Google–Android
  In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there is a possible buffer overflow in an sscanf due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2024-12-05 6.7 CVE-2017-13308 Google–Android
  In reboot_block_command of htc reboot_block driver, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2024-12-05 6.7 CVE-2018-9386 Google–Android
  In procfile_write of gl_proc.c, there is a possible out of bounds read of a function pointer due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2024-12-05 6.7 CVE-2018-9390 Google–Android
  In update_gps_sv and output_vzw_debug of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/gpshal_wor ker.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2024-12-05 6.7 CVE-2018-9391 Google–Android
  In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information Disclosure due to a Missing Bounds Check. This could lead to Information Disclosure of kernel data. 2024-12-05 6.5 CVE-2018-9407 Google–Android
  In  RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak RSA key pairs being generated. This could lead to crypto vulnerability with no additional execution privileges needed. User interaction is not needed for exploitation. Bulletin Fix: The fix is designed to correctly implement the key generation according to FIPS standard. 2024-12-02 6.5 CVE-2018-9426 Google–Android
  In buildImageItemsIfPossible of ItemTable.cpp there is a possible out of bound read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. 2024-12-02 6.5 CVE-2018-9429 Google–Android
  In gatt_process_error_rsp of gatt_cl.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-12-02 6.2 CVE-2018-9435 astoundify–WP Job Manager Company Profiles
  The WP Job Manager – Company Profiles plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘company’ parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-04 6.1 CVE-2023-6978 persianscript– Persian WooCommerce SMS
  The افزونه پیامک ووکامرس Persian WooCommerce SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.0.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-07 6.1 CVE-2024-10046 eyale-vc–Contact Form Builder by vcita
  The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s livesite-pay shortcode in all versions up to, and including, 4.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-05 6.4 CVE-2024-10056 gutentor–Gutentor Gutenberg Blocks Page Builder for Gutenberg Editor
  The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Countdown widget in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-05 6.4 CVE-2024-10178 iamjonasmarlo–Cookielay
  The Cookielay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s cookielay shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-06 6.4 CVE-2024-10320 brainstormforce–Spectra WordPress Gutenberg Blocks
  The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘Team’ widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-03 6.4 CVE-2024-10484 reputeinfosystems–ARMember Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
  The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes. 2024-12-06 6.3 CVE-2024-10681 jooseposti–Posti Shipping
  The Posti Shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.10.3. This is due to missing or incorrect nonce validation on the generate_notices_html() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-12-04 6.1 CVE-2024-10832 themesdaddy–Flixita
  The Flixita theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.0.82 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-06 6.1 CVE-2024-10836 desertthemes–NewsMunch
  The NewsMunch theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-05 6.4 CVE-2024-10848 desertthemes–NewsMash
  The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-06 6.4 CVE-2024-10849 ultimatemember–ForumWP Forum & Discussion Board
  The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-06 6.1 CVE-2024-10879 sodah–LUNA RADIO PLAYER
  The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘lunaradio’ shortcode in versions up to, and including, 6.24.11.07 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-05 6.4 CVE-2024-10881 searchiq–SearchIQ The Search Solution
  The SearchIQ – The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘siq_searchbox’ shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-04 6.4 CVE-2024-10885 kingyes–Pojo Forms
  The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via form_preview_shortcode AJAX action in all versions up to, and including, 1.4.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. This was partially fixed in version 1.4.8. 2024-12-06 6.3 CVE-2024-10909 Rockwell Automation–Arena
  An “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. 2024-12-05 6.7 CVE-2024-11158 GoodLayers–Goodlayers Core
  The Goodlayers Core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘font-family’ parameter in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-03 6.1 CVE-2024-11200 wpexpertsio–myCred Exclusive Platform for Loyalty Points and Rewards Create Leaderboards, Ranks, Badges, Cashback Coupons, Referral Programs, WooCommerce & eCommerce wallet, Gamification Awards, and Achievements.
  The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s mycred_send shortcode in all versions up to, and including, 2.7.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-06 6.4 CVE-2024-11201 ultimatemember–ForumWP Forum & Discussion Board
  The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-06 6.1 CVE-2024-11204 edgarrojas–PDF Builder for WooCommerce. Create invoices,packing slips and more
  The PDF Builder for WooCommerce. Create invoices,packing slips and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.2.136 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-06 6.1 CVE-2024-11276 bastho–Accounting for WooCommerce
  The Accounting for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-05 6.1 CVE-2024-11324 fatcatapps–Campaign Monitor Forms by Optin Cat
  The Campaign Monitor Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-03 6.1 CVE-2024-11326 comfino–Comfino Payment Gateway
  The Comfino Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-07 6.1 CVE-2024-11329 dactum–Clickbank WordPress Plugin (Storefront)
  The Clickbank WordPress Plugin (Storefront) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing or incorrect nonce validation via the cs_menu page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-12-06 6.1 CVE-2024-11336 devnethr–Smart PopUp Blaster
  The Smart PopUp Blaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘spb-button’ shortcode in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-06 6.4 CVE-2024-11339 cs123–TwentyTwenty
  The TwentyTwenty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘twentytwenty’ shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-06 6.4 CVE-2024-11352 matansmoove–Smoove connector for Elementor forms
  The Smoove connector for Elementor forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-07 6.1 CVE-2024-11367 nanard33–Splash Sync
  The Splash Sync plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-06 6.1 CVE-2024-11368 rezaplus–TWChat Send or receive messages from users
  The TWChat – Send or receive messages from users plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.0.4. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-07 6.1 CVE-2024-11374 edward_plainview–Broadcast
  The Broadcast plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘do_check’ parameter in all versions up to, and including, 51.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects multi-site installations. 2024-12-06 6.1 CVE-2024-11379 imahui–Mini Program API
  The Mini Program API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘qvideo’ shortcode in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-07 6.4 CVE-2024-11380 creativethemeshq–Blocksy
  The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-05 6.4 CVE-2024-11420 genetechproducts–Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more!
