ReportizFlow
Filtered by vendor
Subscriptions
Total
323571 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-51721 | 1 Blackberry | 1 Secusuite | 2024-11-13 | 7.3 High |
| A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other executable content into the server that would run with root privilege. | ||||
| CVE-2024-48989 | 1 Boschrexrothag | 1 Indradrive Fwa Indrv Mp | 2024-11-13 | 7.5 High |
| A vulnerability in the PROFINET stack implementation of the IndraDrive (all versions) of Bosch Rexroth allows an attacker to cause a denial of service, rendering the device unresponsive by sending arbitrary UDP messages. | ||||
| CVE-2024-10794 | 2024-11-13 | 4.3 Medium | ||
| The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.6 via the 'bhf' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created via Elementor that they should not have access to. | ||||
| CVE-2024-10882 | 2024-11-13 | 6.1 Medium | ||
| The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-10816 | 1 Sodahead | 1 Luna Radio Player | 2024-11-13 | 7.5 High |
| The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.24.01.24 via the js/fallback.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2024-10852 | 2024-11-13 | 4.3 Medium | ||
| The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the buy_one_click_export_options AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export plugin settings. | ||||
| CVE-2024-8985 | 2024-11-13 | 6.4 Medium | ||
| The Social Proof (Testimonial) Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spslider-block shortcode in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-8935 | 1 Schneider-electric | 3 Modicon M340 Bmxp341000, Modicon Mc80 Bmkc8020301, Modicon Momentum Unity M1e Processor | 2024-11-13 | 7.5 High |
| CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the controller and the engineering workstation while a valid user is establishing a communication session. This vulnerability is inherent to Diffie Hellman algorithm which does not protect against Man-In-The-Middle attacks. | ||||
| CVE-2024-8933 | 1 Schneider-electric | 3 Modicon M340, Modicon Mc80, Modicon Momentum Unity M1e Processor | 2024-11-13 | 7.5 High |
| CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of confidentiality and integrity of controllers. To be successful, the attacker needs to inject themself inside the logical network while a valid user uploads or downloads a project file into the controller. | ||||
| CVE-2024-6442 | 1 Zephyrproject | 1 Zephyr | 2024-11-13 | 6.3 Medium |
| In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow. | ||||
| CVE-2024-6444 | 1 Zephyrproject | 1 Zephyr | 2024-11-13 | 6.3 Medium |
| No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c. | ||||
| CVE-2024-50353 | 2 Iowa Computer Gurus, Iowacomputergurus | 2 Aspnetcore.utilites.cloudstorage, Aspnetcore.utilities.cloudstorage | 2024-11-13 | 5.3 Medium |
| ICG.AspNetCore.Utilities.CloudStorage is a collection of cloud storage utilities to assist with the management of files for cloud upload. Users of this library that set a duration for a SAS Uri with a value other than 1 hour may have generated a URL with a duration that is longer, or shorter than desired. Users not implemented SAS Uri's are unaffected. This issue was resolved in version 8.0.0 of the library. | ||||
| CVE-2024-47769 | 2 Idurar Project, Idurarapp | 2 Idurar, Idurar | 2024-11-13 | 7.5 High |
| IDURAR is open source ERP CRM accounting invoicing software. The vulnerability exists in the corePublicRouter.js file. Using the reference usage here, it is identified that the public endpoint is accessible to an unauthenticated user. The user's input is directly appended to the join statement without additional checks. This allows an attacker to send URL encoded malicious payload. The directory structure can be escaped to read system files by adding an encoded string (payload) at subpath location. | ||||
| CVE-2024-43919 | 1 Yarpp | 2 Yarpp, Yet Another Related Posts Plugin | 2024-11-13 | 5.3 Medium |
| Access Control vulnerability in YARPP YARPP allows . This issue affects YARPP: from n/a through 5.30.10. | ||||
| CVE-2024-47768 | 1 Lifplatforms | 1 Lif Authentication Server | 2024-11-13 | 8.1 High |
| Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacker knew the email of the target, they could supply the email and immediately prompt the server to update the password without ever needing the code. This issue has been patched in version 1.7.3. | ||||
| CVE-2024-47765 | 1 Jgniecki | 2 Minecraft Motd Parser, Minecraftmotdparser | 2024-11-13 | 6.1 Medium |
| Minecraft MOTD Parser is a PHP library to parse minecraft server motd. The HtmlGenerator class is subject to potential cross-site scripting (XSS) attack through a parsed malformed Minecraft server MOTD. The HtmlGenerator iterates through objects of MotdItem that are contained in an object of MotdItemCollection to generate a HTML string. An attacker can make malicious inputs to the color and text properties of MotdItem to inject own HTML into a web page during web page generation. For example by sending a malicious MOTD from a Minecraft server under their control that was queried and passed to the HtmlGenerator. This XSS vulnerability exists because the values of these properties are neither filtered nor escaped. This vulnerability is fixed in 1.0.6. | ||||
| CVE-2024-50491 | 2 Micah Blu, Micahblu | 2 Rvsp Me, Rsvp Me | 2024-11-13 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Micah Blu RSVP ME allows SQL Injection.This issue affects RSVP ME: from n/a through 1.9.9. | ||||
| CVE-2024-43314 | 1 Gabelivan | 1 Asset Cleanup | 2024-11-13 | 4.3 Medium |
| Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Speed Booster: from n/a through 1.3.9.3. | ||||
| CVE-2024-43332 | 1 Meowapps | 1 Photo Engine | 2024-11-13 | 4.3 Medium |
| Missing Authorization vulnerability in Jordy Meow Photo Engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Engine: from n/a through 6.4.0. | ||||
| CVE-2024-43341 | 1 Cozythemes | 1 Hello Agency | 2024-11-13 | 6.5 Medium |
| Missing Authorization vulnerability in CozyThemes Hello Agency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hello Agency: from n/a through 1.0.5. | ||||