Total
8795 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-42486 | 2024-08-19 | 5.4 Medium | ||
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway resources being able to access secrets for longer than intended, or to Routes having the ability to forward traffic to backends in other namespaces for longer than intended. This issue has been patched in Cilium v1.15.8 and v1.16.1. As a workaround, any modification of a related Gateway/HTTPRoute/GRPCRoute/TCPRoute CRD (for example, adding any label to any of these resources) will trigger a reconciliation of ReferenceGrants on an affected cluster. | ||||
CVE-2024-7630 | 1 Relevanssi | 1 Relevanssi | 2024-08-19 | 5.3 Medium |
The Relevanssi – A Better Search plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.22.2 via the relevanssi_do_query() due to insufficient limitations on the posts that are returned when searching. This makes it possible for unauthenticated attackers to extract potentially sensitive information from password protected posts. | ||||
CVE-2024-27731 | 1 Friendica | 1 Friendica | 2024-08-19 | 6.1 Medium |
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter. | ||||
CVE-2024-31799 | 1 Gncchome | 3 Gncc C2, Gc2, Gncc C2 Firmware | 2024-08-16 | 4.6 Medium |
Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to read the WiFi passphrase via the UART Debugging Port. | ||||
CVE-2024-41264 | 1 Casbin | 1 Casdoor | 2024-08-16 | 7.5 High |
An issue discovered in casdoor v1.636.0 allows attackers to obtain sensitive information via the ssh.InsecureIgnoreHostKey() method. | ||||
CVE-2024-7063 | 2024-08-15 | 4.3 Medium | ||
The ElementsKit Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.6 via the 'render_raw' function. This can allow authenticated attackers, with Contributor-level permissions and above, to extract sensitive data including private, future, and draft posts. | ||||
CVE-2024-7411 | 1 Tribulant | 1 Newsletters | 2024-08-15 | 5.3 Medium |
The Newsletters plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 4.9.9. This is due the plugin not preventing direct access to the /vendor/mobiledetect/mobiledetectlib/export/exportToJSON.php. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | ||||
CVE-2024-38787 | 1 Codection | 1 Import And Export Users And Customers | 2024-08-14 | 7.5 High |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Codection Import and export users and customers allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Import and export users and customers: from n/a through 1.26.8. | ||||
CVE-2024-37924 | 1 Wp2speed | 1 Wp2speed | 2024-08-13 | 5.3 Medium |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wp2speed WP2Speed Faster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP2Speed Faster: from n/a through 1.0.1. | ||||
CVE-2024-38742 | 2024-08-13 | 5.3 Medium | ||
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MBE Worldwide S.P.A. MBE eShip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MBE eShip: from n/a through 2.1.2. | ||||
CVE-2024-7410 | 1 Esthertyler | 1 My Custom Css Php \& Ads | 2024-08-13 | 5.3 Medium |
The My Custom CSS PHP & ADS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.3. This is due the plugin not preventing direct access to the /my-custom-css/vendor/mobiledetect/mobiledetectlib/export/exportToJSON.php file and and the file displaying/generating the full path. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | ||||
CVE-2024-7704 | 1 Weaver | 1 E-cology | 2024-08-13 | 5.3 Medium |
A vulnerability was found in Weaver e-cology 8. It has been classified as problematic. Affected is an unknown function of the file /cloudstore/ecode/setup/ecology_dev.zip of the component Source Code Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-38756 | 1 Weblizar | 1 Responsive Coming Soon \& Maintenance Mode | 2024-08-13 | 5.3 Medium |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Weblizar Coming Soon allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming Soon: from n/a through 1.6.3. | ||||
CVE-2024-38747 | 1 Hitpay | 1 Payment Gateway For Woocommerce | 2024-08-13 | 7.5 High |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment Solutions Pte Ltd HitPay Payment Gateway for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects HitPay Payment Gateway for WooCommerce: from n/a through 4.1.3. | ||||
CVE-2024-38749 | 1 Olivethemes | 1 Olive One Click Demo Import | 2024-08-13 | 5.3 Medium |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Olive Themes Olive One Click Demo Import allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Olive One Click Demo Import: from n/a through 1.1.2. | ||||
CVE-2024-38760 | 1 Sumanbhattarai | 1 Send Users Email | 2024-08-13 | 5.3 Medium |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Maucher Send Users Email allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Send Users Email: from n/a through 1.5.1. | ||||
CVE-2024-34788 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-08-12 | 6.5 Medium |
An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a remote malicious user to access potentially sensitive information | ||||
CVE-2024-42394 | 3 Arubanetworks, Hp, Hpe | 4 Arubaos, Instantos, Aruba Networking Instantos and 1 more | 2024-08-12 | 9.8 Critical |
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | ||||
CVE-2024-42010 | 1 Roundcube | 1 Roundcube | 2024-08-12 | 7.5 High |
mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information. | ||||
CVE-2024-7382 | 1 Coffee2code | 1 Linkify-text | 2024-08-12 | 5.3 Medium |
The Linkify Text plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.9.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own and requires another vulnerability to be present for damage to an affected website. |