  The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.4.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-07 6.1 CVE-2024-11436 onlyoffice–ONLYOFFICE Docs
  The ONLYOFFICE Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘onlyoffice’ shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-06 6.4 CVE-2024-11450 harshitpeer–Zooom
  The Zooom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘zooom’ shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-07 6.4 CVE-2024-11451 samdani–WordPress Pinterest Plugin Make a Popup, User Profile, Masonry and Gallery Layout
  The WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘gs_pin_widget’ shortcode in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-03 6.4 CVE-2024-11453 spartac–Feedpress Generator External RSS Frontend Customizer
  The Feedpress Generator – External RSS Frontend Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-07 6.1 CVE-2024-11457 taunoh–Form Data Collector
  The Form Data Collector plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-03 6.1 CVE-2024-11461 alphabposervice–Easy Code Snippets
  The Easy Code Snippets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-07 6.1 CVE-2024-11464 tomasgroulik–Intro Tour Tutorial DeepPresentation
  The Intro Tour Tutorial DeepPresentation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 6.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-04 6.1 CVE-2024-11466 martinnguyen1990–Next-Cart Store to WooCommerce Migration
  The Next-Cart Store to WooCommerce Migration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-06 6.1 CVE-2024-11687 wphocus–My auctions allegro
  The My auctions allegro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 3.6.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-03 6.1 CVE-2024-11707 iqonicdesign–KiviCare Clinic & Patient Management System (EHR)
  The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the ‘service_list[0][service_id]’ parameter of the get_widget_payment_options AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-12-06 6.5 CVE-2024-11729 iqonicdesign–KiviCare Clinic & Patient Management System (EHR)
  The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the ‘sort[]’ parameter of the static_data_list AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with doctor/receptionist-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-12-06 6.5 CVE-2024-11730 venutius–BP Profile Shortcodes Extra
  The BP Profile Shortcodes Extra plugin for WordPress is vulnerable to time-based SQL Injection via the ‘tab’ parameter in all versions up to, and including, 2.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-12-03 6.5 CVE-2024-11732 wpenhanced–Responsive Videos
  The Responsive Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘somryv’ shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-04 6.4 CVE-2024-11747 floristone–Flower Delivery by Florist One
  The Flower Delivery by Florist One plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘flower-delivery’ shortcode in all versions up to, and including, 3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-04 6.4 CVE-2024-11769 alexvtn–WIP WooCarousel Lite
  The WIP WooCarousel Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wip_woocarousel_products_carousel’ shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-05 6.4 CVE-2024-11779 brandtoss–WP Mailster
  The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘mst_subscribe’ shortcode in all versions up to, and including, 1.8.17.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-03 6.4 CVE-2024-11782 soraco–Quick License Manager WooCommerce Plugin
  The Quick License Manager – WooCommerce Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘submit_qlm_products’ parameter in all versions up to, and including, 2.4.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-03 6.1 CVE-2024-11805 calliko–NPS computy
  The NPS computy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘data1’ and ‘data2’ parameters in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-04 6.1 CVE-2024-11807 aminshah74–Pulsating Chat Button
  The Pulsating Chat Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation on the amin_chat_button_settings_page() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-12-04 6.1 CVE-2024-11813 algoritmika–Additional Custom Order Status for WooCommerce
  The Additional Custom Order Status for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the wfwp_wcos_delete_finished, wfwp_wcos_delete_fallback_finished, wfwp_wcos_delete_fallback_orders_updated, and wfwp_wcos_delete_fallback_status parameters in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-04 6.1 CVE-2024-11814 vjalby–Folder Gallery
  The Folder Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘foldergallery’ shortcode in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-06 6.1 CVE-2024-11823 mlaza–jAlbum Bridge
  The jAlbum Bridge plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ar’ parameter in all versions up to, and including, 2.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-03 6.4 CVE-2024-11853 webilia–Listdom Business Directory and Classified Ads Listings WordPress Plugin
  The Listdom – Business Directory and Classified Ads Listings WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-04 6.4 CVE-2024-11854 paulnagle–BMLT Tabbed Map
  The BMLT Tabbed Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘bmlt_tabbed_map’ shortcode in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-03 6.4 CVE-2024-11866 bplugins–B Testimonial Testimonial plugin for WP
  The B Testimonial – testimonial plugin for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘b_testimonial’ shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-04 6.4 CVE-2024-11880 mightyforms–Contact Form, Survey & Form Builder MightyForms
  The Contact Form, Survey & Form Builder – MightyForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘mightyforms’ shortcode in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-04 6.4 CVE-2024-11897 akashmalik–Scratch & Win Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more
  The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘swin-campaign’ shortcode in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-03 6.4 CVE-2024-11898 timsayshey–WP eCards
  The WP eCards plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘ecard’ shortcode in all versions up to, and including, 1.3.904 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-04 6.4 CVE-2024-11903 codemstory– 
  The 코드엠샵 소셜톡 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘msntt_add_plus_talk’ shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-07 6.4 CVE-2024-11904 neotrendy–Email Address Obfuscation
  The Email Address Obfuscation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-04 6.4 CVE-2024-11935 codemstory– 
  The 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.2.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-07 6.1 CVE-2024-11943 mikeyott–WP System
  The WP System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the generate_wp_system_page_content() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-12-06 6.1 CVE-2024-12003 francescosganga–WP Media Optimizer (.webp)
  The WP Media Optimizer (.webp) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpmowebp-css-resources’ and ‘wpmowebp-js-resources’ parameters in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-06 6.1 CVE-2024-12060 nshowketgmailcom–Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal
