Latest CVE Feed
-
4.6
MEDIUMCVE-2024-23169
The web interface in RSA NetWitness 11.7.2.0 allows Cross-Site Scripting (XSS) via the Where textbox on the Reports screen during new rule creation.... Read more
Affected Products :- Published: Nov. 15, 2024
- Modified: Nov. 18, 2024
-
8.6
HIGHCVE-2023-20125
A vulnerability in the local interface of Cisco BroadWorks Network Server could allow an unauthenticated, remote attacker to exhaust system resources, causing a denial of service (DoS) condition. This vulnerability exists because rate limiting does not... Read more
- Published: Nov. 15, 2024
- Modified: Nov. 18, 2024
-
4.9
MEDIUMCVE-2024-11217
A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options.... Read more
Affected Products :- Published: Nov. 15, 2024
- Modified: Nov. 18, 2024
-
3.5
LOWCVE-2024-52509
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and t... Read more
Affected Products : notes- Published: Nov. 15, 2024
- Modified: Nov. 18, 2024
-
3.5
LOWCVE-2024-52507
Nextcloud Tables allows users to to create tables with individual columns. The information which Table (numeric ID) is shared with which groups and users and the respective permissions was not limited to affected users. It is recommended that the Nextclou... Read more
Affected Products : notes- Published: Nov. 15, 2024
- Modified: Nov. 18, 2024
-
5.4
MEDIUMCVE-2024-50800
Cross Site Scripting vulnerability in M2000 Smart4Web before v.5.020241004 allows a remote attacker to execute arbitrary code via the error parameter in URL... Read more
Affected Products :- Published: Nov. 15, 2024
- Modified: Nov. 18, 2024
-
4.2
MEDIUMCVE-2024-52510
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if a manipulated server sends an empty initial signature. ... Read more
Affected Products : notes- Published: Nov. 15, 2024
- Modified: Nov. 18, 2024
-
5.3
MEDIUMCVE-2024-24450
Stack-based memcpy buffer overflow in the ngap_handle_pdu_session_resource_setup_response routine in OpenAirInterface CN5G AMF <= 2.0.0 allows a remote attacker with access to the N2 interface to carry out denial of service against the AMF and potentially... Read more
Affected Products :- Published: Nov. 15, 2024
- Modified: Nov. 18, 2024
-
6.1
MEDIUMCVE-2021-1444
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks aga... Read more
Affected Products : adaptive_security_appliance_software- Published: Nov. 18, 2024
- Modified: Nov. 18, 2024
-
9.8
CRITICALCVE-2024-52411
Deserialization of Untrusted Data vulnerability in Flowcraft UX Design Studio Advanced Personalization allows Object Injection.This issue affects Advanced Personalization: from n/a through 1.1.2.... Read more
Affected Products :- Published: Nov. 16, 2024
- Modified: Nov. 18, 2024
-
6.9
MEDIUMCVE-2024-11306
A vulnerability, which was classified as critical, has been found in Altenergy Power Control Software up to 20241108. This issue affects some unknown processing of the file /index.php/display/database/. The manipulation leads to improper authorization. Th... Read more
Affected Products :- Published: Nov. 18, 2024
- Modified: Nov. 18, 2024
-
6.1
MEDIUMCVE-2024-8873
The PeproDev WooCommerce Receipt Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.6.9. This makes it possible for ... Read more
Affected Products :- Published: Nov. 16, 2024
- Modified: Nov. 18, 2024
-
5.3
MEDIUMCVE-2024-52386
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Business Directory Team by RadiusTheme Classified Listing classified-listing allows PHP Local File Inclusion.This issue affects Classi... Read more
Affected Products :- Published: Nov. 16, 2024
- Modified: Nov. 18, 2024
-
6.4
MEDIUMCVE-2024-9386
The Exclusive Divi – Divi Preloader, Modules for Divi & Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping... Read more
Affected Products :- Published: Nov. 16, 2024
- Modified: Nov. 18, 2024
-
7.5
HIGHCVE-2024-9935
The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the c... Read more
Affected Products :- Published: Nov. 16, 2024
- Modified: Nov. 18, 2024
-
8.7
HIGHCVE-2024-8781
Execution with Unnecessary Privileges, : Improper Protection of Alternate Path vulnerability in TR7 Application Security Platform (ASP) allows Privilege Escalation, -Privilege Abuse.This issue affects Application Security Platform (ASP): v1.4.25.188.... Read more
Affected Products :- Published: Nov. 18, 2024
- Modified: Nov. 18, 2024
-
6.5
MEDIUMCVE-2021-1379
Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a relo... Read more
Affected Products :- Published: Nov. 18, 2024
- Modified: Nov. 18, 2024
-
4.3
MEDIUMCVE-2024-10533
The WP Chat App plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the ajax_install_plugin() function in all versions up to, and including, 3.6.8. This makes it possible for authenticated attackers,... Read more
Affected Products : wp_chat_app- Published: Nov. 16, 2024
- Modified: Nov. 18, 2024
-
4.3
MEDIUMCVE-2024-10795
The Popularis Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.7 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for a... Read more
Affected Products :- Published: Nov. 16, 2024
- Modified: Nov. 18, 2024
-
6.4
MEDIUMCVE-2024-10015
The ConvertCalculator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'type' parameters in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it ... Read more
Affected Products :- Published: Nov. 16, 2024
- Modified: Nov. 18, 2024