Vulnerability Notes
- CVE-2024-29187 | WiX Toolset up to 3.14.0/4.0.4 on Windows Installer C:\Windows\Temp permission assignment
- CVE-2024-29194 | OneUptime 7.0.1803 is_master_admin authorization (GHSA-246p-xmg8-wmcq)
- CVE-2024-29034 | CarrierWave up to 2.2.5/3.0.6 Incomplete Fix CVE-2023-49090 Content-Type interpretation conflict
- CVE-2020-36827 | XAO::Web Module up to 1.83 on Perl json-embed Privilege Escalation
- CVE-2018-25100 | Mojolicious Module up to 7.65 on Perl Cookie CookieJar information disclosure (Issue 1185)
- CVE-2024-30161 | Qt up to 6.5.5/6.6.2 wasm memory corruption
- CVE-2024-30156 | Varnish Cache/Enterprise HTTP/2 Broke Window Attack control flow
- CVE-2024-1603 | paddlepaddle paddle.vision.ops.read_file file inclusion
- CVE-2024-23755 | ClickUp Desktop up to 3.3.76 on macOS/Windows Electron Fuse code injection
- CVE-2024-24725 | Gibbon up to 26.0.00 POST Request import_run.php&type=externalAssessment&step=4 columnOrder deserialization (Exploit 51903 / EDB-51903)
- CVE-2020-36826 | AwesomestCode LiveBot prior 0.1 js/parseMessage.js parseSend cross site scripting
- CVE-2021-33633 | openEuler aops-ceres up to 1.4.1 on Linux ceres/function/util.Py os command injection
- CVE-2020-36825 | cyberaz0r WebRAT up to 20191222 Server/api.php download_file name unrestricted upload
- VDB-257781 | mglowinski93 FinanseWebApplication balance.php startDate/endDate sql injection
- CVE-2024-2856 | Tenda AC10 16.03.10.13/16.03.10.20 /goform/SetSysTimeCfg fromSetSysTime timeZone stack-based overflow
- CVE-2024-2855 | Tenda AC15 15.03.05.18/15.03.05.19/15.03.20 /goform/SetSysTimeCfg fromSetSysTime time stack-based overflow
- CVE-2024-2854 | Tenda AC18 15.03.05.05 /goform/setsambacfg formSetSambaConf usbName os command injection
- CVE-2024-2853 | Tenda AC10U 15.03.06.48/15.03.06.49 /goform/setsambacfg formSetSambaConf usbName os command injection
- CVE-2024-2852 | Tenda AC15 15.03.20_multi saveParentControlInfo urls stack-based overflow
- CVE-2024-2851 | Tenda AC15 15.03.05.18/15.03.20_multi /goform/setsambacfg formSetSambaConf usbName os command injection
- CVE-2024-2850 | Tenda AC15 15.03.05.18 saveParentControlInfo urls stack-based overflow
- CVE-2024-2688 | wpdevteam EmbedPress Plugin up to 3.9.12 on WordPress cross site scripting
- CVE-2024-29059 | Microsoft .NET Framework prior 4.8.4682.0/4.8.9206.0 information disclosure
- CVE-2024-29190 | MobSF Mobile-Security-Framework-MobSF up to 3.9.5 Beta Hostname server-side request forgery
- CVE-2024-2849 | SourceCodester Simple File Manager 1.0 photo unrestricted upload
- CVE-2024-2165 | SEOPress Plugin up to 7.5.2.1 on WordPress cross site scripting
- CVE-2024-2436 | Lightweight Accordion Plugin up to 1.5.16 on WordPress Shortcode cross site scripting
- CVE-2024-2112 | 10Web Form Maker up to 1.15.22 on WordPress information disclosure
- CVE-2024-22029 | Apache Tomcat up to 9.0.84 Local Privilege Escalation
- CVE-2024-29057 | Microsoft Edge prior 123.0.2420.53 unknown vulnerability
- CVE-2024-26247 | Microsoft Edge prior 123.0.2420.53 unknown vulnerability
- CVE-2023-4063 | HP OfficeJet Pro eSCL URL GET Request denial of service
- CVE-2024-29338 | Anchor CMS 0.12.7 2 cross-site request forgery