  The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘monthly_sales_current_year’ parameter in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-07 6.1 CVE-2024-12128 n/a–horilla
  A vulnerability classified as critical was found in horilla up to 1.2.1. This vulnerability affects the function request_new/get_employee_shift/create_reimbursement/key_result_current_value_update/create_meetings/create_skills. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-12-04 6.3 CVE-2024-12138 Netgear–R6900
  A vulnerability was found in Netgear R6900 1.0.1.26_1.0.20. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file upgrade_check.cgi of the component HTTP Header Handler. The manipulation of the argument Content-Length leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-12-04 6.5 CVE-2024-12147 tsjippy–Mollie for Contact Form 7
  The Mollie for Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 5.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-07 6.1 CVE-2024-12165 cmorillas1–Shortcodes Blocks Creator Ultimate
  The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-07 6.1 CVE-2024-12166 cmorillas1–Shortcodes Blocks Creator Ultimate
  The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘_wpnonce’ parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-07 6.1 CVE-2024-12167 Devolutions–Server
  Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission. 2024-12-04 6.5 CVE-2024-12196 Shenzhen Dashi Tongzhou Information Technology–AgileBPM
  A vulnerability was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 1.0.0. It has been declared as critical. Affected by this vulnerability is the function doFilter of the file agile-bpm-basic-masterab-authab-auth-spring-security-oauth2srcmainjavacomdstzauthfilterAuthorizationTokenCheckFilter.java. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-12-05 6.3 CVE-2024-12235 cardgate–CardGate Payments for WooCommerce
  The CardGate Payments for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-07 6.1 CVE-2024-12257 Jirafeau project–Jirafeau
  Jirafeau normally prevents browser preview for SVG files due to the possibility that manipulated SVG files could be exploited for cross site scripting. This was done by storing the MIME type of a file and preventing the browser preview for MIME type image/svg+xml. This issue was first reported in CVE-2022-30110. However, it was still possible to do a browser preview of a SVG file by sending a manipulated MIME type during the upload, where the case of any letter in image/svg+xml had been changed (like image/svg+XML). The check for image/svg+xml has been changed to be case insensitive. 2024-12-06 6.1 CVE-2024-12326 TP-Link–VN020 F3v(T)
  A vulnerability was found in TP-Link VN020 F3v(T) TT_V6.2.1021. It has been rated as critical. This issue affects some unknown processing of the file /control/WANIPConnection of the component Incomplete SOAP Request Handler. The manipulation leads to denial of service. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. 2024-12-08 6.5 CVE-2024-12342 TP-Link–VN020 F3v(T)
  A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. 2024-12-08 6.5 CVE-2024-12343 TP-Link–VN020 F3v(T)
  A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-12-08 6.3 CVE-2024-12344 MediaTek, Inc.–MT6580, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8175, MT8195, MT8321, MT8365, MT8370, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8791T, MT8797, MT8798
  In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained System privileges. User interaction is not needed for exploitation. Patch ID: ALPS09046782; Issue ID: MSV-1728. 2024-12-02 6.7 CVE-2024-20125 MediaTek, Inc.–MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6896, MT6897, MT6983, MT6985, MT6989, MT8195, MT8676, MT8678, MT8696, MT8796
  In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09193374; Issue ID: MSV-1982. 2024-12-02 6.7 CVE-2024-20130 MediaTek, Inc.–MT2737, MT2739, MT6789, MT6813, MT6815, MT6835, MT6835T, MT6855, MT6878, MT6878T, MT6879, MT6886, MT6895, MT6895T, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6985, MT6986, MT6986D, MT6988, MT6989, MT6990, MT6991, MT8673, MT8676, MT8795T, MT8798
  In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01395886; Issue ID: MSV-1873. 2024-12-02 6.7 CVE-2024-20131 MediaTek, Inc.–MT2737, MT6298, MT6879, MT6886, MT6895, MT6895T, MT6896, MT6980, MT6980D, MT6983, MT6985, MT6989, MT6990, MT8673, MT8676, MT8795T, MT8798
  In Modem, there is a possible out of bonds write due to a mission bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00957388; Issue ID: MSV-1872. 2024-12-02 6.7 CVE-2024-20132 MediaTek, Inc.–MT6879, MT6886, MT6895, MT6895T, MT6896, MT6980, MT6983, MT8673, MT8676, MT8795T, MT8798
  In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01395886; Issue ID: MSV-1871. 2024-12-02 6.7 CVE-2024-20133 MediaTek, Inc.–MT6835, MT6878, MT6879, MT6895, MT6896, MT6897, MT6983, MT6985, MT6989, MT8755, MT8775, MT8796, MT8798
  In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09154589; Issue ID: MSV-1866. 2024-12-02 6.7 CVE-2024-20134 MediaTek, Inc.–MT6768, MT6781, MT6833, MT6853, MT6877, MT6878, MT6893, MT6897, MT6989, MT8775, MT8796, MT9687
  In soundtrigger, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09142526; Issue ID: MSV-1841. 2024-12-02 6.7 CVE-2024-20135 MediaTek, Inc.–MT2737, MT6781, MT6789, MT6855, MT6878, MT6879, MT6880, MT6886, MT6890, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8195, MT8370, MT8390, MT8673, MT8676, MT8678, MT8755, MT8775, MT8781, MT8795T, MT8796, MT8798, MT8893
  In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09121847; Issue ID: MSV-1821. 2024-12-02 6.2 CVE-2024-20136 MediaTek, Inc.–MT2737, MT3605, MT6985, MT6989, MT6990, MT7925, MT7927, MT8518S, MT8532, MT8678
  In Bluetooth firmware, there is a possible firmware asssert due to improper handling of exceptional conditions. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001270; Issue ID: MSV-1600. 2024-12-02 6.5 CVE-2024-20139 Qualcomm, Inc.–Snapdragon
  Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access. 2024-12-02 6.7 CVE-2024-33036 Qualcomm, Inc.–Snapdragon
  Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware. 2024-12-02 6.1 CVE-2024-33037 Qualcomm, Inc.–Snapdragon
  Memory corruption when PAL client calls PAL service APIs by passing a random value as handle and the handle is not validated by the service. 2024-12-02 6.7 CVE-2024-33039 Qualcomm, Inc.–Snapdragon
  Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access. 2024-12-02 6.7 CVE-2024-33040 Qualcomm, Inc.–Snapdragon
  Memory corruption when multiple threads try to unregister the CVP buffer at the same time. 2024-12-02 6.7 CVE-2024-33053 IBM–Cognos Controller
  IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. 2024-12-03 6.5 CVE-2024-41776 HCL Software–Launch
  HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs. 2024-12-06 6.2 CVE-2024-42196 Ruijie–Reyee OS
  Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie’s services 2024-12-06 6.5 CVE-2024-42494 SonicWall–SMA100
  A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication. 2024-12-05 6.3 CVE-2024-45319 averta–Slider & Popup Builder by Depicter Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
