1panel-dev — 1panel 1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6. 2024-02-05 6.5 CVE-2024-24768
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com acowebs — product_labels_for_woocommerce_(sale_badges) Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Acowebs Product Labels For Woocommerce (Sale Badges) allows Stored XSS.This issue affects Product Labels For Woocommerce (Sale Badges): from n/a through 1.5.3. 2024-02-08 5.9 CVE-2024-24886
audit@patchstack.com allegro_ai — clearml Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords. 2024-02-05 6 CVE-2024-24595
6f8de1f0-f67e-45a6-b68f-98777fdb759c ansible — ansible An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values. 2024-02-06 5 CVE-2024-0690
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com antisamy_project — antisamy AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy’s sanitized output. Patched in AntiSamy 1.7.5 and later. 2024-02-02 6.1 CVE-2024-23635
security-advisories@github.com apache_software_foundation — ozone Improper Authentication vulnerability in Apache Ozone. The vulnerability allows an attacker to download metadata internal to the Storage Container Manager service without proper authentication. The attacker is not allowed to do any modification within the Ozone Storage Container Manager service using this vulnerability. The accessible metadata does not contain sensitive information that can be used to exploit the system later on, and the accessible data does not make it possible to gain access to actual user data within Ozone. This issue affects Apache Ozone: 1.2.0 and subsequent releases up until 1.3.0. Users are recommended to upgrade to version 1.4.0, which fixes the issue. 2024-02-07 5.3 CVE-2023-39196
security@apache.org
security@apache.org apollo13themes — apollo13_framework_extensions Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Apollo13Themes Apollo13 Framework Extensions allows Stored XSS. This issue affects Apollo13 Framework Extensions: from n/a through 1.9.2. 2024-02-08 6.5 CVE-2024-24880
audit@patchstack.com audrasjb — gdpr_data_request_form Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Audrasjb GDPR Data Request Form allows Stored XSS. This issue affects GDPR Data Request Form: from n/a through 1.6. 2024-02-08 6.5 CVE-2024-24836
audit@patchstack.com axis_communications_ab — axis_os Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator-privileges compared to administrator-privileges service accounts. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. 2024-02-05 6.3 CVE-2023-5677
product-security@axis.com axis_communications_ab — axis_os Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. 2024-02-05 5.4 CVE-2023-5800
product-security@axis.com beijing_baichuo — smart_s20_management_platform A vulnerability, which was classified as critical, was found in Beijing Baichuo Smart S20 Management Platform up to 20231120. This affects an unknown part of the file /sysmanage/sysmanageajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252993 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-02-06 4.7 CVE-2024-1254
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com beijing_baichuo — smart_s40_management_platform A vulnerability, which was classified as critical, has been found in Beijing Baichuo Smart S40 Management Platform up to 20240126. Affected by this issue is some unknown functionality of the file /useratte/web.php of the component Import Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-02-06 4.7 CVE-2024-1253
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com blockmason — credit-protocol ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in blockmason credit-protocol. It has been declared as problematic. Affected by this vulnerability is the function executeUcacTx of the file contracts/CreditProtocol.sol of the component UCAC Handler. The manipulation leads to denial of service. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 082e01f18707ef995e80ebe97fcedb229a55efc5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-252799. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2024-02-04 4.3 CVE-2018-25098
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com blurams — lumi_security_camera_a31c_firmware An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate attackers to execute arbitrary code. 2024-02-02 6.8 CVE-2023-51820
cve@mitre.org
cve@mitre.org br-automation — automation_runtime A reflected cross-site scripting (XSS) vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions <= G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session. 2024-02-05 6.1 CVE-2023-6028
cybersecurity@ch.abb.com ckeditor — ckeditor4 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA elements in Advanced Content Filtering configuration (defaults to `script` and `style` elements). The vulnerability allows attackers to inject malformed HTML content bypassing Advanced Content Filtering mechanism, which could result in executing JavaScript code. An attacker could abuse faulty CDATA content detection and use it to prepare an intentional attack on the editor. A fix is available in version 4.24.0-lts. 2024-02-07 6.1 CVE-2024-24815
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com ckeditor — ckeditor4 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the `preview` feature. All integrators that use these samples in the production code can be affected. The vulnerability allows an attacker to execute JavaScript code by abusing the misconfigured preview feature. It affects all users using the CKEditor 4 at version < 4.24.0-lts with affected samples used in a production environment. A fix is available in version 4.24.0-lts. 2024-02-07 6.1 CVE-2024-24816
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com clicktotweet.com — click_to_tweet Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ClickToTweet.Com Click To Tweet allows Stored XSS.This issue affects Click To Tweet: from n/a through 2.0.14. 2024-02-10 6.5 CVE-2024-23514
audit@patchstack.com codeastro — employee_task_management_system A vulnerability has been found in CodeAstro Employee Task Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file employee-tasks-phpattendance-info.php. The manipulation of the argument aten_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252697 was assigned to this vulnerability. 2024-02-03 5.4 CVE-2024-1199
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com codeastro — restaurant_pos_system A vulnerability, which was classified as critical, was found in CodeAstro Restaurant POS System 1.0. This affects an unknown part of the file update_product.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253011. 2024-02-07 6.3 CVE-2024-1268
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com creative_themes — blocksy Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Creative Themes Blocksy allows Stored XSS. This issue affects Blocksy: from n/a through 2.0.19. 2024-02-08 6.5 CVE-2024-24871
audit@patchstack.com cryptlib — cryptlib A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS (by setting the USE_RSA_SUITES define), it will be vulnerable to the timing variant of the Bleichenbacher attack. An attacker that is able to perform a large number of connections to the server will be able to decrypt RSA ciphertexts or forge signatures using server’s certificate. 2024-02-05 5.9 CVE-2024-0202
patrick@puiterwijk.org cups_easy — cups_easy A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/locationcreate.php, in the locationid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. 2024-02-02 6.1 CVE-2024-23895
cve-coordination@incibe.es dan_dulaney — dan’s_embedder_for_google_calendar Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Dan Dulaney Dan’s Embedder for Google Calendar allows Stored XSS. This issue affects Dan’s Embedder for Google Calendar: from n/a through 1.2. 2024-02-05 6.5 CVE-2023-51504
audit@patchstack.com dell — appsync Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account. 2024-02-08 6.2 CVE-2024-22464
security_alert@emc.com dell — cpg_bios Dell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service. 2024-02-06 6.7 CVE-2023-28063
security_alert@emc.com dell — dell_bsafe_ssl-j Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user. 2024-02-10 4.4 CVE-2023-28077
security_alert@emc.com dell — dell_command_monitor Dell Command | Monitor, versions prior to 10.9, contain an arbitrary folder deletion vulnerability. A locally authenticated malicious user may exploit this vulnerability in order to perform a privileged arbitrary file delete. 2024-02-06 4.7 CVE-2023-28049
security_alert@emc.com dell — dell_display_manager Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion 2024-02-06 6.6 CVE-2023-32474
security_alert@emc.com dell — dell_encryption Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation. 2024-02-06 6.7 CVE-2023-32479
security_alert@emc.com dell — dup_framework DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary files, leading to denial of service 2024-02-06 6.3 CVE-2023-32454
security_alert@emc.com dev.dans-art — add_customer_for_woocommerce Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Dan’s Art Add Customer for WooCommerce allows Stored XSS.This issue affects Add Customer for WooCommerce: from n/a through 1.7. 2024-02-05 4.8 CVE-2024-24841
audit@patchstack.com elastic — apm_server An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs. 2024-02-07 5.7 CVE-2024-23448
bressers@elastic.co
bressers@elastic.co elastic — elastic_network_drive_connector An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. Although the document is not accessible to the user in Network Drive it is visible in search applications to the user. 2024-02-07 5.3 CVE-2024-23447
bressers@elastic.co
bressers@elastic.co elastic — kibana An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the .alerts-security.alerts-{space_id} indices. Users who are authorized to call this API may obtain unauthorized access to documents if their roles are configured with DLS or FLS against the aforementioned index. 2024-02-07 6.5 CVE-2024-23446
bressers@elastic.co
bressers@elastic.co emerson — rosemount_gc370xa In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition. 2024-02-09 6.9 CVE-2023-43609
