Vulnerability Notes
- CVE-2024-7101 | ForIP Tecnologia AdministraĆ§Ć£o PABX 1.x Authentication Form /login usuario sql injection
- CVE-2024-37084 | VMware Spring Cloud Data Flow up to 2.11.3 Skipper Server API unrestricted upload
- CVE-2024-41706 | Archer Trusted Application Data Store cross site scripting
- CVE-2024-41705 | Archer Platform up to 2024.04 Trusted Application Data Store cross site scripting
- CVE-2024-41707 | Archer Platform up to 2024.04 Trusted Application Data Store cross site scripting
- CVE-2024-6972 | Octopus Server prior 2024.1.12759/2024.2.9193 sensitive log file
- CVE-2024-4811 | Octopus Server prior 2023.4.8608/2024.1.12759/2024.2.9193 Project Artifact access control
- CVE-2024-6589 | LearnPress Plugin up to 4.2.6.8.2 on WordPress file inclusion
- CVE-2024-7047 | GitLab Community Edition/Enterprise Edition up to 17.0.4/17.1.2/17.2.0 cross site scripting (Issue 455318)
- CVE-2024-7057 | GitLab Community Edition/Enterprise Edition up to 17.0.4/17.1.2/17.2.0 improper authorization (Issue 458501)
- CVE-2024-7060 | GitLab Community Edition/Enterprise Edition up to 17.0.4/17.1.2/17.2.0 Resultant Export information disclosure (Issue 437894)
- CVE-2024-5067 | GitLab Enterprise Edition up to 17.0.4/17.1.2/17.2.0 Setting information disclosure (Issue 458504)
- CVE-2024-7091 | GitLab Community Edition/Enterprise Edition up to 17.0.4/17.1.2/17.2.0 information disclosure (Issue 408469)
- CVE-2024-0231 | GitLab Community Edition/Enterprise Edition up to 17.0.4/17.1.2/17.2.0 resource injection (Issue 437103)
- CVE-2024-41466 | Tenda FH1201 1.2.0.14 NatStaticSetting page stack-based overflow
- CVE-2024-41460 | Tenda FH1201 1.2.0.14 ip/goform/RouteStatic entrys stack-based overflow
- CVE-2024-41462 | Tenda FH1201 1.2.0.14 ip/goform/DhcpListClient page stack-based overflow
- CVE-2024-41463 | Tenda FH1201 1.2.0.14 ip/goform/addressNat entrys stack-based overflow
- CVE-2024-41465 | Tenda FH1201 1.2.0.14 ip/goform/setcfm funcpara1 stack-based overflow
- CVE-2024-41459 | Tenda FH1201 1.2.0.14 ip/goform/QuickIndex PPPOEPassword stack-based overflow
- CVE-2024-41461 | Tenda FH1201 1.2.0.14 ip/goform/DhcpListClient list1 stack-based overflow
- CVE-2024-41464 | Tenda FH1201 1.2.0.14 ip/goform/RouteStatic mitInterface stack-based overflow
- CVE-2024-36534 | hwameistor 0.14.3 permission
- CVE-2024-36537 | cert-manager 1.14.4 permission
- CVE-2024-40575 | Huawei openGauss 7.3.0 Table Attribute denial of service
- CVE-2024-36533 | volcano 1.8.2 permission
- CVE-2024-36536 | fabedge 0.8.1 permission
- CVE-2024-36538 | chaos-mesh 2.6.3 permission
- CVE-2024-40495 | Linksys E2500 2.0.00 hnd_parentalctrl_unblock Privilege Escalation
- CVE-2024-36535 | meshery 0.7.51 permission
- CVE-2024-36539 | contour 1.28.3 permission
- CVE-2024-36540 | external-secrets 0.9.16 permission
- CVE-2024-31977 | Adtran 834-5 11.1.0.101-202106231430 Ping/Traceroute os command injection
- CVE-2024-22444 | HPE Aruba Networking EdgeConnect SD-WAN Orchestrator up to 9.1.9/9.2.9/9.3.2/9.4.1 Web-based Management Interface cross site scripting
- CVE-2024-21684 | Atlassian Bitbucket Data Center up to 8.19.5 redirect
- CVE-2024-36541 | logging-operator 4.6.0 permission
