Total
28515 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1404 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2024-08-01 | 4.3 Medium |
| A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Affected by this issue is some unknown functionality of the file /SysInfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253328. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-1431 | 1 Netgear | 2 R7000, R7000 Firmware | 2024-08-01 | 4.3 Medium |
| A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-1405 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2024-08-01 | 4.3 Medium |
| A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253329 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-1330 | 1 Kadencewp | 1 Kadence Blocks Pro | 2024-08-01 | 4.3 Medium |
| The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database. | ||||
| CVE-2024-1209 | 1 Learndash | 1 Learndash | 2024-08-01 | 5.3 Medium |
| The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads. | ||||
| CVE-2024-1199 | 1 Employee Task Management System Project | 1 Employee Task Management System | 2024-08-01 | 5.4 Medium |
| A vulnerability has been found in CodeAstro Employee Task Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file \employee-tasks-php\attendance-info.php. The manipulation of the argument aten_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252697 was assigned to this vulnerability. | ||||
| CVE-2024-1210 | 1 Learndash | 1 Learndash | 2024-08-01 | 5.3 Medium |
| The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes. | ||||
| CVE-2024-1194 | 1 Armcode | 1 Alienip | 2024-08-01 | 3.3 Low |
| A vulnerability classified as problematic has been found in Armcode AlienIP 2.41. Affected is an unknown function of the component Locate Host Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252684. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-1098 | 1 Ruifang-tech | 1 Rebuild | 2024-08-01 | 4.3 Medium |
| A vulnerability was found in Rebuild up to 3.5.5 and classified as problematic. This issue affects the function QiniuCloud.getStorageFile of the file /filex/proxy-download. The manipulation of the argument url leads to information disclosure. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252455. | ||||
| CVE-2024-1075 | 1 Webfactoryltd | 1 Minimal Coming Soon \& Maintenance Mode | 2024-08-01 | 3.7 Low |
| The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to maintenance mode bypass and information disclosure in all versions up to, and including, 2.37. This is due to the plugin improperly validating the request path. This makes it possible for unauthenticated attackers to bypass maintenance mode and view pages that should be hidden. | ||||
| CVE-2024-0965 | 1 Pluginsandsnippets | 1 Simple Page Access Restriction | 2024-08-01 | 5.3 Medium |
| The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content. | ||||
| CVE-2024-1019 | 1 Trustwave | 1 Modsecurity | 2024-08-01 | 8.6 High |
| ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability. | ||||
| CVE-2024-0985 | 2 Postgresql, Redhat | 7 Postgresql, Enterprise Linux, Rhel Aus and 4 more | 2024-08-01 | 8 High |
| Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. Versions before PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are affected. | ||||
| CVE-2024-1033 | 1 Openbi Project | 1 Openbi | 2024-08-01 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in openBI up to 1.0.8. Affected by this issue is the function agent of the file /application/index/controller/Datament.php. The manipulation of the argument api leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252308. | ||||
| CVE-2024-0805 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-08-01 | 4.3 Medium |
| Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) | ||||
| CVE-2024-0909 | 1 Tarassych | 1 Anonymous Restricted Content | 2024-08-01 | 5.3 Medium |
| The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for unauthenticated attackers to access protected content. | ||||
| CVE-2024-0810 | 1 Google | 1 Chrome | 2024-08-01 | 4.3 Medium |
| Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium) | ||||
| CVE-2024-0809 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-08-01 | 4.3 Medium |
| Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2024-0833 | 1 Progress | 1 Telerik Test Studio | 2024-08-01 | 7.8 High |
| In Telerik Test Studio versions prior to v2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Test Studio install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system. | ||||
| CVE-2024-0812 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-08-01 | 8.8 High |
| Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | ||||