Latest CVE Feed
-
6.5
MEDIUMCVE-2024-43226
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jeroen Sormani WP Dashboard Notes allows Stored XSS.This issue affects WP Dashboard Notes: from n/a through 1.0.11.... Read more
Affected Products : wp_dashboard_notes- Published: Aug. 12, 2024
- Modified: Aug. 13, 2024
-
7.1
HIGHCVE-2024-43217
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pierre Lebedel Kodex Posts likes allows Reflected XSS.This issue affects Kodex Posts likes: from n/a through 2.5.0.... Read more
Affected Products : kodex_posts_likes- Published: Aug. 12, 2024
- Modified: Aug. 13, 2024
-
7.8
HIGHCVE-2023-7066
The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.... Read more
- Published: Aug. 12, 2024
- Modified: Aug. 13, 2024
-
6.5
MEDIUMCVE-2024-43216
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Patrick Posner Filr – Secure document library allows Stored XSS.This issue affects Filr – Secure document library: from n/a through 1.2.4.... Read more
Affected Products :- Published: Aug. 12, 2024
- Modified: Aug. 13, 2024
-
6.4
MEDIUMCVE-2024-2259
This vulnerability exists in InstaRISPACS software due to insufficient validation of user supplied input for the loginTo parameter in user login module of the web interface of the application. A remote attacker could exploit this vulnerability by sending ... Read more
Affected Products :- Published: Aug. 13, 2024
- Modified: Aug. 13, 2024
-
7.8
HIGHCVE-2024-41908
A vulnerability has been identified in NX (All versions < V2406.3000). The affected applications contains an out of bounds read vulnerability while parsing specially crafted PRT files. This could allow an attacker to crash the application or execute code ... Read more
Affected Products : nx- Published: Aug. 13, 2024
- Modified: Aug. 13, 2024
-
6.5
MEDIUMCVE-2024-43133
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themify Themify Shortcodes allows Stored XSS.This issue affects Themify Shortcodes: from n/a through 2.1.1.... Read more
- Published: Aug. 12, 2024
- Modified: Aug. 13, 2024
-
6.5
MEDIUMCVE-2024-38752
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zoho Campaigns allows Cross-Site Scripting (XSS).This issue affects Zoho Campaigns: from n/a through 2.0.8.... Read more
Affected Products : zoho_campaigns- Published: Aug. 13, 2024
- Modified: Aug. 13, 2024
-
7.5
HIGHCVE-2024-38787
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Codection Import and export users and customers allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Import and export users and customers: from n/a ... Read more
Affected Products : import_and_export_users_and_customers- Published: Aug. 13, 2024
- Modified: Aug. 13, 2024
-
5.9
MEDIUMCVE-2024-43130
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Antoine Hurkmans Football Pool allows Stored XSS.This issue affects Football Pool: from n/a through 2.11.10.... Read more
Affected Products :- Published: Aug. 12, 2024
- Modified: Aug. 13, 2024
-
8.1
HIGHCVE-2024-40479
A SQL injection vulnerability in "/admin/quizquestion.php" in Kashipara Online Exam System v1.0 allows remote attackers to execute arbitrary SQL commands via the "eid" parameter.... Read more
Affected Products :- Published: Aug. 12, 2024
- Modified: Aug. 13, 2024
-
6.5
MEDIUMCVE-2024-34788
An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a remote malicious user to access potentially sensitive information... Read more
Affected Products : endpoint_manager_mobile- Published: Aug. 07, 2024
- Modified: Aug. 12, 2024
-
7.7
HIGHCVE-2024-42347
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs ... Read more
- Published: Aug. 06, 2024
- Modified: Aug. 12, 2024
-
6.3
MEDIUMCVE-2024-41677
Qwik is a performance focused javascript framework. A potential mutation XSS vulnerability exists in Qwik for versions up to but not including 1.6.0. Qwik improperly escapes HTML on server-side rendering. It converts strings according to the rules found i... Read more
Affected Products : qwik- Published: Aug. 06, 2024
- Modified: Aug. 12, 2024
-
8.5
HIGHCVE-2024-7502
A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code.... Read more
Affected Products : diascreen- Published: Aug. 06, 2024
- Modified: Aug. 12, 2024
-
6.2
MEDIUMCVE-2024-42358
PDFio is a simple C library for reading and writing PDF files. There is a denial of service (DOS) vulnerability in the TTF parser. Maliciously crafted TTF files can cause the program to utilize 100% of the Memory and enter an infinite loop. This can also ... Read more
- Published: Aug. 06, 2024
- Modified: Aug. 12, 2024
-
6.7
MEDIUMCVE-2024-31201
A “CWE-428: Unquoted Search Path or Element” affects the ThermoscanIP_Scrutation service. Such misconfiguration could be abused in scenarios where incorrect permissions were assigned to the C:\ path to attempt a privilege escalation on the local machine.... Read more
Affected Products : thermoscan_ip- Published: Jul. 31, 2024
- Modified: Aug. 12, 2024
-
8.4
HIGHCVE-2024-34620
Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1 allows local attackers to start privileged service.... Read more
- Published: Aug. 07, 2024
- Modified: Aug. 12, 2024
-
8.8
HIGHCVE-2024-34619
Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.... Read more
- Published: Aug. 07, 2024
- Modified: Aug. 12, 2024
-
4.0
MEDIUMCVE-2024-34618
Improper access control in System property prior to SMR Aug-2024 Release 1 allows local attackers to access cell related information.... Read more
- Published: Aug. 07, 2024
- Modified: Aug. 12, 2024