- CVE-2024-41914 | HPE Aruba Networking EdgeConnect SD-WAN Orchestrator up to 9.1.9/9.2.9/9.3.2/9.4.1 Web-based Management Interface cross site scripting
- CVE-2024-41662 | vnotex vnote up to 3.18.1 Markdown Parser cross site scripting (GHSA-w655-h68w-vxxc)
- CVE-2024-31971 | Adtran NetVanta 3120 18.01.01.00.E /mainPassword.html cross site scripting
- CVE-2024-7079 | Red Hat OpenShift Container Platform 3.11/4 /API/helm/verify authHandlerWithUser missing authentication
- CVE-2024-40422 | stitionai devika get-browser-snapshot snapshot_path path traversal
- CVE-2024-41110 | Docker Engine/moby AuthZ partial string comparison (GHSA-v23v-6jw2-98fq)
- CVE-2024-37533 | IBM InfoSphere Information Server 11.7 unknown vulnerability (XFDB-294727)
- CVE-2024-41672 | DuckDB up to 1.0.0 /etc/hosts sniff_csv information disclosure (GHSA-w2gf-jxc9-pf2q)
- CVE-2024-31970 | Adtran SRG 834-5 HDC17600021F1 11.1.1.1 SSH Service improper authorization
- CVE-2024-41551 | Campcodes Supplier Management System 1.0 view_order_items.php id sql injection
- CVE-2024-39345 | Adtran 834-5 HDC17600021F1 11.1.1.1 SSH Service hard-coded password
- CVE-2024-41550 | Campcodes Supplier Management System 1.0 view_invoice_items.php id sql injection
- CVE-2024-41667 | OpenIdentityPlatform OpenAM up to 15.0.3 RealmOAuth2ProviderSettings.java getCustomLoginUrlTemplate code injection (GHSA-7726-43hg-m23v)
- CVE-2024-41136 | HPE Aruba Networking EdgeConnect SD-WAN up to 9.1.11.0/9.2.9.0/9.3.3.0 Command Line Interface Parser command injection
- CVE-2024-41135 | HPE Aruba Networking EdgeConnect SD-WAN up to 9.1.11.0/9.2.9.0/9.3.3.0 Command Line Interface Parser os command injection
- CVE-2024-41134 | HPE Aruba Networking EdgeConnect SD-WAN up to 9.1.11.0/9.2.9.0/9.3.3.0 Command Line Interface Parser os command injection
- CVE-2024-41133 | HPE Aruba Networking EdgeConnect SD-WAN up to 9.1.11.0/9.2.9.0/9.3.3.0 Command Line Interface Parser os command injection
- CVE-2024-40137 | Dolibarr ERP CRM up to 19.0.2-php8.1 Users Module Setup Privilege Escalation
- CVE-2024-41666 | argoproj argo-cd up to 2.9.20/2.10.15/2.11.6 privileges management (GHSA-v8wx-v5jq-qhhw)
- CVE-2024-22443 | HPE Aruba Networking EdgeConnect SD-WAN Orchestrator up to 9.1.9/9.2.9/9.3.2/9.4.1 Web-based Management Interface prototype pollution
- CVE-2024-33519 | HPE Aruba Networking EdgeConnect SD-WAN up to 9.1.11.0/9.2.9.0/9.3.3.0 Web-based Management Interface prototype pollution
- CVE-2024-7081 | itsourcecode Tailoring Management System 1.0 expcatadd.php title sql injection
- CVE-2024-7080 | SourceCodester Insurance Management System 1.0 /E-Insurance/ direct request
- CVE-2024-6327 | Progress Telerik Report Server up to 18.1.24.514 deserialization
- CVE-2024-6096 | Progress Telerik Reporting up to 18.1.24.514 unknown vulnerability
- CVE-2023-45249 | Acronis Cyber Infrastructure default password
- CVE-2024-6197 | libcURL up to 8.6.0/8.7.0/8.7.1/8.8.0 ASN1 Parser utf8asn1str free of memory not on the heap
- CVE-2023-32471 | Dell Edge Gateway 5200/Edge Gateway 3200 prior 1.05.10 BIOS out-of-bounds (dsa-2023-225)
- CVE-2023-32466 | Dell Edge Gateway 3200 prior 1.03.10 BIOS out-of-bounds write (dsa-2023-225)
