Latest CVE Feed
-
7.2
HIGHCVE-2024-10260
The Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 8.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to... Read more
Affected Products : tripetto- Published: Nov. 15, 2024
- Modified: Nov. 19, 2024
-
4.3
MEDIUMCVE-2024-10582
The Music Player for Elementor – Audio Player & Podcast Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_mpfe_template() function in all versions up to, and including, 2.4.1. Th... Read more
Affected Products : music_player_for_elementor- Published: Nov. 15, 2024
- Modified: Nov. 19, 2024
-
7.2
HIGHCVE-2024-10793
The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthentica... Read more
Affected Products : wp_activity_log- Published: Nov. 15, 2024
- Modified: Nov. 19, 2024
-
6.5
MEDIUMCVE-2024-45610
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XS... Read more
Affected Products : glpi- Published: Nov. 15, 2024
- Modified: Nov. 19, 2024
-
5.7
MEDIUMCVE-2024-45611
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can bypass the access control policy to create a private RSS feed attached to another ... Read more
Affected Products : glpi- Published: Nov. 15, 2024
- Modified: Nov. 19, 2024
-
8.1
HIGHCVE-2024-43447
Windows SMBv3 Server Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2022- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
5.9
MEDIUMCVE-2024-38264
Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability... Read more
- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
6.8
MEDIUMCVE-2024-43449
Windows USB Video Class System Driver Elevation of Privilege Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
7.5
HIGHCVE-2024-43450
Windows DNS Spoofing Vulnerability... Read more
- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
7.5
HIGHCVE-2024-43452
Windows Registry Elevation of Privilege Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows windows_11_23h2 windows_server_2022_23h2 +4 more products- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
8.8
HIGH- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
7.5
HIGHCVE-2021-41737
In Faust 2.23.1, an input file with the lines "// r visualisation tCst" and "//process = +: L: abM-^Q;" and "process = route(3333333333333333333,2,1,2,3,1) : *;" leads to stack consumption.... Read more
Affected Products :- Published: Nov. 10, 2024
- Modified: Nov. 19, 2024
-
9.1
CRITICALCVE-2021-35473
An issue was discovered in LemonLDAP::NG before 2.0.12. There is a missing expiration check in the OAuth2.0 handler, i.e., it does not verify access token validity. An attacker can use a expired access token from an OIDC client to access the OAuth2 handle... Read more
Affected Products :- Published: Nov. 10, 2024
- Modified: Nov. 19, 2024
-
8.8
HIGH- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
7.1
HIGHCVE-2024-51679
Cross-Site Request Forgery (CSRF) vulnerability in GentleSource Appointmind allows Stored XSS.This issue affects Appointmind: from n/a through 4.0.0.... Read more
Affected Products : appointmind- Published: Nov. 14, 2024
- Modified: Nov. 19, 2024
-
9.8
CRITICAL- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
7.5
HIGH- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
8.7
HIGHCVE-2024-39609
Improper Access Control in UEFI firmware for some Intel(R) Server Board M70KLP may allow a privileged user to potentially enable escalation of privilege via local access.... Read more
- Published: Nov. 13, 2024
- Modified: Nov. 19, 2024
-
8.7
HIGHCVE-2024-41167
Improper input validation in UEFI firmware in some Intel(R) Server Board M10JNP2SB Family may allow a privileged user to potentially enable escalation of privilege via local access.... Read more
- Published: Nov. 13, 2024
- Modified: Nov. 19, 2024
-
8.1
HIGHCVE-2024-11208
A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login?service. The manipulation leads to session expiration. The attack may be launched remotely. The complexity o... Read more
Affected Products : central_authentication_service- Published: Nov. 14, 2024
- Modified: Nov. 19, 2024