Total
29276 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3172 | 1 Google | 1 Chrome | 2024-08-01 | 8.8 High |
| Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-3174 | 1 Google | 1 Chrome | 2024-08-01 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-3175 | 1 Google | 1 Chrome | 2024-08-01 | 6.3 Medium |
| Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low) | ||||
| CVE-2024-3156 | 1 Google | 1 Chrome | 2024-08-01 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-3073 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2024-08-01 | 2.7 Low |
| The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible for authenticated attackers, with administrative-level access and above, to view the SMTP password for the supplied server. Although this would not be useful for attackers in most cases, if an administrator account becomes compromised this could be useful information to an attacker in a limited environment. | ||||
| CVE-2024-2631 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-08-01 | 4.3 Medium |
| Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2024-2629 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-08-01 | 4.3 Medium |
| Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-2473 | 1 Wpserveur | 1 Wps Hide Login | 2024-08-01 | 5.3 Medium |
| The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin. | ||||
| CVE-2024-2385 | 1 Livemeshelementor | 1 Addons For Elementor | 2024-08-01 | 8.8 High |
| The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.3.7 via several of the plugin's widgets through the 'style' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2024-1662 | 1 Porty | 1 Powerbank | 2024-08-01 | 7.2 High |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PORTY Smart Tech Technology Joint Stock Company PowerBank Application allows Retrieve Embedded Sensitive Data.This issue affects PowerBank Application: before 2.02. | ||||
| CVE-2024-1404 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2024-08-01 | 4.3 Medium |
| A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Affected by this issue is some unknown functionality of the file /SysInfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253328. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-1431 | 1 Netgear | 2 R7000, R7000 Firmware | 2024-08-01 | 4.3 Medium |
| A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-1405 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2024-08-01 | 4.3 Medium |
| A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253329 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-1330 | 1 Kadencewp | 1 Kadence Blocks Pro | 2024-08-01 | 4.3 Medium |
| The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database. | ||||
| CVE-2024-1209 | 1 Learndash | 1 Learndash | 2024-08-01 | 5.3 Medium |
| The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads. | ||||
| CVE-2024-1199 | 1 Employee Task Management System Project | 1 Employee Task Management System | 2024-08-01 | 5.4 Medium |
| A vulnerability has been found in CodeAstro Employee Task Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file \employee-tasks-php\attendance-info.php. The manipulation of the argument aten_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252697 was assigned to this vulnerability. | ||||
| CVE-2024-1210 | 1 Learndash | 1 Learndash | 2024-08-01 | 5.3 Medium |
| The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes. | ||||
| CVE-2024-1194 | 1 Armcode | 1 Alienip | 2024-08-01 | 3.3 Low |
| A vulnerability classified as problematic has been found in Armcode AlienIP 2.41. Affected is an unknown function of the component Locate Host Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252684. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-1098 | 1 Ruifang-tech | 1 Rebuild | 2024-08-01 | 4.3 Medium |
| A vulnerability was found in Rebuild up to 3.5.5 and classified as problematic. This issue affects the function QiniuCloud.getStorageFile of the file /filex/proxy-download. The manipulation of the argument url leads to information disclosure. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252455. | ||||
| CVE-2024-1075 | 1 Webfactoryltd | 1 Minimal Coming Soon \& Maintenance Mode | 2024-08-01 | 3.7 Low |
| The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to maintenance mode bypass and information disclosure in all versions up to, and including, 2.37. This is due to the plugin improperly validating the request path. This makes it possible for unauthenticated attackers to bypass maintenance mode and view pages that should be hidden. | ||||