Latest CVE Feed
-
7.5
HIGHCVE-2024-39948
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.... Read more
- Published: Jul. 31, 2024
- Modified: Aug. 19, 2024
-
6.5
MEDIUMCVE-2024-39947
A vulnerability has been found in Dahua products.After obtaining the ordinary user's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash.... Read more
- Published: Jul. 31, 2024
- Modified: Aug. 19, 2024
-
7.8
HIGHCVE-2024-39389
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in th... Read more
- Published: Aug. 14, 2024
- Modified: Aug. 19, 2024
-
7.2
HIGHCVE-2024-39946
A vulnerability has been found in Dahua products.After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing device initialization.... Read more
- Published: Jul. 31, 2024
- Modified: Aug. 19, 2024
-
6.9
MEDIUMCVE-2024-7912
A vulnerability was found in CodeAstro Online Railway Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/assets/. The manipulation leads to exposure of information through directory list... Read more
Affected Products : online_railway_reservation_system- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
9.8
CRITICALCVE-2024-39950
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities to initiate device initialization.... Read more
- Published: Jul. 31, 2024
- Modified: Aug. 19, 2024
-
9.8
CRITICALCVE-2024-7913
A vulnerability was found in itsourcecode Billing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /addclient1.php. The manipulation of the argument lname/fname/mi/address/contact/meterReader leads to sql i... Read more
Affected Products : billing_system- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
5.4
MEDIUMCVE-2024-7914
A vulnerability classified as problematic has been found in SourceCodester Yoga Class Registration System 1.0. Affected is an unknown function of the file /php-ycrs/classes/SystemSettings.php. The manipulation of the argument address leads to cross site s... Read more
- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
7.5
HIGHCVE-2024-39944
A vulnerability has been found in Dahua products.Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.... Read more
- Published: Jul. 31, 2024
- Modified: Aug. 19, 2024
-
9.0
HIGHCVE-2024-7832
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 ... Read more
Affected Products : dns-320_firmware dnr-322l_firmware dns-320l_firmware dns-320l dns-120_firmware dns-120 dnr-202l_firmware dnr-202l dns-315l_firmware dns-315l +30 more products- Published: Aug. 15, 2024
- Modified: Aug. 19, 2024
-
9.8
CRITICALCVE-2024-7833
A vulnerability was found in D-Link DI-8100 16.07. It has been classified as critical. This affects the function upgrade_filter_asp of the file upgrade_filter.asp. The manipulation of the argument path leads to command injection. It is possible to initiat... Read more
- Published: Aug. 15, 2024
- Modified: Aug. 19, 2024
-
4.3
MEDIUMCVE-2024-7422
The Theme My Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.1.7. This is due to missing or incorrect nonce validation on the tml_admin_save_ms_settings() function. This makes it possible for ... Read more
Affected Products :- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
4.3
MEDIUMCVE-2023-7049
The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the 'cm_fieldshow' shortcode due to missing validation on the 'job_id' user controlled key. This m... Read more
Affected Products :- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
4.4
MEDIUMCVE-2022-3399
The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cookie_notice_options[refuse_code_head]' parameter in versions up to, and including, 2.4.17.1 due to insufficient input sanitization ... Read more
Affected Products : cookie_notice_\&_compliance_for_gdpr_\/_ccpa- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
9.0
HIGHCVE-2024-7849
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, ... Read more
Affected Products : dns-320_firmware dnr-322l_firmware dns-320l_firmware dns-120_firmware dnr-202l_firmware dns-315l_firmware dns-320lw_firmware dns-321_firmware dns-323_firmware dns-325_firmware +10 more products- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
7.2
HIGHCVE-2024-43370
gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting (XSS) injection if `.po` dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the... Read more
Affected Products :- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
7.2
HIGHCVE-2024-43369
Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists `javascript:` and `vbscript:` in links to pr... Read more
Affected Products :- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
7.8
HIGHCVE-2024-43378
calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users who installed NixOS through the graphical installer who used manual disk partitioning to create a setup where the system was booted via legacy... Read more
Affected Products : calamares-nixos-extensions- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
5.3
MEDIUMCVE-2023-4730
The LadiApp plugn for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init_endpoint() function hooked via 'init' in versions up to, and including, 4.3. This makes it possible for unauthenticated attack... Read more
Affected Products : ladipage- Published: Aug. 17, 2024
- Modified: Aug. 19, 2024
-
6.1
MEDIUMCVE-2023-4604
The Slideshow, Image Slider by 2J plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘post’ parameter in versions up to, and including, 1.3.54 due to insufficient input sanitization and output escaping. This makes it possible for... Read more
Affected Products : 2j_slideshow- Published: Aug. 17, 2024
- Modified: Aug. 19, 2024