown code of the file /user/reset-password.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-11-28 7.3 CVE-2024-11965 PHPGurukul–Complaint Management system
  A vulnerability was found in PHPGurukul Complaint Management system 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-11-28 7.3 CVE-2024-11966 PHPGurukul–Complaint Management system
  A vulnerability was found in PHPGurukul Complaint Management system 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/reset-password.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-11-28 7.3 CVE-2024-11967 PHPGurukul–User Registration & Login and User Management System
  A vulnerability was found in PHPGurukul User Registration & Login and User Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-11-26 7.3 CVE-2024-11817 PHPGurukul–User Registration & Login and User Management System
  A vulnerability classified as critical has been found in PHPGurukul User Registration & Login and User Management System 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-11-27 7.3 CVE-2024-11818 Prism I.T. Systems–Multilevel Referral Affiliate Plugin for WooCommerce
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Prism I.T. Systems Multilevel Referral Affiliate Plugin for WooCommerce allows Reflected XSS.This issue affects Multilevel Referral Affiliate Plugin for WooCommerce: from n/a through 2.27. 2024-12-01 7.1 CVE-2024-53742 ProjectSend–ProjectSend
  ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application’s configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript. 2024-11-26 9.8 CVE-2024-11680 python-jsonschema–check-jsonschema
  check-jsonschema is a CLI and set of pre-commit hooks for jsonschema validation. The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. `https://example.org/schema.json` will be stored as `schema.json`. This naming allows for conflicts. If an attacker can get a user to run `check-jsonschema` against a malicious schema URL, e.g., `https://example.evil.org/schema.json`, they can insert their own schema into the cache and it will be picked up and used instead of the appropriate schema. Such a cache confusion attack could be used to allow data to pass validation which should have been rejected. This issue has been patched in version 0.30.0. All users are advised to upgrade. A few workarounds exist: 1. Users can use `–no-cache` to disable caching. 2. Users can use `–cache-filename` to select filenames for use in the cache, or to ensure that other usages do not overwrite the cached schema. (Note: this flag is being deprecated as part of the remediation effort.) 3. Users can explicitly download the schema before use as a local file, as in `curl -LOs https://example.org/schema.json; check-jsonschema –schemafile ./schema.json` 2024-11-29 7.1 CVE-2024-53848 Qualcomm, Inc.–Snapdragon
  On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder. 2024-11-26 9.8 CVE-2017-11076 Qualcomm, Inc.–Snapdragon
  In multiple functions that process 802.11 frames, out-of-bounds reads can occur due to insufficient validation. 2024-11-26 9.8 CVE-2017-17772 Qualcomm, Inc.–Snapdragon
  Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user. 2024-11-26 9.8 CVE-2018-11922 Qualcomm, Inc.–Snapdragon
  Initial xbl_sec revision does not have all the debug policy features and critical checks. 2024-11-26 8.4 CVE-2016-10394 Qualcomm, Inc.–Snapdragon
  QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. Device memory is not valid executable memory. 2024-11-26 8.4 CVE-2016-10408 Qualcomm, Inc.–Snapdragon
  Buffer overwrite in the WLAN host driver by leveraging a compromised WLAN FW 2024-11-26 8.4 CVE-2017-15832 Qualcomm, Inc.–Snapdragon
  A race condition exists in a driver potentially leading to a use-after-free condition. 2024-11-26 8.4 CVE-2017-18153 Qualcomm, Inc.–Snapdragon
  Information disclosure due to uninitialized variable. 2024-11-26 8.4 CVE-2017-18306 Qualcomm, Inc.–Snapdragon
  Information disclosure possible while audio playback. 2024-11-26 8.4 CVE-2017-18307 Qualcomm, Inc.–Snapdragon
  An image with a version lower than the fuse version may potentially be booted lead to improper authentication. 2024-11-26 8.4 CVE-2018-11952 Qualcomm, Inc.–Snapdragon
  An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command ‘cat /sys/kernel/debug/ipa/ip4_nat’ 2024-11-26 8.4 CVE-2018-5852 Qualcomm, Inc.–Snapdragon