  The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘addExtraMimeType’ function in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-06 6.4 CVE-2024-4633 IBM–QRadar SIEM
  IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2024-12-07 6.4 CVE-2024-47107 Ruijie–Reyee OS
  Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal. 2024-12-06 6.5 CVE-2024-47146 Samsung Mobile–GamingHub
  Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to enable JavaScript in its webview. 2024-12-03 6.5 CVE-2024-49418 Palantir–com.palantir.gotham:external-artifacts
  Restricted Views backed objects (OSV1) could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn’t have permission to see such objects to view them via Object Explorer directly. This software bug did not impact or otherwise make data available across organizational boundaries nor did it allow for data to be viewed or accessed by unauthenticated users. The affected service have been patched and automatically deployed to all Apollo-managed Foundry instances. 2024-12-02 6.5 CVE-2024-49581 extendthemes–Colibri Page Builder
  Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin’s bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-04 6.4 CVE-2024-5020 n/a–n/a
  A cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter. 2024-12-06 6.1 CVE-2024-50677 Ruijie–Reyee OS
  Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user’s session and cause a denial-of-service attack on a user’s account. 2024-12-06 6.5 CVE-2024-51727 Hewlett Packard Enterprise (HPE)–HPE Aruba Networking ClearPass Policy Manager
  An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. 2024-12-03 6.4 CVE-2024-51772 Ben Marshall–Jobify – Job Board WordPress Theme
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ben Marshall Jobify – Job Board WordPress Theme allows Stored XSS.This issue affects Jobify – Job Board WordPress Theme: from n/a through 4.2.3. 2024-12-02 6.5 CVE-2024-52478 SolverWP–Elementor Portfolio Builder
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SolverWP Elementor Portfolio Builder allows DOM-Based XSS.This issue affects Elementor Portfolio Builder: from n/a through 1.0.0. 2024-12-02 6.5 CVE-2024-52486 WebCodingPlace–Ultimate Classified Listings
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WebCodingPlace Ultimate Classified Listings allows Stored XSS.This issue affects Ultimate Classified Listings: from n/a through 1.4. 2024-12-02 6.5 CVE-2024-52487 Imbasynergy–ImbaChat
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Imbasynergy ImbaChat allows DOM-Based XSS.This issue affects ImbaChat: from n/a through 3.1.4. 2024-12-02 6.5 CVE-2024-52502 Tailored Web Services–Tailored Tools
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Tailored Web Services Tailored Tools allows Stored XSS.This issue affects Tailored Tools: from n/a through 1.8.4. 2024-12-02 6.5 CVE-2024-52503 Lorex–2K Indoor Wi-Fi Security Camera
  An unauthenticated attacker can perform an out of bounds heap read in the IQ Service (TCP port 9876). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111. 2024-12-03 6.5 CVE-2024-52545 Lorex–2K Indoor Wi-Fi Security Camera
  An attacker who can execute arbitrary Operating Systems commands, can bypass code signing enforcements in the kernel, and execute arbitrary native code. This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111. 2024-12-03 6.7 CVE-2024-52548 quic-go–quic-go
  quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IP_PMTUDISC_DO, the kernel would then return a “message too large” error on sendmsg, i.e. when quic-go attempts to send a packet that exceeds the MTU claimed in that ICMP packet. By setting this value to smaller than 1200 bytes (the minimum MTU for QUIC), the attacker can disrupt a QUIC connection. Crucially, this can be done after completion of the handshake, thereby circumventing any TCP fallback that might be implemented on the application layer (for example, many browsers fall back to HTTP over TCP if they’re unable to establish a QUIC connection). The attacker needs to at least know the client’s IP and port tuple to mount an attack. This vulnerability is fixed in 0.48.2. 2024-12-02 6.5 CVE-2024-53259 n/a–n/a
  A hardcoded decryption key in Thinkware Cloud APK v4.3.46 allows attackers to access sensitive data and execute arbitrary commands with elevated privileges. 2024-12-04 6.5 CVE-2024-53614 bdevs–Generic Elements
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bdevs Generic Elements allows DOM-Based XSS.This issue affects Generic Elements: from n/a through 1.2.3. 2024-12-02 6.5 CVE-2024-53709 Stachethemes–Advanced Event Manager
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Stachethemes Advanced Event Manager allows Stored XSS.This issue affects Advanced Event Manager: from n/a through 1.1.6. 2024-12-02 6.5 CVE-2024-53721 Garrett Grimm–Simple Popup
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Garrett Grimm Simple Popup allows DOM-Based XSS.This issue affects Simple Popup: from n/a through 4.6. 2024-12-02 6.5 CVE-2024-53741 LOOS,Inc.–Arkhe Blocks
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in LOOS,Inc. Arkhe Blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through 2.27.0. 2024-12-06 6.5 CVE-2024-53794 Themesflat–Themesflat Addons For Elementor
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themesflat Themesflat Addons For Elementor allows DOM-Based XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.2.2. 2024-12-06 6.5 CVE-2024-53796 The Beaver Builder Team–Beaver Builder
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in The Beaver Builder Team Beaver Builder allows Stored XSS.This issue affects Beaver Builder: from n/a through 2.8.4.3. 2024-12-06 6.5 CVE-2024-53797 BoldThemes–Bold Page Builder
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 5.2.1. 2024-12-06 6.5 CVE-2024-53801 FuturioWP–Futurio Extra
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in FuturioWP Futurio Extra allows Stored XSS.This issue affects Futurio Extra: from n/a through 2.0.14. 2024-12-06 6.5 CVE-2024-53802 brandtoss–WP Mailster
  Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0. 2024-12-06 6.5 CVE-2024-53803 POSIMYTH–WDesignkit
  Unrestricted Upload of File with Dangerous Type vulnerability in POSIMYTH WDesignkit allows Upload a Web Shell to a Web Server.This issue affects WDesignkit: from n/a through 1.0.40. 2024-12-06 6.6 CVE-2024-53811 WP Travel–WP Travel
  Missing Authorization vulnerability in WP Travel WP Travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through 9.6.0. 2024-12-06 6.5 CVE-2024-53813 Captivate Audio Ltd–Captivate Sync
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Captivate Audio Ltd Captivate Sync allows Stored XSS.This issue affects Captivate Sync: from n/a through 2.0.22. 2024-12-06 6.5 CVE-2024-53820 POSIMYTH–The Plus Addons for Elementor Page Builder Lite
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows DOM-Based XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.6.14. 2024-12-06 6.5 CVE-2024-53823 CodexShaper–Advanced Element Bucket Addons for Elementor
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodexShaper Advanced Element Bucket Addons for Elementor allows Stored XSS.This issue affects Advanced Element Bucket Addons for Elementor: from n/a through 1.0.2. 2024-12-06 6.5 CVE-2024-54210 Noor alam–Magical Addons For Elementor
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.2.6. 2024-12-06 6.5 CVE-2024-54212 zionbuilder.io–WordPress Page Builder Zion Builder