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov emerson — rosemount_gc370xa In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer. 2024-02-09 6.9 CVE-2023-49716
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov enalean — tuleap Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version 15.4.99.140 of Tuleap Community Edition. 2024-02-06 5.3 CVE-2024-23344
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com envoyproxy — envoy Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-02-09 4.3 CVE-2024-23323
security-advisories@github.com
security-advisories@github.com fivestarplugins — five_star_restaurant_menu Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Five Star Plugins Five Star Restaurant Reviews allows Stored XSS.This issue affects Five Star Restaurant Reviews: from n/a through 2.3.5. 2024-02-05 5.4 CVE-2024-24838
audit@patchstack.com forum_one — wp-cfm Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp-cfm. This issue affects WP-CFM: from n/a through 1.7.8. 2024-02-07 5.4 CVE-2024-24706
audit@patchstack.com
audit@patchstack.com frappe — frappe Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and a tightly integrated client side library. Prior to versions 14.59.0 and 15.5.0, portal pages are susceptible to Cross-Site Scripting (XSS) which can be used to inject malicious JS code if user clicks on a malicious link. This vulnerability has been patched in versions 14.59.0 and 15.5.0. No known workarounds are available. 2024-02-07 5.4 CVE-2024-24812
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com galleon — eap_eap-xp_servers An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server. 2024-02-06 6.8 CVE-2023-4503
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com getsentry — sentry Sentry is an error tracking and performance monitoring platform. Sentry’s integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration (maintained by Sentry) with version <=24.1.1 contains a constrained SSRF vulnerability. An attacker could make Sentry send POST HTTP requests to arbitrary URLs (including internal IP addresses) by providing an unsanitized input to the Phabricator integration. However, the body payload is constrained to a specific format. If an attacker has access to a Sentry instance, this allows them to: 1. interact with internal network; 2. scan local/remote ports. This issue has been fixed in Sentry self-hosted release 24.1.2, and has already been mitigated on sentry.io on February 8. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-02-09 4.3 CVE-2024-24829
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com gitlab — gitlab An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role were able to push or merge to protected branches. 2024-02-08 6.5 CVE-2023-6564
cve@gitlab.com gitlab — gitlab An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.6.7, all versions starting from 16.7 before 16.7.5, all versions starting from 16.8 before 16.8.2. It was possible for an attacker to cause a client-side denial of service using malicious crafted content in the CODEOWNERS file. 2024-02-07 6.5 CVE-2023-6736
cve@gitlab.com
cve@gitlab.com gitlab — gitlab An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR. 2024-02-07 6.7 CVE-2023-6840
cve@gitlab.com
cve@gitlab.com gitlab — gitlab An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay` 2024-02-07 6.5 CVE-2024-1066
cve@gitlab.com globalscape — cuteftp A vulnerability was found in Global Scape CuteFTP 9.3.0.3 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument Host/Username/Password leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252680. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-02-02 5.5 CVE-2024-1190
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com gnu — coreutils A flaw was found in the GNU coreutils “split” program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service. 2024-02-06 5.5 CVE-2024-0684
patrick@puiterwijk.org
patrick@puiterwijk.org
patrick@puiterwijk.org google — android In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961601; Issue ID: DTV03961601. 2024-02-05 6.7 CVE-2024-20001
security@mediatek.com google — android In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961715; Issue ID: DTV03961715. 2024-02-05 6.7 CVE-2024-20002
security@mediatek.com google — android In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358560; Issue ID: ALPS08358560. 2024-02-05 6.7 CVE-2024-20010
security@mediatek.com google — android In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358566; Issue ID: ALPS08358566. 2024-02-05 6.7 CVE-2024-20012
security@mediatek.com google — android In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08471742; Issue ID: ALPS08308608. 2024-02-05 6.7 CVE-2024-20013
security@mediatek.com google — android In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation Patch ID: ALPS07835901; Issue ID: ALPS07835901. 2024-02-05 4.4 CVE-2024-20016
security@mediatek.com graylog — graylog Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session could be used to gain elevated access to an existing Graylog login session, provided the malicious user could successfully inject their session cookie into someone else’s browser. The complexity of such an attack is high, because it requires presenting a spoofed login screen and injection of a session cookie into an existing browser, potentially through a cross-site scripting attack. No such attack has been discovered. Graylog 5.1.11 and 5.2.4, and any versions of the 6.0 development branch, contain patches to not re-use sessions under any circumstances. Some workarounds are available. Using short session expiration and explicit log outs of unused sessions can help limiting the attack vector. Unpatched this vulnerability exists, but is relatively hard to exploit. A proxy could be leveraged to clear the `authentication` cookie for the Graylog server URL for the `/api/system/sessions` endpoint, as that is the only one vulnerable. 2024-02-07 5.7 CVE-2024-24823
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com hcl — bigfix A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report. 2024-02-03 6.5 CVE-2023-37528
psirt@hcl.com hcl– devops_deploy HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent. 2024-02-03 6.2 CVE-2024-23550
psirt@hcl.com hcl_software — hcl_sametime Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the application. 2024-02-09 5.9 CVE-2023-50349
psirt@hcl.com hcl_software — hcl_sametime Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser. 2024-02-10 4 CVE-2023-45696
psirt@hcl.com hcl_software — hcl_sametime Sametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks. 2024-02-10 4.8 CVE-2023-45698
psirt@hcl.com hcltech — bigfix_platform A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page. 2024-02-02 6.1 CVE-2023-37527
psirt@hcl.com hcltech — bigfix_platform A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute. 2024-02-02 5.4 CVE-2024-23553
psirt@hcl.com hid_global — hid_iclass_se_reader_configuration_cards Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys. 2024-02-07 5.3 CVE-2024-23806
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov hid_global — iclass_se_cp1000_encoder Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys. 2024-02-06 5.9 CVE-2024-22388
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov howard_ehrenberg — custom_post_carousels_with_owl Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Howard Ehrenberg Custom Post Carousels with Owl allows Stored XSS. This issue affects Custom Post Carousels with Owl: from n/a through 1.4.6. 2024-02-10 6.5 CVE-2023-51493
audit@patchstack.com ibm — aspera_faspex IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441. 2024-02-02 5.4 CVE-2022-40744
psirt@us.ibm.com
psirt@us.ibm.com ibm — business_automation_workflow IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665. 2024-02-04 5.4 CVE-2023-50947
psirt@us.ibm.com
psirt@us.ibm.com
psirt@us.ibm.com ibm — engineering_lifecycle_optimization_publishing IBM Engineering Lifecycle Optimization – Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749. 2024-02-09 6.3 CVE-2023-45187
psirt@us.ibm.com
psirt@us.ibm.com ibm — engineering_lifecycle_optimization_publishing IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754. 2024-02-09 5.1 CVE-2023-45190
psirt@us.ibm.com
psirt@us.ibm.com ibm — i_access_client_solutions IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user’s session. The hostile server could capture the NTLM hash information to obtain the user’s credentials. IBM X-Force ID: 279091. 2024-02-09 5.1 CVE-2024-22318
psirt@us.ibm.com
psirt@us.ibm.com
psirt@us.ibm.com ibm — integration_bus_for_z/os The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972. 2024-02-09 6.5 CVE-2024-22332
psirt@us.ibm.com
psirt@us.ibm.com ibm — powersc IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site. IBM X-Force ID: 275113. 2024-02-02 6.1 CVE-2023-50933
psirt@us.ibm.com
psirt@us.ibm.com ibm — powersc IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. IBM X-Force ID: 275115. 2024-02-02 6.5 CVE-2023-50935
psirt@us.ibm.com
psirt@us.ibm.com ibm — powersc IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109. 2024-02-02 5.3 CVE-2023-50327
psirt@us.ibm.com
psirt@us.ibm.com ibm — powersc IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110. 2024-02-02 5.3 CVE-2023-50328
psirt@us.ibm.com
psirt@us.ibm.com ibm — powersc IBM PowerSC 1.3, 2.0, and 2.1 uses single-factor authentication which can lead to unnecessary risk of compromise when compared with the benefits of a dual-factor authentication scheme. IBM X-Force ID: 275114. 2024-02-02 5.3 CVE-2023-50934
psirt@us.ibm.com
psirt@us.ibm.com ibm — powersc IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131. 2024-02-02 5.4 CVE-2023-50941
psirt@us.ibm.com
psirt@us.ibm.com ibm — powersc IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the “HTTP Strict Transport Security” (HSTS) web security policy mechanism. IBM X-Force ID: 276004. 2024-02-02 5.9 CVE-2023-50962
psirt@us.ibm.com
psirt@us.ibm.com ibm — powersc IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 275128. 2024-02-02 4.3 CVE-2023-50938
psirt@us.ibm.com
