Total 277501 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-43806 1 Bytecodealliance 1 Rustix 2024-08-27 6.5 Medium
Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using `rustix::fs::Dir` using the `linux_raw` backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in `rustix::fs::Dir::read_more`, this can cause quick and unbounded memory explosion (gigabytes in a few seconds if used on a hot path) and eventually lead to an OOM crash of the application. The symptoms were initially discovered in https://github.com/imsnif/bandwhich/issues/284. That post has lots of details of our investigation. Full details can be read on the GHSA-c827-hfw6-qwvm repo advisory. If a program tries to access a directory with its file descriptor after the file has been unlinked (or any other action that leaves the `Dir` iterator in the stuck state), and the implementation does not break after seeing an error, it can cause a memory explosion. As an example, Linux's various virtual file systems (e.g. `/proc`, `/sys`) can contain directories that spontaneously pop in and out of existence. Attempting to iterate over them using `rustix::fs::Dir` directly or indirectly (e.g. with the `procfs` crate) can trigger this fault condition if the implementation decides to continue on errors. An attacker knowledgeable about the implementation details of a vulnerable target can therefore try to trigger this fault condition via any one or a combination of several available APIs. If successful, the application host will quickly run out of memory, after which the application will likely be terminated by an OOM killer, leading to denial of service. This issue has been addressed in release versions 0.35.15, 0.36.16, 0.37.25, and 0.38.19. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2024-8046 2024-08-27 6.4 Medium
The Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
CVE-2024-7791 2024-08-27 6.4 Medium
The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘arrow’ parameter within the Post Grid widget in all versions up to, and including, 1.4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-6379 2 3ds, Dassault 4 3dexperience, 3dswymer 3dexperience 2022, 3dswymer 3dexperience 2023 and 1 more 2024-08-27 7.7 High
A reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
CVE-2024-6377 2 3ds, Dassault 4 3dexperience, 3dswymer 3dexperience 2022, 3dswymer 3dexperience 2023 and 1 more 2024-08-27 8.1 High
An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to redirect users to an arbitrary website via a crafted URL.
CVE-2024-7989 2024-08-26 N/A
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that the issue does not pose a security risk as it falls within the expected functionality and security controls of the application. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2024-37008 1 Autodesk 2 Revit, Revit Lt 2024-08-26 7.8 High
A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVE-2024-8188 2024-08-26 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2024-42791 1 Kashipara 1 Music Management System 2024-08-26 8.8 High
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_genre.
CVE-2024-42788 1 Kashipara 1 Music Management System 2024-08-26 6.1 Medium
A Stored Cross Site Scripting (XSS) vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "artist" parameter fields.
CVE-2024-42818 1 Fastapi-admin 1 Fastapi-admin Pro 2024-08-26 6.1 Medium
A cross-site scripting (XSS) vulnerability in the Config-Create function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.
CVE-2024-43283 2024-08-26 5.3 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 23.1.2.
CVE-2024-43289 1 Gvectors 1 Wpforo Forum 2024-08-26 7.5 High
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4.
CVE-2024-43319 2024-08-26 4.3 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in bPlugins LLC Flash & HTML5 Video.This issue affects Flash & HTML5 Video: from n/a through 2.5.31.
CVE-2024-8140 2 Rems, Sourcecodester 2 Task Progress Tracker, Task Progress Tracker 2024-08-26 3.5 Low
A vulnerability was found in SourceCodester Task Progress Tracker 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file update-task.php. The manipulation of the argument task_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-8141 2 Rems, Sourcecodester 2 Daily Calories Monitoring Tool, Daily Calories Monitoring Tool 2024-08-26 3.5 Low
A vulnerability was found in SourceCodester Daily Calories Monitoring Tool 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-calorie.php. The manipulation of the argument calorie_date/calorie_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-8142 2 Rems, Sourcecodester 2 Daily Calories Monitoring Tool, Daily Calories Monitoring Tool 2024-08-26 3.5 Low
A vulnerability was found in SourceCodester Daily Calories Monitoring Tool 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /endpoint/delete-calorie.php. The manipulation of the argument calorie leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-8151 2 Rems, Sourcecodester 2 Interactive Map With Marker, Interactive Map With Marker 2024-08-26 3.5 Low
A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-8154 2 Rems, Sourcecodester 2 Qr Code Bookmark System, Qr Code Bookmark System 2024-08-26 3.5 Low
A vulnerability classified as problematic has been found in SourceCodester QR Code Bookmark System 1.0. Affected is an unknown function of the file /endpoint/update-bookmark.php of the component Parameter Handler. The manipulation of the argument tbl_bookmark_id/name/url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-8152 2 Rems, Sourcecodester 2 Qr Code Bookmark System, Qr Code Bookmark System 2024-08-26 3.5 Low
A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /endpoint/add-bookmark.php of the component Parameter Handler. The manipulation of the argument name/url leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.