Latest CVE Feed
-
5.3
MEDIUMCVE-2024-7734
An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. The impact is limited to blocking of valid IPsec VPN peer... Read more
Affected Products : tc_mguard_rs4000_4g_vzw_vpn_firmware tc_mguard_rs4000_4g_att_vpn_firmware fl_mguard_rs4004_tx\/dtx_firmware fl_mguard_rs4004_tx\/dtx_vpn_firmware tc_mguard_rs4000_3g_vpn_firmware tc_mguard_rs4000_4g_vpn_firmware fl_mguard_centerport_vpn-1000_firmware fl_mguard_core_tx_firmware fl_mguard_core_tx_vpn_firmware fl_mguard_delta_tx\/tx_firmware +62 more products- Published: Sep. 10, 2024
- Modified: Sep. 28, 2024
-
8.8
HIGHCVE-2023-45038
An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version... Read more
Affected Products : music_station- Published: Sep. 06, 2024
- Modified: Sep. 28, 2024
-
8.8
HIGHCVE-2023-47563
An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Video St... Read more
Affected Products : video_station- Published: Sep. 06, 2024
- Modified: Sep. 28, 2024
-
8.8
HIGHCVE-2023-50360
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Stati... Read more
Affected Products : video_station- Published: Sep. 06, 2024
- Modified: Sep. 28, 2024
-
7.8
HIGHCVE-2024-42025
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.... Read more
Affected Products : unifi_network_application- Published: Sep. 13, 2024
- Modified: Sep. 28, 2024
-
6.1
MEDIUMCVE-2024-8054
The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more
Affected Products : mm-breaking_news- Published: Sep. 12, 2024
- Modified: Sep. 27, 2024
-
6.1
MEDIUMCVE-2024-8056
The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers... Read more
Affected Products : mm-breaking_news- Published: Sep. 12, 2024
- Modified: Sep. 27, 2024
-
4.8
MEDIUMCVE-2024-6493
The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabi... Read more
Affected Products : header_footer_custom_code- Published: Sep. 13, 2024
- Modified: Sep. 27, 2024
-
4.8
MEDIUMCVE-2024-6617
The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabi... Read more
Affected Products : header_footer_custom_code- Published: Sep. 13, 2024
- Modified: Sep. 27, 2024
-
4.8
MEDIUMCVE-2024-7133
The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.3 does not validate and escape some of its settings before outputting them back in the page, which could allow users with a ... Read more
- Published: Sep. 13, 2024
- Modified: Sep. 27, 2024
-
8.1
HIGHCVE-2024-7863
The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server... Read more
Affected Products : favicon_generator- Published: Sep. 13, 2024
- Modified: Sep. 27, 2024
-
6.5
MEDIUMCVE-2024-7864
The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not have CSRF and path validation in the output_sub_admin_page_0() function, allowing attackers to make logged in admins delete arbitrary files on the server... Read more
Affected Products : favicon_generator- Published: Sep. 13, 2024
- Modified: Sep. 27, 2024
-
6.5
MEDIUMCVE-2024-8047
The Visual Sound (old) WordPress plugin through 1.06 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more
Affected Products : visual_sound- Published: Sep. 17, 2024
- Modified: Sep. 27, 2024
-
6.1
MEDIUMCVE-2024-7860
The Simple Headline Rotator WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more
Affected Products : simple_headline_rotator- Published: Sep. 12, 2024
- Modified: Sep. 27, 2024
-
6.1
MEDIUMCVE-2024-7861
The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more
Affected Products : misiek_paypal- Published: Sep. 12, 2024
- Modified: Sep. 27, 2024
-
8.8
HIGHCVE-2024-43387
A low privileged remote attacker can read and write files as root due to improper neutralization of special elements in the variable EMAIL_RELAY_PASSWORD in mGuard devices.... Read more
Affected Products : tc_mguard_rs4000_4g_vzw_vpn_firmware tc_mguard_rs4000_4g_att_vpn_firmware fl_mguard_rs4004_tx\/dtx_firmware fl_mguard_rs4004_tx\/dtx_vpn_firmware tc_mguard_rs4000_3g_vpn_firmware tc_mguard_rs4000_4g_vpn_firmware fl_mguard_centerport_vpn-1000_firmware fl_mguard_core_tx_firmware fl_mguard_core_tx_vpn_firmware fl_mguard_delta_tx\/tx_firmware +62 more products- Published: Sep. 10, 2024
- Modified: Sep. 27, 2024
-
8.8
HIGHCVE-2024-43386
A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in mGuard devices.... Read more
Affected Products : tc_mguard_rs4000_4g_vzw_vpn_firmware tc_mguard_rs4000_4g_att_vpn_firmware fl_mguard_rs4004_tx\/dtx_firmware fl_mguard_rs4004_tx\/dtx_vpn_firmware tc_mguard_rs4000_3g_vpn_firmware tc_mguard_rs4000_4g_vpn_firmware fl_mguard_centerport_vpn-1000_firmware fl_mguard_core_tx_firmware fl_mguard_core_tx_vpn_firmware fl_mguard_delta_tx\/tx_firmware +62 more products- Published: Sep. 10, 2024
- Modified: Sep. 27, 2024
-
8.8
HIGHCVE-2024-43385
A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable PROXY_HTTP_PORT in mGuard devices.... Read more
Affected Products : tc_mguard_rs4000_4g_vzw_vpn_firmware tc_mguard_rs4000_4g_att_vpn_firmware fl_mguard_rs4004_tx\/dtx_firmware fl_mguard_rs4004_tx\/dtx_vpn_firmware tc_mguard_rs4000_3g_vpn_firmware tc_mguard_rs4000_4g_vpn_firmware fl_mguard_centerport_vpn-1000_firmware fl_mguard_core_tx_firmware fl_mguard_core_tx_vpn_firmware fl_mguard_delta_tx\/tx_firmware +62 more products- Published: Sep. 10, 2024
- Modified: Sep. 27, 2024
-
8.8
HIGHCVE-2024-7699
An low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data.... Read more
Affected Products : tc_mguard_rs4000_4g_vzw_vpn_firmware tc_mguard_rs4000_4g_att_vpn_firmware fl_mguard_rs4004_tx\/dtx_firmware fl_mguard_rs4004_tx\/dtx_vpn_firmware tc_mguard_rs4000_3g_vpn_firmware tc_mguard_rs4000_4g_vpn_firmware fl_mguard_centerport_vpn-1000_firmware fl_mguard_core_tx_firmware fl_mguard_core_tx_vpn_firmware fl_mguard_delta_tx\/tx_firmware +62 more products- Published: Sep. 10, 2024
- Modified: Sep. 27, 2024
-
7.1
HIGHCVE-2024-6785
The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensitive information exposure.... Read more
- Published: Sep. 21, 2024
- Modified: Sep. 27, 2024