Total
263573 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-40857 | 2024-09-20 | N/A | ||
| This issue was addressed through improved state management. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to universal cross site scripting. | ||||
| CVE-2024-44171 | 2024-09-20 | N/A | ||
| This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, watchOS 11. An attacker with physical access to a locked device may be able to Control Nearby Devices via accessibility features. | ||||
| CVE-2024-44182 | 2024-09-20 | N/A | ||
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access sensitive data logged when a shortcut fails to launch another app. | ||||
| CVE-2024-44183 | 2024-09-20 | N/A | ||
| A logic error was addressed with improved error handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause a denial-of-service. | ||||
| CVE-2024-8044 | 1 Wordpress Plugin | 1 Infolinks Ad Wrap | 2024-09-20 | 5.7 Medium |
| The infolinks Ad Wrap WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-8051 | 1 Wordpress Plugin | 1 Special Feed Items | 2024-09-20 | 5.7 Medium |
| The Special Feed Items WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-8092 | 1 Alaingg | 1 Accordion Image Menu | 2024-09-20 | 5.4 Medium |
| The Accordion Image Menu WordPress plugin through 3.1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-8767 | 1 Acronis | 3 Backup Extension For Plesk, Backup Plugin For Cpanel \& Whm, Backup Plugin For Directadmin | 2024-09-20 | N/A |
| Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147. | ||||
| CVE-2024-44190 | 2024-09-20 | N/A | ||
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to read arbitrary files. | ||||
| CVE-2024-44187 | 2024-09-20 | N/A | ||
| A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin. | ||||
| CVE-2024-27861 | 2024-09-20 | N/A | ||
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory. | ||||
| CVE-2024-40791 | 2024-09-20 | N/A | ||
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access information about a user's contacts. | ||||
| CVE-2024-44180 | 2024-09-20 | N/A | ||
| The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen. | ||||
| CVE-2024-8490 | 1 Wp-property-hive | 1 Propertyhive | 2024-09-20 | 8.8 High |
| The PropertyHive plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.19. This is due to missing or incorrect nonce validation on the 'save_account_details' function. This makes it possible for unauthenticated attackers to edit the name, email address, and password of an administrator account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-8761 | 1 Share This Image Project | 1 Share This Image | 2024-09-20 | 7.2 High |
| The Share This Image plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.03. This is due to insufficient validation on the redirect url supplied via the link parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | ||||
| CVE-2024-8093 | 1 Lucas Garcia | 1 Posts Reminder | 2024-09-20 | 4.8 Medium |
| The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-40770 | 2024-09-20 | N/A | ||
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings. | ||||
| CVE-2024-8110 | 1 Yokogawa | 1 Dual-redundant Platform For Computer \(pc2ckm\) | 2024-09-20 | 7.5 High |
| Denial of Service (DoS) vulnerability has been found in Dual-redundant Platform for Computer. If a computer on which the affected product is installed receives a large number of UDP broadcast packets in a short period, occasionally that computer may restart. If both the active and standby computers are restarted at the same time, the functionality on that computer may be temporarily unavailable. | ||||
| CVE-2024-5170 | 1 Logo Manager For Enamad | 1 Logo Manager For Enamad | 2024-09-20 | 5.7 Medium |
| The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-8047 | 1 Visual Sound | 1 Visual Sound | 2024-09-20 | 5.7 Medium |
| The Visual Sound (old) WordPress plugin through 1.06 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||