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in zionbuilder.io WordPress Page Builder – Zion Builder allows Stored XSS.This issue affects WordPress Page Builder – Zion Builder: from n/a through 3.6.12. 2024-12-06 6.5 CVE-2024-54213 n/a–n/a
  app/View/GalaxyClusters/cluster_export_misp_galaxy.ctp in MISP through 2.5.2 has stored XSS when exporting custom clusters into the misp-galaxy format. 2024-12-04 6.1 CVE-2024-54674 n/a–n/a
  app/webroot/js/workflows-editor/workflows-editor.js in MISP through 2.5.2 has stored XSS in the editor interface for an ad-hoc workflow. 2024-12-04 6.1 CVE-2024-54675 owthub–Library Management System Manage e-Digital Books Library
  The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the ‘value’ parameter of the owt_lib_handler AJAX action in all versions up to, and including, 3.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-12-07 6.8 CVE-2024-8679 wpbits–WPBITS Addons For Elementor Page Builder
  The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-12-04 6.4 CVE-2024-8962 bdthemes–Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)
  The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-03 6.4 CVE-2024-9058 CMSMasters–CMSMasters Elementor Addon
  The CMSMasters Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.14.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-03 6.4 CVE-2024-9694 Google–Android
  In m3326_gps_write and m3326_gps_read of gps.s, there is a possible Out Of Bounds Read due to a missing bounds check. This could lead to a local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. 2024-12-05 5.5 CVE-2018-9408 Google–Android
  In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c there is a possible out of bound read due to missing bounds check. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation. 2024-12-02 5.5 CVE-2018-9423 Google–Android
  In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. 2024-12-03 5.5 CVE-2018-9441 Google–Android
  In process_service_search_attr_rsp of sdp_discovery.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-12-03 5.5 CVE-2018-9449 IBM–Cognos Controller
  IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. 2024-12-03 5.9 CVE-2021-29892 Pegasystems–Pega Infinity
  Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search. 2024-12-05 5.9 CVE-2024-10716 OpenBSD–OpenBSD
  In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any “https://www.cisa.gov/” in readdir name validation to avoid unexpected directory traversal on untrusted file systems. 2024-12-05 5 CVE-2024-10933 pickplugins–Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins
  The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.58 via the wp_ajax_nopriv_related_post_ajax_get_post_ids AJAX action. This makes it possible for unauthenticated attackers to extract sensitive data including titles of posts in draft status. 2024-12-05 5.3 CVE-2024-10937 SICK AG–SICK InspectorP61x
  The authentication process to the web server uses a challenge response procedure which inludes the nonce and additional information. This challenge can be used several times for login and is therefore vulnerable for a replay attack. 2024-12-06 5.6 CVE-2024-11022 burgthaleratsirconic–SG Helper
  The SG Helper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-12-04 5.5 CVE-2024-11093 nimeshrmr–WP Private Content Plus
  The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. 2024-12-06 5.3 CVE-2024-11292 Hi e-learning–Learning Management System (LMS)
  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Hi e-learning Learning Management System (LMS) allows Reflected XSS.This issue affects Learning Management System (LMS): before 06.12.2024. 2024-12-06 5.4 CVE-2024-11321 fatcatapps–AWeber Forms by Optin Cat
  The AWeber Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-03 5.2 CVE-2024-11325 Red Hat–Red Hat Trusted Artifact Signer
  A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message. 2024-12-06 5.3 CVE-2024-11738 Drupal–Drupal Core
  A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10. 2024-12-05 5.9 CVE-2024-11942 akirk–Friends
  The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website, accept the friend request for the targeted website, and then communicate with the site as an accepted friend. 2024-12-06 5.3 CVE-2024-12028 OpenHarmony–OpenHarmony
  in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. 2024-12-03 5.5 CVE-2024-12082 Devolutions–Server
  Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets. 2024-12-04 5 CVE-2024-12151 code-projects–Hotel Management System
  A vulnerability has been found in code-projects Hotel Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Administrator Login Password Handler. The manipulation of the argument Str2 leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. 2024-12-05 5.3 CVE-2024-12185 code-projects–Hotel Management System
  A vulnerability was found in code-projects Hotel Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file hotelnew.c of the component Available Room Handler. The manipulation of the argument admin_entry leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. 2024-12-05 5.3 CVE-2024-12186 MSI–Dragon Center
  A vulnerability, which was classified as problematic, was found in MSI Dragon Center up to 2.0.146.0. This affects the function MmUnMapIoSpace in the library NTIOLib_X64.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. Upgrading to version 2.0.148.0 is able to address this issue. It is recommended to upgrade the affected component. 2024-12-05 5.5 CVE-2024-12227 nshowketgmailcom–Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal
  The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ‘save_settings’, ‘export_csv’, and ‘simpleecommcart-action’ actions in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugins settings and retrieve order and log data (which is also accessible to unauthenticated users). 2024-12-07 5.4 CVE-2024-12253 Cisco–Cisco NX-OS Software
  A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software. 2024-12-04 5.2 CVE-2024-20397 IBM–Cognos Controller
  IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks. 2024-12-03 5.5 CVE-2024-25019 IBM–Cognos Controller
  IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Attackers can make use of this weakness and upload malicious executable files into the system and can be sent to victims for performing further attacks. 2024-12-03 5.5 CVE-2024-25020 IBM–Cognos Controller
  IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks. 2024-12-03 5.3 CVE-2024-25035 HCL Software–Nomad server on Domino
  The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address. 2024-12-06 5.3 CVE-2024-30129 IBM–Db2 for Linux, UNIX and Windows
  IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. 2024-12-07 5.3 CVE-2024-37071 element-hq–synapse
  Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated way. The implication is that unauthenticated remote adversaries can use this functionality to plant problematic content into the media repository. Synapse 1.106 introduces a partial mitigation in the form of new endpoints which require authentication for media downloads. The unauthenticated endpoints will be frozen in a future release, closing the attack vector. 2024-12-03 5.3 CVE-2024-37303 tassos.gr–Convert Forms component for Joomla
  Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8. 2024-12-04 5.4 CVE-2024-40745 IBM–Db2 for Linux, UNIX and Windows
  IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. 2024-12-07 5.3 CVE-2024-41762 IBM–Cognos Controller
  IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. 2024-12-03 5.9 CVE-2024-41775 Samsung Mobile–Samsung Mobile Devices
  Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code. 2024-12-03 5.9 CVE-2024-49410 Samsung Mobile–Samsung Mobile Devices
  Improper input validation in Settings prior to SMR Dec-2024 Release 1 allows local attackers to broadcast signal for discovering Bluetooth on Galaxy Watch. 2024-12-03 5.5 CVE-2024-49412 n/a–n/a
  Firepad through 1.5.11 allows remote attackers, who have knowledge of a pad ID, to retrieve both the current text of a document and all content that has previously been pasted into the document. NOTE: in several similar products, this is the intentional behavior for anyone who knows the full document ID and corresponding URL. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2024-12-04 5.3 CVE-2024-51210 Richard K Miller–What Would Seth Godin Do
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Richard K Miller What Would Seth Godin Do allows Stored XSS.This issue affects What Would Seth Godin Do: from n/a through 2.1.1. 2024-12-02 5.9 CVE-2024-51900 Udi Dollberg–Add Chat App Button
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Udi Dollberg Add Chat App Button allows Stored XSS.This issue affects Add Chat App Button: from n/a through 2.1.5. 2024-12-02 5.9 CVE-2024-52489 Sanil Shakya–Sticky Social Icons
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Sanil Shakya Sticky Social Icons allows Stored XSS.This issue affects Sticky Social Icons: from n/a through 1.2.1. 2024-12-02 5.9 CVE-2024-52491 Gopi Ramasamy–Image horizontal reel scroll slideshow
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Gopi Ramasamy Image horizontal reel scroll slideshow allows Stored XSS.This issue affects Image horizontal reel scroll slideshow: from n/a through 13.4. 2024-12-02 5.9 CVE-2024-52492 Josh Leuze–Meteor Slides
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Josh Leuze Meteor Slides allows Stored XSS.This issue affects Meteor Slides: from n/a through 1.5.7. 2024-12-02 5.9 CVE-2024-52493 Matt Varone, Tim Berneman–Dynamic “To Top”
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Matt Varone, Tim Berneman Dynamic “To Top” allows Stored XSS.This issue affects Dynamic “To Top”: from 3.5.2 through n/a. 2024-12-02 5.9 CVE-2024-52494 Lorex–2K Indoor Wi-Fi Security Camera
  An unauthenticated attacker can perform a null pointer dereference in the DHIP Service (UDP port 37810). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111. 2024-12-03 5.3 CVE-2024-52546 Planet Technology–Planet WGS-804HPT
  The affected product is vulnerable to an integer underflow. An unauthenticated attacker could send a malformed HTTP request, which could allow the attacker to crash the program. 2024-12-06 5.3 CVE-2024-52558 n/a–n/a
  Itsourcecode Online Discussion Forum Project v.1.0.0 is vulnerable to Cross Site Scripting (XSS) via /bcc_forum/members/home.php. 2024-12-04 5.4 CVE-2024-52676 n/a–n/a
  A SQL injection vulnerability was found in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/view-detail.php. This vulnerability affects the viewid parameter, where improper input sanitization allows attackers to inject malicious SQL queries. 2024-12-02 5.4 CVE-2024-53364 n/a–n/a
  Sysax Multi Server 6.99 is vulnerable to Cross Site Scripting (XSS) via the /scgi?sid parameter. 2024-12-02 5.4 CVE-2024-53459 n/a–n/a
  An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal. 2024-12-02 5.5 CVE-2024-53566 SonicWall–SMA100
  Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret. 2024-12-05 5.3 CVE-2024-53702 AutoQuiz–AI Quiz
  Missing Authorization vulnerability in AutoQuiz AI Quiz allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AI Quiz: from n/a through 1.1. 2024-12-02 5.3 CVE-2024-53708 Abdul Hakeem–Build App Online
  Cross-Site Request Forgery (CSRF) vulnerability in Abdul Hakeem Build App Online allows Cross Site Request Forgery.This issue affects Build App Online: from n/a through 1.0.22. 2024-12-02 5.4 CVE-2024-53751 P. Roy–WP Revisions Manager
  Cross-Site Request Forgery (CSRF) vulnerability in P. Roy WP Revisions Manager allows Cross Site Request Forgery.This issue affects WP Revisions Manager: from n/a through 1.0.2. 2024-12-02 5.4 CVE-2024-53761 Andy Moyle–Church Admin
  Missing Authorization vulnerability in Andy Moyle Church Admin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Church Admin: from n/a through 5.0.8. 2024-12-06 5.3 CVE-2024-53795 WpMaspik–Maspik Spam blacklist
  Missing Authorization vulnerability in WpMaspik Maspik – Spam blacklist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Maspik – Spam blacklist: from n/a through 2.2.7. 2024-12-06 5.4 CVE-2024-53806 WPSight–WPCasa
  Missing Authorization vulnerability in WPSight WPCasa allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPCasa: from n/a through 1.2.13. 2024-12-06 5.3 CVE-2024-53826 erlang–otp
  OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and OTP-27.0, resulting in a server or client verifying the peer when incorrect extended key usage is presented (i.e., a server will verify a client if they have server auth ext key usage and vice versa). 2024-12-05 5.5 CVE-2024-53846 kanboard–kanboard
  Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application_language, application_date_format,application_timezone and application_time_format allow arbirary user input which is reflected. The vulnerability can become xss if the user input is javascript code that bypass CSP. This vulnerability is fixed in 1.2.41. 2024-12-05 5.5 CVE-2024-54001 DependencyTrack–dependency-track
  Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Performing a login request against the /api/v1/user/login endpoint with a username that exist in the system takes significantly longer than performing the same action with a username that is not known by the system. The observable difference in request duration can be leveraged by actors to enumerate valid names of managed users. LDAP and OpenID Connect users are not affected. The issue has been fixed in Dependency-Track 4.12.2. 2024-12-04 5.3 CVE-2024-54002 directus–directus
  Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection. This vulerability is fixed in 10.13.4 and 11.2.0. 2024-12-05 5.7 CVE-2024-54128 URBAN BASE–Z-Downloads
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in URBAN BASE Z-Downloads allows Stored XSS.This issue affects Z-Downloads: from n/a through 1.11.7. 2024-12-06 5.9 CVE-2024-54206 Owen Cutajar & Hyder Jaffari–WordPress Auction Plugin
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows Stored XSS.This issue affects WordPress Auction Plugin: from n/a through 3.7. 2024-12-06 5.9 CVE-2024-54207 Visualmodo–Borderless
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Visualmodo Borderless allows Cross-Site Scripting (XSS).This issue affects Borderless: from n/a through 1.5.8. 2024-12-06 5.9 CVE-2024-54211 RestApp Inc.–Online Ordering System
  Improper Input Validation vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks.This issue affects Online Ordering System: 8.2.1.  NOTE: Vulnerability fixed in version 8.2.2 and does not exist before 8.2.1. 2024-12-04 5.3 CVE-2024-7488 andreiigna–If Menu Visibility control for Menus