psirt@us.ibm.com ibm — powervm_hypervisor IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could allow a system administrator to obtain sensitive partition information. IBM X-Force ID: 269695. 2024-02-06 5.3 CVE-2023-46183
psirt@us.ibm.com
psirt@us.ibm.com ibm — security_access_manager_container IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254657. 2024-02-07 5.5 CVE-2023-31002
psirt@us.ibm.com
psirt@us.ibm.com ibm — security_verify_access_appliance/security_verify_access_docker IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a user to download files from an incorrect repository due to improper file validation. IBM X-Force ID: 254972. 2024-02-03 5.5 CVE-2023-32329
psirt@us.ibm.com
psirt@us.ibm.com ibm — semeru_runtime IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 – 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222. 2024-02-10 5.9 CVE-2024-22361
psirt@us.ibm.com
psirt@us.ibm.com ibm — soar_qradar_plugin_app IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 260575. 2024-02-02 6.5 CVE-2023-38019
psirt@us.ibm.com
psirt@us.ibm.com ibm — soar_qradar_plugin_app IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate output written to log files. IBM X-Force ID: 260576. 2024-02-02 4.3 CVE-2023-38020
psirt@us.ibm.com
psirt@us.ibm.com ibm — sterling_b2b_integrator IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 255827. 2024-02-09 6.5 CVE-2023-32341
psirt@us.ibm.com
psirt@us.ibm.com ibm — sterling_b2b_integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559. 2024-02-09 4.3 CVE-2023-42016
psirt@us.ibm.com
psirt@us.ibm.com ibm — storage_ceph IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906. 2024-02-02 6.5 CVE-2023-46159
psirt@us.ibm.com
psirt@us.ibm.com ibm — storage_defender-resiliency_service IBM Storage Defender – Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748. 2024-02-10 4.4 CVE-2024-22312
psirt@us.ibm.com
psirt@us.ibm.com ibm — storage_defender_resiliency_service IBM Storage Defender – Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749. 2024-02-10 6.2 CVE-2024-22313
psirt@us.ibm.com
psirt@us.ibm.com ibm — storage_virtualize IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016. 2024-02-07 5.9 CVE-2023-47700
psirt@us.ibm.com
psirt@us.ibm.com ibm — tivoli_application_dependency_discovery_manager IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270271. 2024-02-02 6.1 CVE-2023-47144
psirt@us.ibm.com
psirt@us.ibm.com ibm — urbancode_deploy IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) – IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971. 2024-02-06 6.2 CVE-2024-22331
psirt@us.ibm.com
psirt@us.ibm.com ibm– powervm_hypervisor IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could reveal sensitive partition data to a system administrator. IBM X-Force ID: 257135. 2024-02-04 5.3 CVE-2023-33851
psirt@us.ibm.com
psirt@us.ibm.com icinga — icingaweb2-module-incubator icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class `gipflWebForm` is the base for various concrete form implementations [1] and provides protection against cross site request forgery (CSRF) by default. This is done by automatically adding an element with a CSRF token to any form, unless explicitly disabled, but even if enabled, the CSRF token (sent during a client’s submission of a form relying on it) is not validated. This enables attackers to perform changes on behalf of a user which, unknowingly, interacts with a prepared link or website. The version 0.22.0 is available to remedy this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-02-09 5.3 CVE-2024-24819
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com if_so_plugin — if-so_dynamic_content_personalization Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in If So Plugin If-So Dynamic Content Personalization allows Stored XSS. This issue affects If-So Dynamic Content Personalization: from n/a through 1.6.3.1. 2024-02-10 6.5 CVE-2023-51492
audit@patchstack.com indent– indent_2.2.13 A flaw was found in Indent. This issue may allow a local user to use a specially-crafted file to trigger a heap-based buffer overflow, which can lead to an application crash. 2024-02-06 5.5 CVE-2024-0911
patrick@puiterwijk.org
patrick@puiterwijk.org itop — vpn A vulnerability classified as critical was found in iTop VPN up to 4.0.0.1. Affected by this vulnerability is an unknown functionality in the library ITopVpnCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The identifier VDB-252685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-02-02 5.5 CVE-2024-1195
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com jetbrains — intellij_idea In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL 2024-02-06 5.3 CVE-2024-24941
cve@jetbrains.com jetbrains — intellij_idea In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives 2024-02-06 4.3 CVE-2024-24940
cve@jetbrains.com jetbrains — rider In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible 2024-02-06 5.3 CVE-2024-24939
cve@jetbrains.com jetbrains — teamcity In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed 2024-02-06 5.3 CVE-2024-24936
cve@jetbrains.com jetbrains — teamcity In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible 2024-02-06 5.4 CVE-2024-24937
cve@jetbrains.com jetbrains — teamcity In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation 2024-02-06 5.3 CVE-2024-24938
cve@jetbrains.com jetbrains — teamcity In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives 2024-02-06 5.3 CVE-2024-24942
cve@jetbrains.com jetbrains — toolbox In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image 2024-02-06 5.5 CVE-2024-24943
cve@jetbrains.com jgadbois — calculatorpro_calculators Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in jgadbois CalculatorPro Calculators allows Reflected XSS.This issue affects CalculatorPro Calculators: from n/a through 1.1.7. 2024-02-05 6.1 CVE-2024-24847
audit@patchstack.com jspxcms — jspxcms A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /template/1/default/. The manipulation leads to information disclosure. The attack may be launched remotely. Theexploit has been disclosed to the public and may be used. VDB-252698 is the identifier assigned to this vulnerability. 2024-02-03 5.3 CVE-2024-1200
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com juanpao — jpshop A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/controllers/admin/app/AppController.php of the component API. The manipulation of the argument app_pic_url leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252998 is the identifier assigned to this vulnerability. 2024-02-06 6.3 CVE-2024-1259
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com juanpao — jpshop A vulnerability classified as critical has been found in Juanpao JPShop up to 1.5.02. This affects the function actionIndex of the file /api/controllers/admin/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252999. 2024-02-06 6.3 CVE-2024-1260
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com juanpao — jpshop A vulnerability classified as critical was found in Juanpao JPShop up to 1.5.02. This vulnerability affects the function actionIndex of the file /api/controllers/merchant/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253000. 2024-02-06 6.3 CVE-2024-1261
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com juanpao — jpshop A vulnerability, which was classified as critical, has been found in Juanpao JPShop up to 1.5.02. This issue affects the function actionUpdate of the file /api/controllers/merchant/design/MaterialController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-253001 was assigned to this vulnerability. 2024-02-06 6.3 CVE-2024-1262
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com juanpao — jpshop A vulnerability, which was classified as critical, was found in Juanpao JPShop up to 1.5.02. Affected is the function actionUpdate of the file /api/controllers/merchant/shop/PosterController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-253002 is the identifier assigned to this vulnerability. 2024-02-06 6.3 CVE-2024-1263
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com juanpao — jpshop A vulnerability has been found in Juanpao JPShop up to 1.5.02 and classified as critical. Affected by this vulnerability is the function actionUpdate of the file /api/controllers/common/UploadsController.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253003. 2024-02-07 6.3 CVE-2024-1264
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com leanote — leanote Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR. 2024-02-07 5.5 CVE-2024-0849
help@fluidattacks.com
help@fluidattacks.com leap13 — premium_addons_for_elementor Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS. This issue affects Premium Addons for Elementor: from n/a through 4.10.16. 2024-02-10 6.5 CVE-2024-24831
audit@patchstack.com libexpat_project — libexpat libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. 2024-02-04 5.5 CVE-2023-52426
cve@mitre.org
cve@mitre.org
cve@mitre.org liferay — portal/dxp The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted PNG images. 2024-02-07 6.5 CVE-2024-25143
security@liferay.com liferay — portal/dxp Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked. 2024-02-08 5.4 CVE-2023-47798
security@liferay.com liferay — portal/dxp Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. This vulnerability occurs if locale.prepend.friendly.url.style=2 and if a custom 404 page is used. 2024-02-08 5.3 CVE-2024-25146
security@liferay.com liferay — portal/dxp In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user. This may allow remote authenticated users to impersonate a user after accessing the linked content. 2024-02-08 5.4 CVE-2024-25148
security@liferay.com liferay — portal/dxp The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame. 2024-02-08 4.1 CVE-2024-25144
security@liferay.com linecorp — central_dogma Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass. 2024-02-02 6.1 CVE-2024-1143
dl_cve@linecorp.com linksys — wrt54gl A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Affected by this issue is some unknown functionality of the file /SysInfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253328. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-02-09 4.3 CVE-2024-1404
