Latest CVE Feed
-
7.2
HIGHCVE-2024-43370
gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting (XSS) injection if `.po` dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the... Read more
Affected Products :- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
8.8
HIGHCVE-2024-22218
XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead to various actions such as accessing the underly... Read more
Affected Products :- Published: Aug. 15, 2024
- Modified: Aug. 19, 2024
-
8.8
HIGHCVE-2024-7146
The JetTabs for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.3 via the 'switcher_preset' parameter. This makes it possible for authenticated attackers, with Contributor-level access and abo... Read more
Affected Products :- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
4.2
MEDIUMCVE-2024-7501
The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.7. This is due to missing or incorrect nonce validation on the download_theme() function. This... Read more
Affected Products :- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
7.2
HIGHCVE-2022-1751
The Skitter Slideshow plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.2 via the /image.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations o... Read more
Affected Products :- Published: Aug. 17, 2024
- Modified: Aug. 19, 2024
-
7.8
HIGHCVE-2024-2175
An insecure permissions vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges.... Read more
Affected Products :- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
6.8
MEDIUMCVE-2024-25008
Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell with the same privileges as the attacker. The attacker w... Read more
Affected Products :- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
5.9
MEDIUMCVE-2024-6098
When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response leading to unrestricted or unregulated resource alloc... Read more
- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
6.5
MEDIUMCVE-2024-42475
In the OAuth library for nim prior to version 0.11, the `state` values generated by the `generateState` function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the us... Read more
Affected Products :- Published: Aug. 15, 2024
- Modified: Aug. 19, 2024
-
7.1
HIGHCVE-2024-43303
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in videousermanuals.Com White Label CMS allows Reflected XSS.This issue affects White Label CMS: from n/a through 2.7.4.... Read more
Affected Products :- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
5.9
MEDIUMCVE-2024-43347
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VirusTran Button contact VR allows Stored XSS.This issue affects Button contact VR: from n/a through 4.7.3.... Read more
Affected Products : call_\/_chat_\/_contact_button- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
6.5
MEDIUMCVE-2024-43353
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in myCred allows Stored XSS.This issue affects myCred: from n/a through 2.7.2.... Read more
Affected Products : mycred- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
6.5
MEDIUMCVE-2024-43307
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gordon Böhme, Antonio Leutsch Structured Content allows Stored XSS.This issue affects Structured Content: from n/a through 1.6.2.... Read more
Affected Products :- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
6.5
MEDIUMCVE-2024-43262
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in webriti Busiprof allows Stored XSS.This issue affects Busiprof: from n/a through 2.4.8.... Read more
Affected Products :- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
7.1
HIGHCVE-2024-43279
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.8.... Read more
Affected Products : newsletters- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
5.9
MEDIUMCVE-2024-39666
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 9.1.2.... Read more
Affected Products : woocommerce- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
0.0
NACVE-2024-42299
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed If an NTFS file system is mounted to another system with different PAGE_SIZE from the original system, log->page_size wi... Read more
Affected Products : linux_kernel- Published: Aug. 17, 2024
- Modified: Aug. 19, 2024
-
0.0
NACVE-2024-42274
In the Linux kernel, the following vulnerability has been resolved: Revert "ALSA: firewire-lib: operate for period elapse event in process context" Commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event in process context") removed th... Read more
Affected Products : linux_kernel- Published: Aug. 17, 2024
- Modified: Aug. 19, 2024
-
5.3
MEDIUMCVE-2024-35686
Missing Authorization vulnerability in Automattic Sensei LMS, Automattic Sensei Pro (WC Paid Courses).This issue affects Sensei LMS: from n/a through 4.23.1; Sensei Pro (WC Paid Courses): from n/a through 4.23.1.1.23.1.... Read more
Affected Products : sensei_lms- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
6.4
MEDIUMCVE-2024-7703
The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.0.37 due to insufficient input ... Read more
Affected Products : armember- Published: Aug. 17, 2024
- Modified: Aug. 19, 2024