- CVE-2024-3297 | Connectivity Standards Alliance Matter up to 1.0 resource consumption
- CVE-2024-6874 | libcURL 8.8.0 API curl_url_get buffer over-read
- CVE-2024-3454 | Connectivity Standards Alliance connectedhomeip SDK 1.2.0.1 Matter Protocol information exposure
- CVE-2024-6629 | plugins360 All-in-One Video Gallery Plugin up to 3.7.1 on WordPress Shortcode cross site scripting
- CVE-2024-6094 | WP ULike Plugin up to 4.7.0 on WordPress Setting cross site scripting
- CVE-2024-6836 | amans2k Funnel Builder Plugin up to 3.4.6 on WordPress authorization
- CVE-2023-48362 | Apache Drill up to 1.21.1 XML Format Plugin xml external entity reference (DRILL-8461)
- CVE-2024-7069 | SourceCodester Employee and Visitor Gate Pass Logging System 1.0 Master.php id sql injection
- CVE-2024-40767 | OpenStack Nova up to 27.4.0/28.2.0/29.1.0 QCOW2 Image information disclosure
- CVE-2024-7068 | SourceCodester Insurance Management System 1.0 update_sub_category name cross site scripting
- CVE-2024-7067 | kirilkirkov Ecommerce-Laravel-Bootstrap up to 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87 app/Cart.php getCartProductsIds laraCart deserialization
- CVE-2024-7066 | F-logic DataCube3 1.0 HTTP POST Request config_time_sync.php ntp_server os command injection
- CVE-2024-7065 | Spina CMS up to 2.18.0 /admin/pages/ cross-site request forgery
- CVE-2024-6996 | Google Chrome up to 126.0.6478.182 Frames Privilege Escalation
- CVE-2024-7004 | Google Chrome up to 126.0.6478.182 Safe Browsing Privilege Escalation
- CVE-2024-7001 | Google Chrome up to 126.0.6478.182 HTML Remote Code Execution
- CVE-2024-7000 | Google Chrome up to 126.0.6478.182 CSS use after free
- CVE-2024-6994 | Google Chrome up to 126.0.6478.182 Layout heap-based overflow
- CVE-2024-7005 | Google Chrome up to 126.0.6478.182 Safe Browsing Privilege Escalation
- CVE-2024-6998 | Google Chrome up to 126.0.6478.182 User Education use after free
- CVE-2024-7003 | Google Chrome up to 126.0.6478.182 FedCM Privilege Escalation
- CVE-2024-6997 | Google Chrome up to 126.0.6478.182 Tabs use after free
- CVE-2024-6999 | Google Chrome up to 126.0.6478.182 FedCM Privilege Escalation
- CVE-2024-6992 | Google Chrome up to 126.0.6478.182 ANGLE out-of-bounds
- CVE-2024-6995 | Google Chrome up to 126.0.6478.182 Fullscreen Privilege Escalation
- CVE-2024-6993 | Google Chrome up to 126.0.6478.182 Canvas Privilege Escalation
- CVE-2024-6991 | Google Chrome up to 126.0.6478.182 Dawn use after free
- CVE-2024-6989 | Google Chrome up to 126.0.6478.182 Loader use after free
- CVE-2024-6988 | Google Chrome up to 126.0.6478.182 Downloads use after free
- CVE-2024-5818 | Royal Elementor Addons and Templates Plugin up to 1.3.980 on WordPress Magazine Grid Slider Widget cross site scripting
- CVE-2024-6930 | WP Booking Calendar Plugin up to 10.2.1 on WordPress Shortcode bookingform cross site scripting
- CVE-2024-6931 | Events Calendar Plugin up to 6.5.1.6 on WordPress cross site scripting
- CVE-2024-6896 | AMP for WP Plugin up to 1.0.96.1 on WordPress SVG File Upload cross site scripting
- CVE-2024-3896 | Photo Gallery, Images, Slider in Rbs Image Gallery Plugin Gallery Title cross site scripting
- CVE-2024-39676 | Apache Pinot 0.x information disclosure