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com linksys — wrt54gl A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253329 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-02-10 4.3 CVE-2024-1405
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com linksys — wrt54gl A vulnerability was found in Linksys WRT54GL 4.30.18. It has been declared as problematic. This vulnerability affects unknown code of the file /SysInfo1.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253330 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-02-10 4.3 CVE-2024-1406
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com linux — kernel A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key. 2024-02-04 6.5 CVE-2023-6240
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com linux — kernel A flaw was found in the Linux kernel’s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service. 2024-02-07 6.5 CVE-2023-6356
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com linux — kernel A flaw was found in the Linux kernel’s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. 2024-02-07 6.5 CVE-2023-6535
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com linux — kernel A flaw was found in the Linux kernel’s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. 2024-02-07 6.5 CVE-2023-6536
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com linux — kernel A race condition was found in the Linux kernel’s net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service. 2024-02-05 6.8 CVE-2024-24857
security@openanolis.org linux — kernel A race condition was found in the Linux kernel’s media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue. 2024-02-05 6.3 CVE-2024-24861
security@openanolis.org linux — kernel A use-after-free flaw was found in the Linux kernel’s Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. This issue could allow a local user to crash the system. 2024-02-08 5.1 CVE-2024-1312
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com linux — kernel A race condition was found in the Linux kernel’s net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service. 2024-02-05 5.3 CVE-2024-24858
security@openanolis.org linux — kernel A race condition was found in the Linux kernel’s drm/exynos device driver in exynos_drm_crtc_atomic_disable() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. 2024-02-05 4.7 CVE-2024-22386
security@openanolis.org linux — kernel A race condition was found in the Linux kernel’s sound/hda device driver in snd_hdac_regmap_sync() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. 2024-02-05 4.7 CVE-2024-23196
security@openanolis.org linux — kernel A race condition was found in the Linux kernel’s scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. 2024-02-05 4.7 CVE-2024-24855
security@openanolis.org linux — kernel A race condition was found in the Linux kernel’s net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service. 2024-02-05 4.8 CVE-2024-24859
security@openanolis.org linux — kernel A race condition was found in the Linux kernel’s bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. 2024-02-05 4.6 CVE-2024-24860
security@openanolis.org linux — kernel A race condition was found in the Linux kernel’s media/dvb-core in dvbdmx_write() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. 2024-02-05 4.7 CVE-2024-24864
security@openanolis.org lê_văn_toản  — woocommerce_vietnam_checkout Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Lê Văn Toản Woocommerce Vietnam Checkout allows Stored XSS.This issue affects Woocommerce Vietnam Checkout: from n/a through 2.0.7. 2024-02-08 5.9 CVE-2024-24885
audit@patchstack.com m2crypto — m2crypto A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. 2024-02-05 5.9 CVE-2023-50781
secalert@redhat.com
secalert@redhat.com mark_kinchin — beds24_online_booking Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS. This issue affects Beds24 Online Booking: from n/a through 2.0.23. 2024-02-10 5.9 CVE-2024-24717
audit@patchstack.com mattermost — mattermost Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post.  2024-02-09 4.3 CVE-2024-1402
responsibledisclosure@mattermost.com michael_dempfle — advanced_iframe Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS. This issue affects Advanced iFrame: from n/a through 2023.10. 2024-02-05 6.5 CVE-2024-24870
audit@patchstack.com micronaut-projects — micronaut-core Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. A malicious/compromised website can make HTTP requests to `localhost`. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are “simple” and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered. Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development. This issue has been addressed in version 3.8.3. Users are advised to upgrade. 2024-02-09 5.1 CVE-2024-23639
security-advisories@github.com
security-advisories@github.com mightythemes — mighty_addons Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MightyThemes Mighty Addons for Elementor allows Reflected XSS.This issue affects Mighty Addons for Elementor: from n/a through 1.9.3. 2024-02-05 6.1 CVE-2024-24846
audit@patchstack.com miraheze — managewiki ManageWiki is a MediaWiki extension allowing users to manage wikis. Special:ManageWiki does not escape escape interface messages on the `columns` and `help` keys on the form descriptor. An attacker may exploit this and would have a cross site scripting attack vector. Exploiting this on-wiki requires the `(editinterface)` right. Users should apply the code changes in commits `886cc6b94`, `2ef0f50880`, and `6942e8b2c` to resolve this vulnerability. There are no known workarounds for this vulnerability. 2024-02-09 6.5 CVE-2024-25109
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com miraheze — wikidiscover WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the `Language::date` function is used when making the human-readable timestamp for inclusion on the wiki_creation column. This function uses interface messages to translate the names of months and days. It uses the `->text()` output mode, returning unescaped interface messages. Since the output is not escaped later, the unescaped interface message is included on the output, resulting in an XSS vulnerability. Exploiting this on-wiki requires the `(editinterface)` right. This vulnerability has been addressed in commit `267e763a0`. Users are advised to update their installations. There are no known workarounds for this vulnerability. 2024-02-08 4.9 CVE-2024-25107
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com mjssoftware — sign_ups Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MJS Software PT Sign Ups – Beautiful volunteer sign ups and management made easy allows Stored XSS.This issue affects PT Sign Ups – Beautiful volunteer sign ups and management made easy: from n/a through 1.0.4. 2024-02-05 6.1 CVE-2024-24848
audit@patchstack.com mozilla — firefox When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. 2024-02-05 6.1 CVE-2024-0953
security@mozilla.org mpedraza2020 — intranet_del_monterroso A vulnerability was found in mpedraza2020 Intranet del Monterroso up to 4.50.0. It has been classified as critical. This affects an unknown part of the file config/cargos.php. The manipulation of the argument dni_profe leads to sql injection. Upgrading to version 4.51.0 is able to address this issue. The identifier of the patch is 678190bee1dfd64b54a2b0e88abfd009e78adce8. It is recommended to upgrade the affected component. The identifier VDB-252717 was assigned to this vulnerability. 2024-02-04 5.5 CVE-2019-25159
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com mrcms — mrcms MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do. 2024-02-02 5.4 CVE-2024-24160
cve@mitre.org munsoft — easy_archive_recovery A vulnerability classified as problematic was found in Munsoft Easy Archive Recovery 2.0. This vulnerability affects unknown code of the component Registration Key Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252676. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-02-02 5.5 CVE-2024-1186
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com munsoft — easy_outlook_express_recovery A vulnerability, which was classified as problematic, has been found in Munsoft Easy Outlook Express Recovery 2.0. This issue affects some unknown processing of the component Registration Key Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-252677 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-02-02 5.5 CVE-2024-1187
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com nagios — nagios_xi A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality from the Operation Center section. This allows any authenticated user to execute arbitrary JavaScript code on behalf of other users, including the administrators. 2024-02-02 5.4 CVE-2023-51072
cve@mitre.org nationalkeep — cybermath Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in National Keep Cyber Security Services CyberMath allows Reflected XSS.This issue affects CyberMath: from v.1.4 before v.1.5. 2024-02-02 6.1 CVE-2023-6673
iletisim@usom.gov.tr nationalkeep — cybermath Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in National Keep Cyber Security Services CyberMath allows Stored XSS.This issue affects CyberMath: from v1.4 before v1.5. 2024-02-02 5.4 CVE-2023-6672
iletisim@usom.gov.tr navicat — navicat A vulnerability was found in Navicat 12.0.29. It has been rated as problematic. This issue affects some unknown processing of the component MySQL Conecction Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252683. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-02-02 5.5 CVE-2024-1193
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com netapp — storagegrid_(formerly_storagegrid_webscale) StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to a crash of the Local Distribution Router (LDR) service. 2024-02-05 6.5 CVE-2023-27318
security-alert@netapp.com noahkagan — scroll_triggered_box Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Noah Kagan Scroll Triggered Box allows Stored XSS.This issue affects Scroll Triggered Box: from n/a through 2.3. 2024-02-05 5.4 CVE-2024-24865