  Crafted Binder Request Causes Heap UAF in MediaServer 2024-11-26 7.8 CVE-2018-11816 Quick.CMS–Quick.CMS
  Absolute path traversal vulnerability in Quick.CMS, version 6.7, the exploitation of which could allow remote users to bypass the intended restrictions and download any file if it has the appropriate permissions outside of documentroot configured on the server via the aDirFiles%5B0%5D parameter in the admin.php page. This vulnerability allows an attacker to delete files stored on the server due to a lack of proper verification of user-supplied input. 2024-11-29 9.1 CVE-2024-11992 quomodosoft–Shopready
  Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in quomodosoft Shopready allows PHP Local File Inclusion.This issue affects Shopready: from n/a through 3.5. 2024-11-28 7.5 CVE-2024-52497 Rank Math SEO–Rank Math SEO
  Improper Control of Generation of Code (‘Code Injection’) vulnerability in Rank Math SEO allows Code Injection.This issue affects Rank Math SEO: from n/a through 1.0.231. 2024-11-28 7.2 CVE-2024-11620 Red Hat–Red Hat Enterprise Linux 8
  A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the validations run on the pod spec, verifying that the pod has access to the mounts it specifies are not applicable to a restored container. This flaw allows a malicious user to trick CRI-O into restoring a pod that doesn’t have access to host mounts. The user needs access to the kubelet or cri-o socket to call the restore endpoint and trigger the restore. 2024-11-26 7.4 CVE-2024-8676 Red Hat–Red Hat Enterprise Linux 9
  A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation. 2024-11-26 7.8 CVE-2024-52336 Rohit Harsh–Fence URL
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Rohit Harsh Fence URL allows Stored XSS.This issue affects Fence URL: from n/a through 2.0.0. 2024-11-28 7.1 CVE-2024-53733 sandboxie-plus–Sandboxie
  Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. An authenticated user (**UserA**) with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox folders `C:SandboxUserBxxx`. An authenticated attacker who can use `explorer.exe` or `cmd.exe` outside any sandbox can read other users’ files in `C:Sandboxxxx`. By default in Windows 7+, the `C:UsersUserA` folder is not readable by **UserB**. All files edited or created during the sandbox processing are affected by the vulnerability. All files in C:Users are safe. If `UserB` runs a cmd in a sandbox, he will be able to access `C:SandoxUserA`. In addition, if **UserB** create a folder `C:SandboxUserA` with malicious ACLs, when **UserA** will user the sandbox, Sandboxie doesn’t reset ACLs ! This issue has not yet been fixed. Users are advised to limit access to their systems using Sandboxie. 2024-11-29 9.2 CVE-2024-49360 scottopolis–AppPresser Mobile App Framework
  The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properly validating a user’s password reset code prior to updating their password. This makes it possible for unauthenticated attackers, with knowledge of a user’s email address, to reset the user’s password and gain access to their account. 2024-11-26 9.8 CVE-2024-11024 Sensei–Sensei Mac Cleaner
  The application Sensei Mac Cleaner contains a local privilege escalation vulnerability, allowing an attacker to perform multiple operations as the root user. These operations include arbitrary file deletion and writing, loading and unloading daemons, manipulating file permissions, and loading extensions, among other actions. The vulnerable module org.cindori.SenseiHelper can be contacted via XPC. While the module performs client validation, it relies on the client’s PID obtained through the public processIdentifier property of the NSXPCConnection class. This approach makes the module susceptible to a PID Reuse Attack, enabling an attacker to impersonate a legitimate client and send crafted XPC messages to invoke arbitrary methods exposed by the HelperProtocol interface. 2024-11-25 7.8 CVE-2024-7915 Sharp Corporation–Multiple MFPs (multifunction printers)
  The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. 2024-11-26 9 CVE-2024-28038 Sharp Corporation–Multiple MFPs (multifunction printers)