- CVE-2024-29499 | Anchor CMS 0.12.7 2 cross-site request forgery
- CVE-2024-29366 | D-Link DIR-845L up to 1.01KRb03 command injection
- CVE-2024-29184 | freescout-helpdesk freescout up to 1.8.127 /conversation/upload cross site scripting (GHSA-fffc-phh8-5h4v)
- CVE-2024-29385 | D-Link DIR-845L up to 1.01KRb03 soapcgi_main improper authentication
- CVE-2024-29042 | franciscop translate up to 2.x on Node.js opt.id input validation (GHSA-882j-4vj5-7vmj)
- CVE-2024-29185 | freescout-helpdesk freescout up to 1.8.127 /public/tools.php shell_exec php_path os command injection (GHSA-7p9x-ch4c-vqj9)
- CVE-2024-28861 | FriendsOfSymfony1 symfony1 up to 1.5.18 deserialization (GHSA-pv9j-c53q-h433)
- CVE-2024-29186 | brefphp bref up to 2.1.16 parseHeaderContent resource consumption (GHSA-j4hq-f63x-f39r)
- CVE-2023-23349 | Kaspersky Password Manager prior 24.0.0.427 on Windows KPM Extension for Chrome sensitive information in memory
- CVE-2024-2832 | Campcodes Online Shopping System 1.0 /offersmail.php email cross site scripting
- CVE-2024-2326 | Pretty Links Plugin up to 3.6.3 on WordPress Setting cross-site request forgery
- CVE-2024-1049 | Page Builder Gutenberg Blocks Plugin up to 3.1.6 on WordPress cross site scripting
- CVE-2024-2228 | SailPoint IdentityIQ up to 8.1p6/8.2p6/8.3p3/8.4 Lifecycle Manager privileges management
- CVE-2024-2227 | SailPoint IdentityIQ up to 8.1p6/8.2p6/8.3p3/8.4 JavaServer Faces path traversal
- CVE-2022-32753 | IBM Security Verify Directory 10.0.0 inadequate encryption (XFDB-228444)
- CVE-2022-32751 | IBM Security Verify Directory 10.0.0 information disclosure (XFDB-228437)
- CVE-2022-32754 | IBM Security Verify Directory 10.0.0 Web UI cross site scripting (XFDB-228445)
- CVE-2022-32756 | IBM Security Verify Directory 10.0.0 information exposure (XFDB-228507)
- CVE-2024-2202 | SiteOrigin Page Builder Plugin up to 2.29.6 on WordPress Legacy Image Widget cross site scripting
- CVE-2024-2468 | EmbedPress Plugin up to 3.9.12 on WordPress Widget Attribute cross site scripting
- CVE-2024-2131 | Move Addons for Elementor Plugin up to 1.2.9 on WordPress cross site scripting
- CVE-2024-1697 | Custom WooCommerce Checkout Fields Editor Plugin up to 1.3.1 on WordPress cross site scripting
- CVE-2024-2033 | Video Conferencing with Zoom Plugin up to 4.4.5 on WordPress information disclosure
- CVE-2024-0626 | WooCommerce Clover Payment Gateway Plugin up to 1.3.1 on WordPress callback_handler authorization
- CVE-2024-2025 | BuddyPress WooCommerce my Account Integration Plugin get_simple_request code injection
- CVE-2024-29865 | Logpoint up to 7.0.x LDAP Authentication Page username cross site scripting
- CVE-2023-41099 | Atos Eviden CardOS API prior 5.5.5.2811 on Windows Installer Local Privilege Escalation
- CVE-2024-28593 | Moodle 4.3.3 Chat Activity cross site scripting
- CVE-2024-2449 | Progress LoadMaster up to 7.1.35.10/7.2.48.10/7.2.54.8/7.2.59.2 cross-site request forgery
- CVE-2024-2725 | Ciges CIGESv2 Package installed.json information disclosure
- CVE-2024-2728 | Ciges CIGESv2 TLS Protocol information disclosure
- CVE-2024-2726 | Ciges CIGESv2 cross site scripting