audit@patchstack.com nonebot — nonebot2 nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak (e.g., environment variables) in instances where developers utilize `MessageTemplate` and incorporate user-provided data into templates. The identified vulnerability has been remedied in pull request #2509 and will be included in versions released from 2.2.0. Users are strongly advised to upgrade to these patched versions to safeguard against the vulnerability. A temporary workaround involves filtering underscores before incorporating user input into the message template. 2024-02-09 5.7 CVE-2024-21624
security-advisories@github.com
security-advisories@github.com nsasoft — network_bandwidth_monitor A vulnerability classified as problematic has been found in Nsasoft NBMonitor Network Bandwidth Monitor 1.6.5.0. This affects an unknown part of the component Registration Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252675. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-02-02 5.5 CVE-2024-1185
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com nsasoft — network_sleuth A vulnerability was found in Nsasoft Network Sleuth 3.0.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-252674 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-02-02 5.5 CVE-2024-1184
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com openbi — openbi A vulnerability, which was classified as critical, was found in openBI up to 6.0.3. Affected is the function addxinzhi of the file application/controllers/User.php of the component Phar Handler. The manipulation of the argument outimgurl leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252696. 2024-02-03 6.3 CVE-2024-1198
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com openharmony — openharmony in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input. 2024-02-02 6.2 CVE-2024-21863
scy@openharmony.io openharmony — openharmony in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read. 2024-02-02 5.5 CVE-2023-43756
scy@openharmony.io openharmony — openharmony in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read. 2024-02-02 5.5 CVE-2023-49118
scy@openharmony.io openharmony — openharmony in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input. 2024-02-02 5.5 CVE-2024-0285
scy@openharmony.io phpems — phpems A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and may be used. VDB-253226 is the identifier assigned to this vulnerability. 2024-02-09 6.3 CVE-2024-1353
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com pimcore — admin_ui_classic_bundle Pimcore’s Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually. 2024-02-07 6.5 CVE-2024-24822
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com plotly — dash Versions of the package dash-core-components before 2.13.0; all versions of the package dash-core-components; versions of the package dash before 2.15.0; all versions of the package dash-html-components; versions of the package dash-html-components before 2.0.16 are vulnerable to Cross-site Scripting (XSS) when the href of the a tag is controlled by an adversary. An authenticated attacker who stores a view that exploits this vulnerability could steal the data that’s visible to another user who opens that view – not just the data already included on the page, but they could also, in theory, make additional requests and access other data accessible to this user. In some cases, they could also steal the access tokens of that user, which would allow the attacker to act as that user, including viewing other apps and resources hosted on the same server. **Note:** This is only exploitable in Dash apps that include some mechanism to store user input to be reloaded by a different user. 2024-02-02 5.4 CVE-2024-21485
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io
report@snyk.io pyload — pyload pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451. 2024-02-06 4.7 CVE-2024-24808
security-advisories@github.com
security-advisories@github.com python — cryptography A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. 2024-02-05 5.9 CVE-2023-50782
secalert@redhat.com
secalert@redhat.com qnap — photo_station A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later 2024-02-02 5.4 CVE-2023-47561
security@qnapsecurity.com.tw qnap — qts An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. QTS 5.x, QuTS hero are not affected. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651 and later QTS 4.5.4.2627 build 20231225 and later 2024-02-02 6.5 CVE-2023-32967
security@qnapsecurity.com.tw qnap — qts An unchecked return value vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated administrators to place the system in a state that could lead to a crash or other unintended behaviors via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later 2024-02-02 6.7 CVE-2023-50359
security@qnapsecurity.com.tw qnap — qts A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later 2024-02-02 4.9 CVE-2023-41274
security@qnapsecurity.com.tw qnap — qts A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later 2024-02-02 4.9 CVE-2023-45026
security@qnapsecurity.com.tw qnap — qts A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later 2024-02-02 4.9 CVE-2023-45027
security@qnapsecurity.com.tw qnap — qts An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later 2024-02-02 4.9 CVE-2023-45028
security@qnapsecurity.com.tw qualcomm — aqt1000_firmware Transient DOS in Audio when invoking callback function of ASM driver. 2024-02-06 5.5 CVE-2023-33064
product-security@qualcomm.com qualcomm — ar8035_firmware Transient DOS in Core when DDR memory check is called while DDR is not initialized. 2024-02-06 5.5 CVE-2023-33060
product-security@qualcomm.com rapidscada — rapid_scada In Rapid Software LLC’s Rapid SCADA versions prior to Version 5.8.4, an attacker can append path traversal characters to the filename when using a specific command, allowing them to read arbitrary files from the system. 2024-02-02 6.5 CVE-2024-22096
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov rapidscada — rapid_scada In Rapid Software LLC’s Rapid SCADA versions prior to Version 5.8.4, an attacker can redirect users to malicious pages through the login page. 2024-02-02 5.4 CVE-2024-21794
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov rapidscada — rapid_scada In Rapid Software LLC’s Rapid SCADA versions prior to Version 5.8.4, the affected product responds back with an error message containing sensitive data if it receives a specific malformed request. 2024-02-02 5.3 CVE-2024-21866
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov rapidscada — rapid_scada In Rapid Software LLC’s Rapid SCADA versions prior to Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them. 2024-02-02 5.5 CVE-2024-21869
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov rdkcentral — rdk-b In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477148; Issue ID: ALPS08477148. 2024-02-05 6.7 CVE-2024-20006
security@mediatek.com realmag777 — active_products_tables_for_woocommerce_professional_products_tables_for_woocommerce_store Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store allows Stored XSS.This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store: from n/a through 1.0.6. 2024-02-10 6.5 CVE-2023-51480
audit@patchstack.com realmag777 — bear_bulk_editor_and_products_manager_professional_for_woocommerce_by_pluginus.net Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net allows Stored XSS.This issue affects BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4. 2024-02-08 5.9 CVE-2024-24834
audit@patchstack.com remyandrade — testimonial_page_manager A vulnerability classified as problematic was found in SourceCodester Testimonial Page Manager 1.0. This vulnerability affects unknown code of the file add-testimonial.php of the component HTTP POST Request Handler. The manipulation of the argument name/description/testimony leads to cross site scripting. The attack can be initiated remotely. VDB-252694 is the identifier assigned to this vulnerability. 2024-02-02 6.1 CVE-2024-1196
cna@vuldb.com
cna@vuldb.com rizonesoft — notepad3 A vulnerability, which was classified as problematic, was found in Rizone Soft Notepad3 1.0.2.350. Affected is an unknown function of the component Encryption Passphrase Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-252678 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-02-02 5.5 CVE-2024-1188
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com samsung — galaxy_store Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. 2024-02-06 5.5 CVE-2024-20822
mobile.security@samsung.com samsung — galaxy_store Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. 2024-02-06 5.5 CVE-2024-20823
mobile.security@samsung.com samsung — galaxy_store Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. 2024-02-06 5.5 CVE-2024-20824
mobile.security@samsung.com samsung — galaxy_store Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. 2024-02-06 5.5 CVE-2024-20825
mobile.security@samsung.com samsung_mobile — samsung_mobile_devices Out bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. 2024-02-06 6.6 CVE-2024-20817
mobile.security@samsung.com samsung_mobile — samsung_mobile_devices Out bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. 2024-02-06 6.6 CVE-2024-20818
mobile.security@samsung.com samsung_mobile — samsung_mobile_devices Out bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. 2024-02-06 6.6 CVE-2024-20819
mobile.security@samsung.com samsung_mobile — samsung_mobile_devices Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer. 2024-02-06 5.1 CVE-2024-20811
mobile.security@samsung.com samsung_mobile — samsung_mobile_devices Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows attacker access unauthorized information. 2024-02-06 4 CVE-2024-20814
mobile.security@samsung.com samsung_mobile — samsung_mobile_devices Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows attacker to cause an Out-Of-Bounds read. 2024-02-06 4.4 CVE-2024-20820
mobile.security@samsung.com samsung_mobile — samsung_mobile_devices Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen. 2024-02-06 4.6 CVE-2024-20827