  “sessionlist.html” and “sys_trayentryreboot.html” are accessible with no authentication. “sessionlist.html” provides logged-in users’ session information including session cookies, and “sys_trayentryreboot.html” allows to reboot the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. 2024-11-26 9.1 CVE-2024-33610 Sharp Corporation–Multiple MFPs (multifunction printers)
  There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. 2024-11-26 9.1 CVE-2024-35244 Sharp Corporation–Multiple MFPs (multifunction printers)
  API keys for some cloud services are hardcoded in the “main” binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. 2024-11-26 9.1 CVE-2024-36248 Sharp Corporation–Multiple MFPs (multifunction printers)
  Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. 2024-11-26 7.5 CVE-2024-33605 Sharp Corporation–Multiple MFPs (multifunction printers)
  Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. 2024-11-26 7.4 CVE-2024-36249 Sharp Corporation–Multiple MFPs (multifunction printers)
  The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. 2024-11-26 7.5 CVE-2024-36251 Sharp Corporation–Multiple MFPs (multifunction printers)
  Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition. 2024-11-26 7.5 CVE-2024-36254 Softpulse Infotech–SP Blog Designer
  Path Traversal: ‘…/…//’ vulnerability in Softpulse Infotech SP Blog Designer allows PHP Local File Inclusion.This issue affects SP Blog Designer: from n/a through 1.0.0. 2024-11-28 7.5 CVE-2024-52498 Spencer14420–SPEmailHandler-PHP
  sp-php-email-handler is a PHP package for handling contact form submissions. Messages sent using this script are vulnerable to abuse, as the script allows anybody to specify arbitrary email recipients and include user-provided content in confirmation emails. This could enable malicious actors to use your server to send spam, phishing emails, or other malicious content, potentially damaging your domain’s reputation and leading to blacklisting by email providers. Patched in version 1.0.0 by removing user-provided content from confirmation emails. All pre-release versions (alpha and beta) are vulnerable to this issue and should not be used. There are no workarounds for this issue. Users must upgrade to version 1.0.0 to mitigate the vulnerability. 2024-11-27 8.6 CVE-2024-53860 SUSE–openSUSE Factory
  Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service. 2024-11-28 7.3 CVE-2024-22038 Tenda–AC8
  A vulnerability was found in Tenda AC8 16.03.34.09 and classified as critical. Affected by this issue is the function route_static_check of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-11-26 8.8 CVE-2024-11745 Trellix–Trellix Enterprise Security Manager (ESM)
  A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root user. 2024-11-29 9.8 CVE-2024-11482 Trellix–Trellix Enterprise Security Manager (ESM)
  A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints. 2024-11-29 8.2 CVE-2024-11481 tumultinc–Tumult Hype Animations
  The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hypeanimations_panel() function in all versions up to, and including, 1.9.15. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. 2024-11-28 9.9 CVE-2024-11082 Tyche Softwares–Booking & Appointment Plugin for WooCommerce
  The Booking & Appointment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘save_google_calendar_data’ function in versions up to, and including, 6.9.0. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily. 2024-11-26 8.8 CVE-2024-10729 Universal Audio–UAConnect
  The com.uaudio.bsd.helper service, responsible for handling privileged operations, fails to implement critical client validation during XPC inter-process communication (IPC). Specifically, the service does not verify the code requirements, entitlements, or security flags of any client attempting to establish a connection. This lack of proper validation allows unauthorized clients to exploit the service’s methods and escalate privileges to root. 2024-11-25 7.8 CVE-2024-8272 Valor Apps–Easy Folder Listing Pro
  Valor Apps Easy Folder Listing Pro has a deserialization vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Joomla! application. Fixed in versions 3.8 and 4.5. 2024-11-26 9.8 CVE-2024-11145 VMware–VMware Aria Operations
  VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations. 2024-11-26 7.8 CVE-2024-38830 VMware–VMware Aria Operations