  The If Menu plugin for WordPress is vulnerable to unauthorized modification of the plugin’s license key due to a missing capability check on the ‘actions’ function in versions up to, and including, 0.19.1. This makes it possible for unauthenticated attackers to modify delete or modify the license key. 2024-12-07 5.3 CVE-2024-7894 Moxa–VPort 07-3 Series
  Moxa’s IP Cameras are affected by a medium-severity vulnerability, CVE-2024-9404, which could lead to a denial-of-service condition or cause a service crash. This vulnerability allows attackers to exploit the Moxa service, commonly referred to as moxa_cmd, originally designed for deployment. Because of insufficient input validation, this service may be manipulated to trigger a denial-of-service. This vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible networks. Attackers could potentially disrupt operations by shutting down the affected systems. Due to the critical nature of this security risk, we strongly recommend taking immediate action to prevent potential exploitation. 2024-12-04 5.3 CVE-2024-9404 rstheme2017–Ultimate Coming Soon & Maintenance
  The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ucsm_activate_lite_template_lite function in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated attackers to change the template used for the coming soon / maintenance page. 2024-12-06 5.3 CVE-2024-9706 sasonikolov–Event Tickets with Ticket Scanner
  The Event Tickets with Ticket Scanner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data’ parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping and missing authorization on the functionality to manage tickets. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This missing authorization aspect of this was patched in 2.4.1, while the Cross-Site Scripting was fully patched in 2.4.4. 2024-12-06 5.4 CVE-2024-9866 vcita–Online Booking & Scheduling Calendar for WordPress by vcita
  The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_user_data_callback() function in all versions up to, and including, 4.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject malicious web scripts and update settings. 2024-12-06 5.4 CVE-2024-9872 OpenHarmony–OpenHarmony
  in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read. 2024-12-03 5.5 CVE-2024-9978 Synology–Surveillance Station
  Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors. 2024-12-04 4.3 CVE-2023-52943 Synology–Surveillance Station
  Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to perform limited actions on the set action rules function via unspecified vectors. 2024-12-04 4.3 CVE-2023-52944 NVIDIA–Base Command Manager
  NVIDIA Base Command Manager and Bright Cluster Manager for Linux contain an insecure temporary file vulnerability. A successful exploit of this vulnerability might lead to denial of service. 2024-12-06 4.4 CVE-2024-0139 Unknown–3DPrint Lite
  The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. 2024-12-06 4.3 CVE-2024-10480 Unknown–Sticky Social Icons
  The Sticky Social Icons WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2024-12-06 4.8 CVE-2024-10551 smarettheme–Eleblog Elementor Blog And Magazine Addons
  The Eleblog – Elementor Blog And Magazine Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the goodbye_form_callback() function in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit a deactivation reason. 2024-12-04 4.3 CVE-2024-10663 codesavory–Knowledge Base documentation & wiki plugin BasePress Docs
  The Knowledge Base documentation & wiki plugin – BasePress Docs plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the basepress_db_posts_update() function in all versions up to, and including, 2.16.3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the database. 2024-12-04 4.3 CVE-2024-10664 webangon–XLTab Accordions and Tabs for Elementor Page Builder
  The XLTab – Accordions and Tabs for Elementor Page Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4 via the ‘XLTAB_INSERT_TPL’ shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. 2024-12-06 4.3 CVE-2024-10689 ideaboxcreations–PowerPack Elementor Addons (Free Widgets, Extensions and Templates)
  The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 via the Content Reveal widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. 2024-12-06 4.3 CVE-2024-10692 wpvibes–AnyWhere Elementor
  The AnyWhere Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.11 via the ‘INSERT_ELEMENTOR’ shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. 2024-12-05 4.3 CVE-2024-10777 choijun–LA-Studio Element Kit for Elementor
  The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the ‘elementor-template’ shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created by Elementor that they should not have access to. 2024-12-04 4.3 CVE-2024-10787 Unknown–WP Booking Calendar
  The WP Booking Calendar WordPress plugin before 10.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2024-12-03 4.8 CVE-2024-10893 ecolosites–Simple Redirection
  The Simple Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings_page() function. This makes it possible for unauthenticated attackers to update the plugin’s settings and redirect all site visitors via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-12-05 4.3 CVE-2024-11341 clicksend–SMS for Lead Capture Forms
  The SMS for Lead Capture Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_message() function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary messages. 2024-12-07 4.3 CVE-2024-11353 cluevo–CLUEVO LMS, E-Learning Platform
  The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.13.2. This is due to missing or incorrect nonce validation on the cluevo_render_module_ui() function. This makes it possible for unauthenticated attackers to delete modules via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-12-06 4.3 CVE-2024-11444 northernbeacheswebsites–IdeaPush
  The IdeaPush plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the idea_push_taxonomy_save_routine function in all versions up to, and including, 8.71. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete terms for the “boards” taxonomy. 2024-12-03 4.3 CVE-2024-11844 ASUS–RT-AX55
  An improper input validation vulnerability leads to device crashes in certain ASUS router models. Refer to the ’12/03/2024 ASUS Router Improper Input Validation’ section on the ASUS Security Advisory for more information. 2024-12-04 4.4 CVE-2024-11985 kofimokome–Message Filter for Contact Form 7
  The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveFilter() function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new filters. 2024-12-07 4.3 CVE-2024-12026 kofimokome–Message Filter for Contact Form 7
  The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateFilter() and deleteFilter() functions in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update and delete filters. 2024-12-06 4.3 CVE-2024-12027 nicheaddons–Charity Addon for Elementor
  The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.2 via the ‘nacharity_elementor_template’ shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. 2024-12-03 4.3 CVE-2024-12062 getdollie–Dollie Hub Build Your Own WordPress Cloud Platform
  The Dollie Hub – Build Your Own WordPress Cloud Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.2.0 via the ‘elementor-template’ shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. 2024-12-04 4.3 CVE-2024-12099 jerryscg–Gold Addons for Elementor