mobile.security@samsung.com samsung_mobile — uphelper Implicit intent hijacking vulnerability in UPHelper library prior to version 4.0.0 allows local attackers to access sensitive information via implicit intent. 2024-02-06 5.5 CVE-2024-20826
mobile.security@samsung.com sepidz — sepidzdigitalmenu A vulnerability has been found in sepidz SepidzDigitalMenu up to 7.1.0728.1 and classified as problematic. This vulnerability affects unknown code of the file /Waiters. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252994 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-02-06 5.3 CVE-2024-1255
cna@vuldb.com
cna@vuldb.com snow_software — snow_inventory_agent Authentication Bypass by Spoofing vulnerability in Snow Software Snow Inventory Agent on Windows allows Signature Spoof. This issue affects Snow Inventory Agent: through 6.14.5. Customers advised to upgrade to version 7.0 2024-02-08 6 CVE-2023-7169
security@snowsoftware.com solar-log — 2000_pm+_firmware A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group function under /#ilang=DE&b=c_smartenergy_swgroups in the web portal. The vulnerability can be exploited to gain the rights of an installer or PM, which can then be used to gain administrative access to the web portal and execute further attacks. 2024-02-02 5.4 CVE-2023-46344
cve@mitre.org
cve@mitre.org spring_security — spring_security The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical Resource” and could result in an exploit. Users should update to the latest version of Spring Security to mitigate any future exploits found around this issue. 2024-02-05 4.1 CVE-2023-34042
security@vmware.com stimulsoft — dashboards Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field. 2024-02-05 5.4 CVE-2024-24397
cve@mitre.org
cve@mitre.org
cve@mitre.org suite_crm — suite_crm Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF. 2024-02-07 5 CVE-2023-6388
help@fluidattacks.com
help@fluidattacks.com tenable — nessus A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content. 2024-02-07 6.5 CVE-2024-0971
vulnreport@tenable.com tenable — nessus A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts. 2024-02-07 4.8 CVE-2024-0955
vulnreport@tenable.com thorsten — phpmyfaq phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The ‘sharing FAQ’ functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality allows any phpMyFAQ articles to be shared with 5 email addresses. Any unauthenticated actor can perform this action. There is a CAPTCHA in place, however the amount of people you email with a single request is not limited to 5 by the backend. An attacker can thus solve a single CAPTCHA and send thousands of emails at once. An attacker can utilize the target application’s email server to send phishing messages. This can get the server on a blacklist, causing all emails to end up in spam. It can also lead to reputation damages. This issue has been patched in version 3.2.5. 2024-02-05 6.5 CVE-2024-22208
security-advisories@github.com
security-advisories@github.com thorsten — phpmyfaq phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQphpmyfaqadminattachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5. 2024-02-05 6.5 CVE-2024-24574
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com thorsten — phpmyfaq phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ’s user removal page allows an attacker to spoof another user’s detail, and in turn make a compelling phishing case for removing another user’s account. The front-end of this page doesn’t allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them that this user wants to delete their account. An administrator has no way of telling the difference between the actual user wishing to delete their account or the attacker issuing this for an account they do not control. This issue has been patched in version 3.2.5. 2024-02-05 5.7 CVE-2024-22202
security-advisories@github.com
security-advisories@github.com tongda — oa_2017 A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /general/email/outbox/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-252990 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-02-06 5.5 CVE-2024-1251
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com tongda — oa_2017 A vulnerability classified as critical was found in Tongda OA 2017 up to 11.9. Affected by this vulnerability is an unknown functionality of the file /general/attendance/manage/ask_duty/delete.php. The manipulation of the argument ASK_DUTY_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252991. 2024-02-06 5.5 CVE-2024-1252
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com ujcms — jspxcms A vulnerability was found in Jspxcms 10.2.0. It has been classified as problematic. Affected is an unknown function of the file /ext/collect/find_text.do. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252996. 2024-02-06 6.1 CVE-2024-1257
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com ujcms — jspxcms A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. This issue affects some unknown processing of the file /ext/collect/filter_text.do. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252995. 2024-02-06 4.3 CVE-2024-1256
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com vercel — pkg pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by `pkg` are written to a hardcoded directory. On unix systems, this is `/tmp/pkg/*` which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable. An attacker who has access to the same local system has the ability to replace the genuine executables in the shared directory with malicious executables of the same name. A user may then run the malicious executable without realising it has been modified. This package is deprecated. Therefore, there will not be a patch provided for this vulnerability. To check if your executable build by pkg depends on native code and is vulnerable, run the executable and check if `/tmp/pkg/` was created. Users should transition to actively maintained alternatives. We would recommend investigating Node.js 21’s support for single executable applications. Given the decision to deprecate the pkg package, there are no official workarounds or remediations provided by our team. Users should prioritize migrating to other packages that offer similar functionality with enhanced security. 2024-02-09 6.6 CVE-2024-24828
security-advisories@github.com
security-advisories@github.com vmware — aria_operations_for_networks Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization. 2024-02-06 4.8 CVE-2024-22238
security@vmware.com vmware — aria_operations_for_networks Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information. 2024-02-06 4.9 CVE-2024-22240
security@vmware.com vmware — aria_operations_for_networks Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account.   2024-02-06 4.8 CVE-2024-22241
security@vmware.com websoudan — mw_wp_form Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in websoudan MW WP Form allows Stored XSS. This issue affects MW WP Form: from n/a through 5.0.6. 2024-02-10 6.5 CVE-2024-24804
audit@patchstack.com westermo — lynx A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device. 2024-02-06 6.6 CVE-2023-45213
ics-cert@hq.dhs.gov westermo — lynx An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the “forward.0.domain” parameter. 2024-02-06 5.4 CVE-2023-40143
ics-cert@hq.dhs.gov westermo — lynx An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications. 2024-02-06 5.7 CVE-2023-40544
ics-cert@hq.dhs.gov westermo — lynx An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the “username” parameter in the SNMP configuration. 2024-02-06 5.4 CVE-2023-42765
ics-cert@hq.dhs.gov westermo — lynx An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the “autorefresh” parameter. 2024-02-06 5.4 CVE-2023-45222
ics-cert@hq.dhs.gov westermo — lynx An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the “dns.0.server” parameter. 2024-02-06 5.4 CVE-2023-45227
ics-cert@hq.dhs.gov western_digital — my_cloud_os_5 Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing DNS addresses that refer to loopback. This issue affects My Cloud OS 5 devices before 5.27.161, My Cloud Home, My Cloud Home Duo and SanDisk ibi devices before 9.5.1-104.  2024-02-05 5.5 CVE-2023-22817
psirt@wdc.com western_digital — my_cloud_os_5 An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.5.1-104; ibi: before 9.5.1-104; My Cloud OS 5: before 5.27.161. 2024-02-05 4.9 CVE-2023-22819
psirt@wdc.com wolfssl — wolfssl wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: –enable-all CFLAGS=”-DWOLFSSL_STATIC_RSA” The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6.  Therefore the default build since 3.6.6, even with “–enable-all”, is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent. The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However, the server’s private key is not exposed. 2024-02-09 5.9 CVE-2023-6935
facts@wolfssl.com
facts@wolfssl.com wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MyAgilePrivacy My Agile Privacy – The only GDPR solution for WordPress that you can truly trust allows Stored XSS.This issue affects My Agile Privacy – The only GDPR solution for WordPress that you can truly trust: from n/a through 2.1.7. 2024-02-10 6.5 CVE-2023-51404
audit@patchstack.com wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform allows Stored XSS.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 3.2.2. 2024-02-10 6.5 CVE-2023-51415
audit@patchstack.com wordpress — wordpress The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcodes in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-08 6.4 CVE-2023-5665
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The Meta Box – WordPress Custom Fields Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta values displayed through the plugin’s shortcode in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-05 6.4 CVE-2023-6526
security@wordfence.com
security@wordfence.com wordpress — wordpress The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode and postmeta in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-05 6.4 CVE-2023-6982
security@wordfence.com
security@wordfence.com wordpress — wordpress The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins that can be used to gain further access to a compromised site. 2024-02-05 6.5 CVE-2023-6985
