Latest CVE Feed
-
9.8
CRITICALCVE-2024-7913
A vulnerability was found in itsourcecode Billing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /addclient1.php. The manipulation of the argument lname/fname/mi/address/contact/meterReader leads to sql i... Read more
Affected Products : billing_system- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
5.4
MEDIUMCVE-2024-7914
A vulnerability classified as problematic has been found in SourceCodester Yoga Class Registration System 1.0. Affected is an unknown function of the file /php-ycrs/classes/SystemSettings.php. The manipulation of the argument address leads to cross site s... Read more
- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
7.5
HIGHCVE-2024-39944
A vulnerability has been found in Dahua products.Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.... Read more
- Published: Jul. 31, 2024
- Modified: Aug. 19, 2024
-
9.0
HIGHCVE-2024-7832
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 ... Read more
Affected Products : dns-320_firmware dnr-322l_firmware dns-320l_firmware dns-320l dns-120_firmware dns-120 dnr-202l_firmware dnr-202l dns-315l_firmware dns-315l +30 more products- Published: Aug. 15, 2024
- Modified: Aug. 19, 2024
-
9.8
CRITICALCVE-2024-7833
A vulnerability was found in D-Link DI-8100 16.07. It has been classified as critical. This affects the function upgrade_filter_asp of the file upgrade_filter.asp. The manipulation of the argument path leads to command injection. It is possible to initiat... Read more
- Published: Aug. 15, 2024
- Modified: Aug. 19, 2024
-
4.7
MEDIUMCVE-2023-1604
The Short URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.8. This is due to missing or incorrect nonce validation on the configuration_page function. This makes it possible for unauthenticated att... Read more
Affected Products : short_url- Published: Aug. 17, 2024
- Modified: Aug. 19, 2024
-
8.8
HIGHCVE-2024-7146
The JetTabs for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.3 via the 'switcher_preset' parameter. This makes it possible for authenticated attackers, with Contributor-level access and abo... Read more
Affected Products :- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
6.1
MEDIUMCVE-2023-4507
The Admission AppManager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'q' parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthentica... Read more
Affected Products :- Published: Aug. 17, 2024
- Modified: Aug. 19, 2024
-
9.0
HIGHCVE-2024-7849
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, ... Read more
Affected Products : dns-320_firmware dnr-322l_firmware dns-320l_firmware dns-120_firmware dnr-202l_firmware dns-315l_firmware dns-320lw_firmware dns-321_firmware dns-323_firmware dns-325_firmware +10 more products- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
7.8
HIGHCVE-2024-43378
calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users who installed NixOS through the graphical installer who used manual disk partitioning to create a setup where the system was booted via legacy... Read more
Affected Products : calamares-nixos-extensions- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
7.2
HIGHCVE-2024-43370
gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting (XSS) injection if `.po` dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the... Read more
Affected Products :- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
7.2
HIGHCVE-2024-43369
Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists `javascript:` and `vbscript:` in links to pr... Read more
Affected Products :- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
8.5
HIGHCVE-2024-6456
AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted ... Read more
Affected Products : historian- Published: Aug. 15, 2024
- Modified: Aug. 19, 2024
-
7.5
HIGHCVE-2024-43367
Boa is an embeddable and experimental Javascript engine written in Rust. Starting in version 0.16 and prior to version 0.19.0, a wrong assumption made when handling ECMAScript's `AsyncGenerator` operations can cause an uncaught exception on certain script... Read more
Affected Products :- Published: Aug. 15, 2024
- Modified: Aug. 19, 2024
-
6.1
MEDIUMCVE-2023-4604
The Slideshow, Image Slider by 2J plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘post’ parameter in versions up to, and including, 1.3.54 due to insufficient input sanitization and output escaping. This makes it possible for... Read more
Affected Products : 2j_slideshow- Published: Aug. 17, 2024
- Modified: Aug. 19, 2024
-
8.6
HIGHCVE-2024-43357
ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript (JavaScript) specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as... Read more
Affected Products :- Published: Aug. 15, 2024
- Modified: Aug. 19, 2024
-
6.5
MEDIUMCVE-2024-42476
In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the `state` parameter to prevent cross-site request forgery (CSRF) attacks where a resource owner might have their session associated with pro... Read more
Affected Products :- Published: Aug. 15, 2024
- Modified: Aug. 19, 2024
-
6.5
MEDIUMCVE-2024-42475
In the OAuth library for nim prior to version 0.11, the `state` values generated by the `generateState` function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the us... Read more
Affected Products :- Published: Aug. 15, 2024
- Modified: Aug. 19, 2024
-
5.3
MEDIUMCVE-2023-4730
The LadiApp plugn for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init_endpoint() function hooked via 'init' in versions up to, and including, 4.3. This makes it possible for unauthenticated attack... Read more
Affected Products : ladipage- Published: Aug. 17, 2024
- Modified: Aug. 19, 2024
-
9.8
CRITICALCVE-2024-23168
Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting in the arbitrary code execution.... Read more
Affected Products :- Published: Aug. 15, 2024
- Modified: Aug. 19, 2024