Latest CVE Feed
-
7.3
CVSS31CVE-2024-8946
A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible... Read more
Affected Products : micropython- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
7.3
CVSS31CVE-2024-8944
A vulnerability, which was classified as critical, was found in code-projects Hospital Management System 1.0. This affects an unknown part of the file check_availability.php. The manipulation of the argument email leads to sql injection. It is possible to... Read more
Affected Products : hospital_management_system- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
7.2
CVSS31CVE-2024-42503
Authenticated command execution vulnerability exist in the ArubaOS command line interface (CLI). Successful exploitation of this vulnerabilities result in the ability to run arbitrary commands as a priviledge user on the underlying operating system.... Read more
Affected Products :- Published: Sep. 17, 2024
- Modified: Sep. 18, 2024
-
7.2
CVSS31CVE-2024-8761
The Share This Image plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.03. This is due to insufficient validation on the redirect url supplied via the link parameter. This makes it possible for unauthenticated att... Read more
Affected Products : share_this_image- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
7.2
CVSS31CVE-2022-25769
ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, no... Read more
Affected Products : mautic- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.2
CVSS31CVE-2024-42501
An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or... Read more
Affected Products :- Published: Sep. 17, 2024
- Modified: Sep. 18, 2024
-
7.2
CVSS31CVE-2024-8957
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When cha... Read more
Affected Products :- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
7.2
CVSS31CVE-2024-42502
Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system.... Read more
Affected Products :- Published: Sep. 17, 2024
- Modified: Sep. 18, 2024
-
7.1
CVSS31CVE-2024-44003
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in spicethemes Spice Starter Sites allows Reflected XSS.This issue affects Spice Starter Sites: from n/a through 1.2.5.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.1
CVSS31CVE-2024-45606
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have per... Read more
Affected Products : sentry- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
7.1
CVSS31CVE-2024-44002
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Team Showcase allows Reflected XSS.This issue affects Team Showcase: from n/a through 1.22.25.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.1
CVSS31CVE-2024-43971
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Sunshine Sunshine Photo Cart allows Reflected XSS.This issue affects Sunshine Photo Cart: from n/a through 3.2.5.... Read more
Affected Products : sunshine_photo_cart- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.1
CVSS31CVE-2024-43970
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SureCart allows Reflected XSS.This issue affects SureCart: from n/a through 2.29.3.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.1
CVSS31CVE-2024-44009
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WC Lovers WCFM Marketplace allows Reflected XSS.This issue affects WCFM Marketplace: from n/a through 3.6.10.... Read more
Affected Products :- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
7.1
CVSS31CVE-2024-43975
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in highwarden Super Store Finder allows Cross-Site Scripting (XSS).This issue affects Super Store Finder: from n/a through 6.9.7.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.1
CVSS31CVE-2024-44007
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Templates – Elementor & Gutenberg templates allows Reflected XSS.This issue affects SKT Templates – Elementor & Gutenberg templates... Read more
Affected Products :- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
7.1
CVSS31CVE-2024-44064
Cross-Site Request Forgery (CSRF) vulnerability in LikeBtn Like Button Rating allows Cross-Site Scripting (XSS).This issue affects Like Button Rating: from n/a through 2.6.54.... Read more
Affected Products :- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
7.0
CVSS31CVE-2022-25768
The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
6.6
CVSS31CVE-2022-25775
Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manip... Read more
Affected Products : mautic- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
6.5
CVSS31CVE-2024-45815
Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog AP... Read more
Affected Products : backstage- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024