security@wordfence.com
security@wordfence.com wordpress — wordpress The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including 9.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability was partially fixed in version 9.7.6. 2024-02-05 6.4 CVE-2023-7029
security@wordfence.com
security@wordfence.com wordpress — wordpress The (Simply) Guest Author Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s post meta in all versions up to, and including, 4.34 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-05 6.4 CVE-2024-0254
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-07 6.4 CVE-2024-0256
security@wordfence.com
security@wordfence.com wordpress — wordpress The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s widget URL parameters in all versions up to, and including, 8.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-05 6.4 CVE-2024-0448
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Pricing Table Elementor Widget in all versions up to, and including, 2.10.27 due to insufficient input sanitization and output escaping on the user supplied link URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-05 6.4 CVE-2024-0508
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘request’ parameter in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-02-05 6.1 CVE-2024-0509
security@wordfence.com
security@wordfence.com wordpress — wordpress The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Login/Register Element in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the custom login URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-05 6.5 CVE-2024-0586
security@wordfence.com
security@wordfence.com wordpress — wordpress The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the update_settings function. This makes it possible for unauthenticated attackers to change form settings and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-02-05 6.1 CVE-2024-0660
security@wordfence.com
security@wordfence.com wordpress — wordpress The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the ‘process_bulk_action’ function. This makes it possible for authenticated attacker, with administrator access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 2024-02-05 6.6 CVE-2024-0668
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The Order Delivery Date for WP e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘available-days-tf’ parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-05 6.5 CVE-2024-0678
security@wordfence.com
security@wordfence.com wordpress — wordpress The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘add_image_from_url’ function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Editor access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. 2024-02-05 6.6 CVE-2024-0699
security@wordfence.com
security@wordfence.com wordpress — wordpress The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_to parameter in all versions up to, and including, 1.12.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-05 6.4 CVE-2024-0834
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting through editing context via the ‘data-eael-wrapper-link’ wrapper in all versions up to, and including, 5.9.7 due to insufficient input sanitization and output escaping on user supplied protocols. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-05 6.4 CVE-2024-0954
security@wordfence.com
security@wordfence.com wordpress — wordpress The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to, and including, 1.58.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-05 6.4 CVE-2024-0961
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-02-07 6.1 CVE-2024-1037
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin ‘reg-number-field’ shortcode in all versions up to, and including, 4.14.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-05 6.4 CVE-2024-1046
security@wordfence.com
security@wordfence.com wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Calculators World CC BMI Calculator allows Stored XSS. This issue affects CC BMI Calculator: from n/a through 2.0.1. 2024-02-10 6.5 CVE-2024-23516
audit@patchstack.com wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Start Booking Scheduling Plugin – Online Booking for WordPress allows Stored XSS. This issue affects Scheduling Plugin – Online Booking for WordPress: from n/a through 3.5.10. 2024-02-10 6.5 CVE-2024-23517
audit@patchstack.com wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Team Heateor Heateor Social Login WordPress allows Stored XSS. This issue affects Heateor Social Login WordPress: from n/a through 1.1.30. 2024-02-10 6.5 CVE-2024-24712
audit@patchstack.com wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Auto Listings Auto Listings – Car Listings & Car Dealership Plugin for WordPress allows Stored XSS. This issue affects Auto Listings – Car Listings & Car Dealership Plugin for WordPress: from n/a through 2.6.5. 2024-02-10 6.5 CVE-2024-24713
audit@patchstack.com wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in LogicHunt OWL Carousel – WordPress Owl Carousel Slider allows Stored XSS. This issue affects OWL Carousel – WordPress Owl Carousel Slider: from n/a through 1.4.0. 2024-02-10 6.5 CVE-2024-24801
audit@patchstack.com wordpress — wordpress Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPoperation Ultra Companion – Companion plugin for WPoperation Themes allows Stored XSS. This issue affects Ultra Companion – Companion plugin for WPoperation Themes: from n/a through 1.1.9. 2024-02-10 6.5 CVE-2024-24803
audit@patchstack.com wordpress — wordpress The Events Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route function hooked into wp_ajax_nopriv_tribe_dropdown. This makes it possible for unauthenticated attackers to extract potentially sensitive data including post titles and IDs of pending, private and draft posts. 2024-02-05 5.3 CVE-2023-6557
security@wordfence.com
security@wordfence.com wordpress — wordpress The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-05 5.4 CVE-2023-6701
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The GeneratePress Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s custom meta output in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-05 5.4 CVE-2023-6807
security@wordfence.com
security@wordfence.com wordpress — wordpress The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 1.0.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-05 5.4 CVE-2023-6808
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress This plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on the ‘place_id’ attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-05 5.4 CVE-2023-6884
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting ‘g-recaptcha-response’ from the ‘data’ array. 2024-02-05 5.3 CVE-2023-6963
security@wordfence.com
security@wordfence.com wordpress — wordpress The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the ‘ma_debu’ parameter. This makes it possible for unauthenticated attackers to extract sensitive data including post author emails and names if applicable. 2024-02-05 5.3 CVE-2023-7014
security@wordfence.com
security@wordfence.com wordpress — wordpress The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wprm-recipe-text-share’ shortcode in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-05 5.4 CVE-2024-0255
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 9.1.0 due to unrestricted use of the ‘header_tag’ attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-05 5.4 CVE-2024-0382
security@wordfence.com
security@wordfence.com wordpress — wordpress The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Recipe Notes in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-05 5.4 CVE-2024-0384
security@wordfence.com
security@wordfence.com wordpress — wordpress The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Filterable Gallery widget in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the Image URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-05 5.4 CVE-2024-0585
security@wordfence.com
security@wordfence.com wordpress — wordpress The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editor_html() function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to view password protected and draft posts. 2024-02-10 5.3 CVE-2024-0596
security@wordfence.com
security@wordfence.com wordpress — wordpress The Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manger-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-05 5.5 CVE-2024-0659
security@wordfence.com
security@wordfence.com wordpress — wordpress The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. It may also be possible to socially engineer an administrator into uploading a malicious folder import. 2024-02-05 5.5 CVE-2024-0691
security@wordfence.com
security@wordfence.com wordpress — wordpress The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the ‘Disabled registration’ Membership feature within the plugin’s General settings. This makes it possible for unauthenticated attackers to register an account even when account registration has been disabled by an administrator. 2024-02-05 5.3 CVE-2024-0701
security@wordfence.com
security@wordfence.com wordpress — wordpress The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.1. This is due to missing or incorrect nonce validation on the wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term functions. This makes it possible for unauthenticated attackers to create, modify and delete taxonomy terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Furthermore, the functions wpbe_save_options, wpbe_bulk_delete_posts_count, wpbe_bulk_delete_posts, and wpbe_save_meta are vulnerable to Cross-Site Request Forgery allowing for plugin options update, post count deletion, post deletion and modification of post metadata via forged request. 2024-02-05 5.4 CVE-2024-0790
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Link To’ url in carousels in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-05 5.4 CVE-2024-0823
security@wordfence.com