  VMware Aria Operations contains a local privilege escalation vulnerability.  A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to  a root user on the appliance running VMware Aria Operations. 2024-11-26 7.8 CVE-2024-38831 VMware–VMware Aria Operations
  VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations. 2024-11-26 7.1 CVE-2024-38832 webbytemplate–Office Locator
  Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in webbytemplate Office Locator.This issue affects Office Locator: from n/a through 1.3.0. 2024-11-28 7.5 CVE-2024-52501 WP WOX–Footer Flyout Widget
  Cross-Site Request Forgery (CSRF) vulnerability in WP WOX Footer Flyout Widget allows Stored XSS.This issue affects Footer Flyout Widget: from n/a through 1.1. 2024-11-28 7.1 CVE-2024-53732 WP-speedup–Block Editor Bootstrap Blocks
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP-speedup Block Editor Bootstrap Blocks allows Reflected XSS.This issue affects Block Editor Bootstrap Blocks: from n/a through 6.6.1. 2024-11-28 7.1 CVE-2024-11402 wpdevart–Booking calendar, Appointment Booking System
  The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-11-26 7.2 CVE-2024-9504 Zabbix–Zabbix
  A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access. 2024-11-27 9.9 CVE-2024-42327 Zabbix–Zabbix
  The HttpRequest object allows to get the HTTP headers from the server’s response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects. 2024-11-27 9.1 CVE-2024-42330 Zabbix–Zabbix
  A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions. 2024-11-28 8.8 CVE-2024-36466 Zabbix–Zabbix
  An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access. 2024-11-27 7.5 CVE-2024-36467 zhmcclient–python-zhmcclient
  zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. In affected versions the Python package “zhmcclient” writes password-like properties in clear text into its HMC and API logs in the following cases: 1. The ‘boot-ftp-password’ and ‘ssc-master-pw’ properties when creating or updating a partition in DPM mode, in the zhmcclient API and HMC logs. 2. The ‘ssc-master-pw’ and ‘zaware-master-pw’ properties when updating an LPAR in classic mode, in the zhmcclient API and HMC logs. 3. The ‘ssc-master-pw’ and ‘zaware-master-pw’ properties when creating or updating an image activation profile in classic mode, in the zhmcclient API and HMC logs. 4. The ‘password’ property when creating or updating an HMC user, in the zhmcclient API log. 5. The ‘bind-password’ property when creating or updating an LDAP server definition, in the zhmcclient API and HMC logs. This issue affects only users of the zhmcclient package that have enabled the Python loggers named “zhmcclient.api” (for the API log) or “zhmcclient.hmc” (for the HMC log) and that use the functions listed above. This issue has been fixed in zhmcclient version 1.18.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-11-29 8.2 CVE-2024-53865 zhmcclient–zhmc-ansible-modules
  ibm.ibm_zhmc is an Ansible collection for the IBM Z HMC. The Ansible collection “ibm.ibm_zhmc” writes password-like properties in clear text into its log file and into the output returned by some of its Ansible module in the following cases: 1. The ‘boot_ftp_password’ and ‘ssc_master_pw’ properties are passed as input to the zhmc_partition Ansible module. 2. The ‘ssc_master_pw’ and ‘zaware_master_pw’ properties are passed as input to the zhmc_lpar Ansible module. 3. The ‘password’ property is passed as input to the zhmc_user Ansible module (just in log file, not in module output). 4. The ‘bind_password’ property is passed as input to the zhmc_ldap_server_definition Ansible module. These properties appear in the module output only when they were specified in the module input and when creating or updating the corresponding resources. They do not appear in the output when retrieving facts for the corresponding resources. These properties appear in the log file only when the “log_file” module input parameter is used. By default, no log file is created. This issue has been fixed in ibm.ibm_zhmc version 1.9.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-11-29 8.2 CVE-2024-53979 Zyxel–ATP series firmware
  A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL. 2024-11-27 7.5 CVE-2024-11667