  The Gold Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate() and deactivate() functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate and deactivate licenses. 2024-12-06 4.3 CVE-2024-12110 ays-pro–Poll Maker Versus Polls, Anonymous Polls, Image Polls
  The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.4. This is due to missing or incorrect nonce validation on the duplicate_poll() function. This makes it possible for unauthenticated attackers to duplicate polls via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-12-07 4.3 CVE-2024-12115 Devolutions–Server
  Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to access some reporting endpoints. 2024-12-04 4.3 CVE-2024-12148 Mattermost–Mattermost
  Mattermost versions 9.7.x <= 9.7.5, 9.8.x <= 9.8.2 and 9.9.x <= 9.9.2 fail to properly propagate permission scheme updates across cluster nodes which allows a user to keep old permissions, even if the permission scheme has been updated. 2024-12-05 4.6 CVE-2024-12247 MediaTek, Inc.–MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798
  In cmdq, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09057438; Issue ID: MSV-1696. 2024-12-02 4.4 CVE-2024-20116 IBM–Cognos Controller
  IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields. 2024-12-03 4.3 CVE-2024-25036 Spring by VMware Tanzu–Spring Security
  The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly. 2024-12-02 4.8 CVE-2024-38827 IBM–Cognos Controller
  IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user to upload insecure files, due to insufficient file type distinction. 2024-12-03 4.3 CVE-2024-45676 Microsoft–Microsoft Edge (Chromium-based)
  Microsoft Edge (Chromium-based) Spoofing Vulnerability 2024-12-06 4.3 CVE-2024-49041 Samsung Mobile–Samsung Mobile Devices
  Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege. 2024-12-03 4.3 CVE-2024-49411 Samsung Mobile–SmartThings
  Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows local attackers to get sensitive information. 2024-12-03 4 CVE-2024-49416 Samsung Mobile–GamingHub
  Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to load an arbitrary URL in its webview. 2024-12-03 4.3 CVE-2024-49419 Samsung Mobile–Quick Share Agent
  Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location. 2024-12-03 4.3 CVE-2024-49421 Hewlett Packard Enterprise (HPE)–HPE Aruba Networking ClearPass Policy Manager
  A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Successful exploitation could enable a threat actor to perform any actions the user is authorized to do, including accessing the user’s data and altering information within the user’s permissions. This could lead to data modification, deletion, or theft, including unauthorized access to files, file deletion, or the theft of session cookies, which an attacker could use to hijack a user’s session. 2024-12-03 4.8 CVE-2024-51773 Ben Marshall–Jobify – Job Board WordPress Theme
  Cross-Site Request Forgery (CSRF) vulnerability in Ben Marshall Jobify – Job Board WordPress Theme allows Cross Site Request Forgery.This issue affects Jobify – Job Board WordPress Theme: from n/a through 4.2.3. 2024-12-02 4.3 CVE-2024-52479 vitessio–vitess
  Vitess is a database clustering system for horizontal scaling of MySQL. The /debug/querylogz and /debug/env pages for vtgate and vttablet do not properly escape user input. The result is that queries executed by Vitess can write HTML into the monitoring page at will. These pages are rendered using text/template instead of rendering with a proper HTML templating engine. This vulnerability is fixed in 21.0.1, 20.0.4, and 19.0.8. 2024-12-03 4.9 CVE-2024-53257 n/a–n/a
  A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload. 2024-12-02 4.8 CVE-2024-53617 Hewlett Packard Enterprise (HPE)–HPE Aruba Networking ClearPass Policy Manager
  A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system. 2024-12-03 4.7 CVE-2024-53672 Ahmet mamolu–Ahmeti Wp Gzel Szler
  Cross-Site Request Forgery (CSRF) vulnerability in Ahmet İmamoğlu Ahmeti Wp Güzel Sözler allows Cross Site Request Forgery.This issue affects Ahmeti Wp Güzel Sözler: from n/a through 4.0. 2024-12-02 4.3 CVE-2024-53707 TannerRitchie Web Applications/DancePress–DancePress (TRWA)
  Cross-Site Request Forgery (CSRF) vulnerability in TannerRitchie Web Applications/DancePress DancePress (TRWA) allows Cross Site Request Forgery.This issue affects DancePress (TRWA): from n/a through 3.1.11. 2024-12-02 4.3 CVE-2024-53775 E-goi–Smart Marketing SMS and Newsletters Forms
  Missing Authorization vulnerability in E-goi Smart Marketing SMS and Newsletters Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Marketing SMS and Newsletters Forms: from n/a through 5.0.9. 2024-12-02 4.3 CVE-2024-53784 BAKKBONE Australia–FloristPress
  Missing Authorization vulnerability in BAKKBONE Australia FloristPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FloristPress: from n/a through 7.3.0. 2024-12-06 4.3 CVE-2024-53799 Kiboko Labs–Namaste! LMS
  Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Namaste! LMS allows Cross Site Request Forgery.This issue affects Namaste! LMS: from n/a through 2.6.4.1. 2024-12-06 4.3 CVE-2024-53809 Ninja Team–Filebird
  Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 6.3.2. 2024-12-06 4.7 CVE-2024-53825 element-hq–synapse
  Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1. 2024-12-03 4.3 CVE-2024-53867 nanopb–nanopb
  Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PB_ENABLE_MALLOC is enabled, the message contains at least one field with FT_POINTER field type, custom stream callback is used with unknown stream length. and the pb_decode_ex() function is used with flag PB_DECODE_DELIMITED, then the pb_decode_ex() function does not automatically call pb_release(), like is done for other failure cases. This could lead to memory leak and potential denial-of-service. This vulnerability is fixed in 0.4.9.1. 2024-12-02 4.3 CVE-2024-53984 JetBrains–YouTrack
  In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack 2024-12-04 4.2 CVE-2024-54156 JetBrains–YouTrack
  In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector 2024-12-04 4.3 CVE-2024-54157 n/a–n/a
  CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions. 2024-12-05 4.3 CVE-2024-54679 ServiceNow–Now Platform
  ServiceNow has addressed an HTML injection vulnerability that was identified in the Now Platform. This vulnerability could potentially enable an unauthenticated user to modify a web page or redirect users to another website. ServiceNow released updates to customers that addressed this vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance(s) as soon as possible. 2024-12-02 4.3 CVE-2024-5890 Zyxel–VMG3625-T50B firmware
  A post-authentication buffer overflow vulnerability in the parameter “action” of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP GET request to a vulnerable device if the function ZyEE is enabled. 2024-12-03 4.9 CVE-2024-9197 rstheme2017–Ultimate Coming Soon & Maintenance
  The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘ucsm_update_template_name_lite’ function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the name of the plugin’s templates. 2024-12-06 4.3 CVE-2024-9705 totalsoft–Video Gallery YouTube Gallery and Vimeo Gallery
  The Video Gallery – Best WordPress YouTube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-12-06 4.4 CVE-2024-9769