security@wordfence.com wordpress — wordpress The PDF Flipbook, 3D Flipbook – DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to, and including, 2.2.26 due to insufficient input sanitization and output escaping on user supplied data. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-03 5.4 CVE-2024-0895
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s CP_CALCULATED_FIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied ‘location’ attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-02 5.4 CVE-2024-0963
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin’s page restriction and view page content. 2024-02-08 5.3 CVE-2024-0965
security@wordfence.com
security@wordfence.com wordpress — wordpress The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin’s “Default Restriction” feature and view restricted post content. 2024-02-05 5.3 CVE-2024-0969
security@wordfence.com
security@wordfence.com wordpress — wordpress The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in all versions up to, and including, 2.10.28. This makes it possible for unauthenticated attackers to update the connected API keys. 2024-02-02 5.3 CVE-2024-1047
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s buttons in all versions up to, and including, 2.7.14 due to insufficient input sanitization and output escaping on user supplied URL values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-07 5.4 CVE-2024-1055
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘filter_array’ parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-02-02 5.4 CVE-2024-1073
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz results which can contain PII. 2024-02-07 5.3 CVE-2024-1079
security@wordfence.com
security@wordfence.com wordpress — wordpress The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin’s tracking data and podcast information. 2024-02-07 5.3 CVE-2024-1109
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin’s settings. 2024-02-07 5.3 CVE-2024-1110
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_json_file() function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings. 2024-02-05 5.3 CVE-2024-1121
security@wordfence.com
security@wordfence.com wordpress — wordpress The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data. 2024-02-09 5.3 CVE-2024-1122
security@wordfence.com
security@wordfence.com wordpress — wordpress The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs 2024-02-05 5.3 CVE-2024-1177
security@wordfence.com
security@wordfence.com wordpress — wordpress The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions. 2024-02-05 5.3 CVE-2024-1208
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads. 2024-02-05 5.3 CVE-2024-1209
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes. 2024-02-05 5.3 CVE-2024-1210
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full file paths if they have access to a back-up ID. 2024-02-05 4.3 CVE-2023-4637
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The PDF Generator For Fluent Forms – The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The exploitation level depends on who is granted the right to create forms by an administrator. This level can be as low as contributor, but by default is admin. 2024-02-05 4.9 CVE-2023-6953
security@wordfence.com
security@wordfence.com wordpress — wordpress The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptcha_api_key_manage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete the ‘Recaptcha Site Key’ and ‘Recaptcha Secret Key’ settings. 2024-02-05 4.3 CVE-2023-6959
security@wordfence.com
security@wordfence.com wordpress — wordpress The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vg_display_data shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve potentially sensitive post meta. 2024-02-05 4.3 CVE-2023-6983
security@wordfence.com
security@wordfence.com wordpress — wordpress The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences and potentially other user settings. 2024-02-05 4.3 CVE-2024-0366
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘save_view’ function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts. 2024-02-05 4.3 CVE-2024-0370
security@wordfence.com
security@wordfence.com wordpress — wordpress The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘create_view’ function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views. 2024-02-05 4.3 CVE-2024-0371
security@wordfence.com
security@wordfence.com wordpress — wordpress The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘get_form_fields’ function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views. 2024-02-05 4.3 CVE-2024-0372
security@wordfence.com
security@wordfence.com wordpress — wordpress The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the ‘save_view’ function. This makes it possible for unauthenticated attackers to modify arbitrary post titles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-02-05 4.3 CVE-2024-0373
security@wordfence.com
security@wordfence.com wordpress — wordpress The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the ‘create_view’ function. This makes it possible for unauthenticated attackers to create views via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-02-05 4.3 CVE-2024-0374
security@wordfence.com
security@wordfence.com wordpress — wordpress The WP Recipe Maker plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 9.1.0 via the ‘icon’ attribute used in Shortcodes. This makes it possible for authenticated attackers, with contributor-level access and above, to include the contents of SVG files on the server, which can be leveraged for Cross-Site Scripting. 2024-02-05 4.3 CVE-2024-0380
security@wordfence.com
security@wordfence.com wordpress — wordpress The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the wpr_update_form_action_meta function. This makes it possible for unauthenticated attackers to post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-02-08 4.3 CVE-2024-0511
security@wordfence.com
security@wordfence.com wordpress — wordpress The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpas_get_users() function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve user data such as emails. 2024-02-10 4.3 CVE-2024-0595
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 12.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-02-05 4.4 CVE-2024-0597
security@wordfence.com
security@wordfence.com wordpress — wordpress The Content Views – Post Grid, Slider, Accordion (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-02-05 4.4 CVE-2024-0612
security@wordfence.com
security@wordfence.com wordpress — wordpress The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-02-05 4.4 CVE-2024-0630
security@wordfence.com
security@wordfence.com wordpress — wordpress The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as ‘ilj_settings_field_links_per_page’ in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-02-09 4.4 CVE-2024-0657
security@wordfence.com
security@wordfence.com wordpress — wordpress The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on the wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term functions in all versions up to, and including, 1.0.8.1. This makes it possible for authenticated attackers, with subscriber access or higher, to create, delete or modify taxonomy terms. 2024-02-05 4.3 CVE-2024-0791
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6.1. This is due to missing or incorrect nonce validation on several functions corresponding to AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-02-05 4.3 CVE-2024-0796
security@wordfence.com
security@wordfence.com wordpress — wordpress The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible for subscribers and higher to execute functions intended for admin use. 2024-02-05 4.3 CVE-2024-0797
security@wordfence.com
security@wordfence.com wordpress — wordpress The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissed_handler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to true and not arbitrary values. 2024-02-05 4.3 CVE-2024-0835
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.34. This is due to missing or incorrect nonce validation on the process_bulk_action function in ListAffiliatesTable.php. This makes it possible for unauthenticated attackers to delete affiliates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-02-05 4.3 CVE-2024-0859
security@wordfence.com
security@wordfence.com
security@wordfence.com wordpress — wordpress The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin’s timeline widget in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, changes the slideshow type, and then changes it back to an image. 2024-02-07 4.4 CVE-2024-0977
security@wordfence.com
security@wordfence.com wordpress — wordpress The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary quizzes. 2024-02-07 4.3 CVE-2024-1078
security@wordfence.com
security@wordfence.com wordpress — wordpress The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for authenticated attackers, with contributor access or higher, to create, edit or delete feed categories created by them. 2024-02-05 4.3 CVE-2024-1092
security@wordfence.com
security@wordfence.com wordpress — wordpress The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the register_reference() function. This makes it possible for unauthenticated attackers to update the connected API keys via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-02-02 4.3 CVE-2024-1162
security@wordfence.com
security@wordfence.com wp_hosting — pay_with_vipps_and_mobilepay_for_woocommerce Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Hosting Pay with Vipps and MobilePay for WooCommerce allows Stored XSS. This issue affects Pay with Vipps and MobilePay for WooCommerce: from n/a through 1.14.13. 2024-02-10 6.5 CVE-2023-51485
audit@patchstack.com wpsc-plugin — structured_content Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc allows Stored XSS.This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.6.1. 2024-02-05 5.4 CVE-2024-24839
audit@patchstack.com xunruicms — xunruicms Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login. 2024-02-02 6.1 CVE-2024-24388
cve@mitre.org zabbix — zabbix The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section. 2024-02-09 5.5 CVE-2024-22119
security@zabbix.com