Total
277648 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-48234 | 1 Mipjz Project | 1 Mipjz | 2024-10-29 | 4.9 Medium |
| An issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in Server-side request forgery (SSRF) vulnerability that can read server files. | ||||
| CVE-2023-25189 | 2024-10-29 | 3.3 Low | ||
| BTS is affected by information disclosure vulnerability where mobile network operator personnel connected over BTS Web Element Manager, regardless of the access privileges, having a possibility to read BTS service operation details performed by Nokia Care service personnel via SSH. | ||||
| CVE-2023-20513 | 2024-10-29 | 3.3 Low | ||
| An insufficient bounds check in PMFW (Power Management Firmware) may allow an attacker to utilize a malicious VF (virtualization function) to send a malformed message, potentially resulting in a denial of service. | ||||
| CVE-2024-50434 | 1 Themehorse | 1 Newscard | 2024-10-29 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Theme Horse NewsCard.This issue affects NewsCard: from n/a through 1.3. | ||||
| CVE-2024-50435 | 1 Themehorse | 1 Meta News | 2024-10-29 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Theme Horse Meta News.This issue affects Meta News: from n/a through 1.1.7. | ||||
| CVE-2024-50436 | 1 Themehorse | 1 Clean Retina | 2024-10-29 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Theme Horse Clean Retina.This issue affects Clean Retina: from n/a through 3.0.6. | ||||
| CVE-2024-10008 | 1 Masteriyo | 1 Masteriyo | 2024-10-29 | 8.8 High |
| The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to unauthorized user profile modification due to missing authorization checks on the /wp-json/masteriyo/v1/users/$id REST API endpoint in all versions up to, and including, 1.13.3. This makes it possible for authenticated attackers, with student-level access and above, to modify the roles of arbitrary users. As a result, attackers can escalate their privileges to the Administrator and demote existing administrators to students. | ||||
| CVE-2024-50494 | 1 Amin Omer | 1 Wc Sudan Payment Gateway | 2024-10-29 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Amin Omer Sudan Payment Gateway for WooCommerce allows Upload a Web Shell to a Web Server.This issue affects Sudan Payment Gateway for WooCommerce: from n/a through 1.2.2. | ||||
| CVE-2024-50493 | 1 Masterhomepage | 1 Automatic Translation | 2024-10-29 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in masterhomepage Automatic Translation allows Upload a Web Shell to a Web Server.This issue affects Automatic Translation: from n/a through 1.0.4. | ||||
| CVE-2024-50484 | 1 Mahlamusa | 1 Multi Purpose Mail Form | 2024-10-29 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in mahlamusa Multi Purpose Mail Form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through 1.0.2. | ||||
| CVE-2024-50453 | 1 Webangon | 1 The Pack Elementor Addons | 2024-10-29 | 7.5 High |
| Relative Path Traversal vulnerability in Webangon The Pack Elementor addons allows PHP Local File Inclusion.This issue affects The Pack Elementor addons: from n/a through 2.0.9. | ||||
| CVE-2024-10276 | 1 Telestream | 1 Sentry | 2024-10-29 | 3.5 Low |
| A vulnerability has been found in Telestream Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports Page. The manipulation of the argument z leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-3857 | 2024-10-29 | 5.5 Medium | ||
| Maintainer contacted. This is a false-positive. The flaw does not actually exist and was erroneously tested. | ||||
| CVE-2024-50426 | 2024-10-29 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS.This issue affects Survey Maker: from n/a through 5.0.2. | ||||
| CVE-2024-50418 | 2024-10-29 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Time Slot Booking Time Slot allows Stored XSS.This issue affects Time Slot: from n/a through 1.3.6. | ||||
| CVE-2024-50415 | 2024-10-29 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pagup Ads.Txt & App-ads.Txt Manager for WordPress allows Stored XSS.This issue affects Ads.Txt & App-ads.Txt Manager for WordPress: from n/a through 1.1.7.1. | ||||
| CVE-2024-50457 | 1 Qodeinteractive | 1 Qode Essential Addons | 2024-10-29 | 7.5 High |
| : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.6.3. | ||||
| CVE-2024-49755 | 2024-10-29 | 3.1 Low | ||
| Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. IdentityServer's local API authentication handler performs insufficient validation of the cnf claim in DPoP access tokens. This allows an attacker to use leaked DPoP access tokens at local api endpoints even without possessing the private key for signing proof tokens. Note that this only impacts custom endpoints within an IdentityServer implementation that have explicitly used the LocalApiAuthenticationHandler for authentication. This vulnerability is patched in IdentityServer 7.0.8. Version 6.3 and below are unaffected, as they do not support DPoP in Local APIs. | ||||
| CVE-2024-20481 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense Software | 2024-10-29 | 5.8 Medium |
| A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service. This vulnerability is due to resource exhaustion. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. A successful exploit could allow the attacker to exhaust resources, resulting in a DoS of the RAVPN service on the affected device. Depending on the impact of the attack, a reload of the device may be required to restore the RAVPN service. Services that are not related to VPN are not affected. Cisco Talos discussed these attacks in the blog post Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials. | ||||
| CVE-2024-42508 | 1 Hp | 1 Oneview | 2024-10-29 | 5.5 Medium |
| This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users. | ||||