- CVE-2024-2723 | Ciges CIGESv2 ajaxSubServicios.php idServicio sql injection
- CVE-2024-2448 | Progress LoadMaster up to 7.1.35.10/7.2.48.10/7.2.54.8/7.2.59.2 os command injection
- CVE-2024-2722 | Ciges CIGESv2 ajaxConfigTotem.php id sql injection
- CVE-2024-2724 | Ciges CIGESv2 ajaxServiciosAtencion.php idServicio sql injection
- CVE-2024-29943 | Mozilla Firefox up to 124.0.0 Javascript Object out-of-bounds
- CVE-2024-25168 | Snow 2.0.0 system/role/list dataScope sql injection
- CVE-2024-29944 | Mozilla Firefox up to 124.0.0 Event cross site scripting
- CVE-2024-28560 | Niushop B2B2C up to 5.3.3 Address.php deleteArea sql injection
- CVE-2024-28559 | Niushop B2B2C up to 5.3.3 Goodsbatchset.php setPrice sql injection
- CVE-2024-1848 | Dassault Systèmes SOLIDWORKS Desktop 2024/2024 SP1 File use after free
- CVE-2024-2828 | lakernote EasyAdmin up to 20240315 IndexController.java thumbnail url server-side request forgery (I98YSR)
- CVE-2024-2827 | lakernote EasyAdmin up to 20240315 saveReportFile server-side request forgery (I98ZTA)
- CVE-2024-2826 | lakernote EasyAdmin up to 20240315 saveReportFile xml external entity reference (I98ZTA)
- CVE-2024-2825 | lakernote EasyAdmin up to 20240315 saveReportFile file path traversal (I98ZTA)
- CVE-2024-28824 | Checkmk up to 2.0.0p39/2.1.0p40/2.2.0p23/2.3.0b3 Agent Plugin least privilege violation
- CVE-2024-0638 | Checkmk up to 2.0.0p39/2.1.0p40/2.2.0p23/2.3.0b3 Agent Plugin least privilege violation
- CVE-2024-1742 | Checkmk up to 2.0.0p39/2.1.0p40/2.2.0p23/2.3.0b3 Agent Plugin unknown vulnerability
- CVE-2024-2824 | Matthias-Wandel jhead 3.08 exif.c PrintFormatNumber heap-based overflow (Issue 84)
- CVE-2024-2823 | DedeCMS 5.7 /src/dede/mda_main.php cross-site request forgery
- CVE-2024-2822 | DedeCMS 5.7 /src/dede/vote_edit.php aid cross-site request forgery
- CVE-2024-2821 | DedeCMS 5.7 friendlink_edit.php id cross-site request forgery
- CVE-2024-2820 | DedeCMS 5.7 /src/dede/baidunews.php filename cross-site request forgery
- CVE-2024-2804 | Network Summary Plugin up to 2.0.11 on WordPress sql injection
- CVE-2024-27280 | StringIO 3.0.1/3.0.2 ungetbyte/ungetc buffer overflow
- CVE-2024-1999 | Kadence Gutenberg Blocks Plugin up to 3.2.25 on WordPress Testimonial Widget cross site scripting
- CVE-2024-1850 | AI Post Generator Plugin up to 3.3 on WordPress authorization
- CVE-2024-1637 | 360 Javascript Viewer Plugin up to 1.7.12 on WordPress Settings Update authorization
- CVE-2024-27281 | RDoc up to 6.6.2 YAML File rdoc_options code injection
- CVE-2024-25808 | Lychee 3.1.6 Create New Album cross-site request forgery (Issue 17)
- CVE-2024-28045 | Delta Electronics DIAEnergie up to 1.10.00.4 cross site scripting (icsa-24-074-12)
- CVE-2024-28891 | Delta Electronics DIAEnergie up to 1.10.00.4 Handler_CFG.ashx sql injection (icsa-24-074-12)
- CVE-2024-25937 | Delta Electronics DIAEnergie up to 1.10.00.4 DIAE_tagHandler.ashx sql injection (icsa-24-074-12)
- CVE-2024-28040 | Delta Electronics DIAEnergie prior 1.10.00.005 GetDIAE_astListParameters sql injection (icsa-24-074-12)
- CVE-2024-23975 | Delta Electronics DIAEnergie prior 1.10.00.005 GetDIAE_slogListParameters sql injection (icsa-24-074-12)