ReportizFlow
Filtered by vendor
Subscriptions
Total
322985 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7059 | 1 Genetec | 1 Security Center | 2024-11-10 | 8 High |
| A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the Web SDK role was found in the Genetec Security Center product line. | ||||
| CVE-2024-44952 | 1 Redhat | 1 Enterprise Linux | 2024-11-09 | 5.5 Medium |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-47463 | 1 Arubanetworks | 2 Arubaos, Instant | 2024-11-09 | 7.2 High |
| An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system. | ||||
| CVE-2024-47462 | 1 Arubanetworks | 2 Arubaos, Instant | 2024-11-09 | 7.2 High |
| An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system. | ||||
| CVE-2024-47461 | 1 Arubanetworks | 2 Arubaos, Instant | 2024-11-09 | 7.2 High |
| An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. A successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying host operating system. | ||||
| CVE-2024-47460 | 1 Arubanetworks | 2 Arubaos, Instant | 2024-11-09 | 9 Critical |
| Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2024-42509 | 1 Arubanetworks | 2 Arubaos, Instant | 2024-11-09 | 9.8 Critical |
| Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2024-9180 | 1 Hashicorp | 1 Vault | 2024-11-09 | 7.2 High |
| A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16. | ||||
| CVE-2024-44021 | 1 Truepush | 1 Truepush | 2024-11-09 | 5.4 Medium |
| Missing Authorization vulnerability in Truepush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Truepush: from n/a through 1.0.8. | ||||
| CVE-2024-44031 | 1 Beardev | 1 Joomsport | 2024-11-09 | 4.3 Medium |
| Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.6.3. | ||||
| CVE-2024-44052 | 1 Helloasso | 1 Helloasso | 2024-11-09 | 4.3 Medium |
| Missing Authorization vulnerability in HelloAsso allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HelloAsso: from n/a through 1.1.10. | ||||
| CVE-2024-10028 | 1 Everestthemes | 1 Everest Backup | 2024-11-09 | 7.5 High |
| The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via the exposed process stats file during the backup process. This makes it possible for unauthenticated attackers to obtain an archive file name and download the site's backup. | ||||
| CVE-2024-10647 | 1 Westguardsolutions | 1 Ws Form | 2024-11-09 | 6.1 Medium |
| The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.244. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-10535 | 1 Martinvalchev | 1 Video Gallery For Woocommerce | 2024-11-09 | 5.3 Medium |
| The Video Gallery for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the remove_unused_thumbnails() function in all versions up to, and including, 1.31. This makes it possible for unauthenticated attackers to delete thumbnails in the video-wc-gallery-thumb directory. | ||||
| CVE-2024-10543 | 1 Tumult | 1 Tumult Hype Animations | 2024-11-09 | 4.3 Medium |
| The Tumult Hype Animations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hypeanimations_getcontent function in all versions up to, and including, 1.9.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve animation information. | ||||
| CVE-2024-6626 | 2 Theinnovs, Thelnnovs | 2 Eleforms, Eleforms | 2024-11-09 | 5.3 Medium |
| The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several functions in all versions up to, and including, 2.9.9.9. This makes it possible for unauthenticated attackers to view form submissions. | ||||
| CVE-2024-9307 | 1 Themelooks | 2 Mfolio, Mfolio Lite | 2024-11-09 | 9.9 Critical |
| The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file or upload arbitrary EXE files on the affected site's server which may make remote code execution possible if the attacker can also gain access to run the .exe file, or trick a site visitor into downloading and running the .exe file. | ||||
| CVE-2024-43998 | 1 Websiteinwp | 1 Blogpoet | 2024-11-09 | 6.5 Medium |
| Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3. | ||||
| CVE-2024-43982 | 2 Geek Code Lab, Geekcodelab | 2 Login As Users, Login As Users | 2024-11-09 | 8.8 High |
| Missing Authorization vulnerability in Geek Code Lab Login As Users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login As Users: from n/a through 1.4.3. | ||||
| CVE-2024-43981 | 1 Ayecode | 1 Geodirectory | 2024-11-09 | 4.3 Medium |
| Missing Authorization vulnerability in AyeCode – WP Business Directory Plugins GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GeoDirectory: from n/a through 2.3.70. | ||||