Latest CVE Feed
-
6.5
CVSS31CVE-2024-31169
Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of10::QueueGetConfigReply::unpack. This issue affects libfluid: 0.1.0.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
6.5
CVSS31CVE-2024-31166
Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::HelloElemVersionBitmap::unpack. This issue affects libfluid: 0.1.0.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
6.5
CVSS31CVE-2024-31168
Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::EchoCommon::unpack. This issue affects libfluid: 0.1.0.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
6.5
CVSS31CVE-2024-45815
Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog AP... Read more
Affected Products : backstage- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
6.5
CVSS31CVE-2024-43993
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Liquido allows Stored XSS.This issue affects Liquido: from n/a through 1.0.1.2.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
6.5
CVSS31CVE-2024-43992
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Latepoint LatePoint allows Stored XSS.This issue affects LatePoint: from n/a through 4.9.91.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
6.5
CVSS31CVE-2024-5682
Improper Restriction of Excessive Authentication Attempts vulnerability in Yordam Information Technology Yordam Library Automation System allows Interface Manipulation.This issue affects Yordam Library Automation System: before 20.1.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
6.5
CVSS31CVE-2024-43991
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in webdzier Hotel Galaxy allows Stored XSS.This issue affects Hotel Galaxy: from n/a through 4.4.24.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
6.5
CVSS31CVE-2024-43983
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13.... Read more
Affected Products : podlove_podcast_publisher- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
6.5
CVSS31CVE-2024-46978
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is t... Read more
Affected Products : xwiki- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
6.4
CVSS31CVE-2024-8364
The WP Custom Fields Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode in all versions up to, and including, 1.2.35 due to insufficient input sanitization and output escaping on user supplied ... Read more
Affected Products :- Published: Sep. 19, 2024
- Modified: Sep. 19, 2024
-
6.4
CVSS31CVE-2024-45812
Vite a frontend build tooling framework for javascript. Affected versions of vite were discovered to contain a DOM Clobbering vulnerability when building scripts to `cjs`/`iife`/`umd` output format. The DOM Clobbering gadget in the module can lead to cros... Read more
Affected Products : vite- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
6.3
CVSS31CVE-2024-8949
A vulnerability classified as critical has been found in SourceCodester Online Eyewear Shop 1.0. This affects an unknown part of the file /classes/Master.php of the component Cart Content Handler. The manipulation of the argument cart_id/id leads to impro... Read more
Affected Products : online_eyewear_shop- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
6.2
CVSS31CVE-2024-8939
A vulnerability was found in the ilab model serve component, where improper handling of the best_of parameter in the vllm JSON web API can lead to a Denial of Service (DoS). The API used for LLM-based sentence or chat completion accepts a best_of paramete... Read more
Affected Products :- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
6.1
CVSS31CVE-2024-8850
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email' parameter when a placeholder such as {email} is used for the field in versions 4.9.9 to 4.9.15 due to insufficient input sanitization a... Read more
Affected Products :- Published: Sep. 19, 2024
- Modified: Sep. 19, 2024
-
5.9
CVSS31CVE-2024-43972
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pagelayer Team PageLayer allows Stored XSS.This issue affects PageLayer: from n/a through 1.8.7.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
5.9
CVSS31CVE-2024-43985
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Stored XSS.This issue affects Bus Ticket Booking with Seat Reservation: from n/a t... Read more
Affected Products :- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
5.9
CVSS31- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
5.9
CVSS31CVE-2024-43999
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.11.... Read more
Affected Products : ninja_forms- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
5.6
CVSS31CVE-2024-8947
A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The com... Read more
Affected Products : micropython- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024