Latest CVE Feed
-
8.1
HIGHCVE-2024-11104
The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a ... Read more
Affected Products : sky_addons_for_elementor- Published: Nov. 22, 2024
- Modified: Feb. 05, 2025
-
4.3
MEDIUMCVE-2024-10666
The Easy Twitter Feed – Twitter feeds plugin for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.6 via the [etf] shortcode. This makes it possible for authenticated attackers, with Contributor-level ... Read more
Affected Products :- Published: Nov. 22, 2024
- Modified: Nov. 22, 2024
-
5.5
MEDIUMCVE-2024-10034
The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the gallery link text parameter in all versions up to, and ... Read more
Affected Products : simply_gallery_blocks_with_lightbox- Published: Nov. 22, 2024
- Modified: Nov. 22, 2024
-
6.7
MEDIUMCVE-2024-38296
Dell Edge Gateway 3200, versions prior to 15.40.30.2879, and Edge Gateway 5200, versions prior to 12.0.94.2380, contain an Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution vulnerability. A high privilege... Read more
- Published: Nov. 22, 2024
- Modified: Feb. 04, 2025
-
5.5
MEDIUMCVE-2024-47142
AIPHONE IXG SYSTEM IXG-2C7 firmware Ver.2.03 and earlier and IXG-2C7-L firmware Ver.2.03 and earlier contain an issue with insufficiently protected credentials, which may allow a network-adjacent authenticated attacker to perform unintended operations.... Read more
Affected Products :- Published: Nov. 22, 2024
- Modified: Nov. 22, 2024
-
5.4
MEDIUMCVE-2024-45837
Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software. A network-adjacent unauthenticated attacker may log in to SFTP service and obtain and/or manipulate unauthorized files.... Read more
Affected Products :- Published: Nov. 22, 2024
- Modified: Nov. 22, 2024
-
6.5
MEDIUMCVE-2024-39290
Insufficiently protected credentials issue exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent unauthenticated attacker may obtain sensitive information such as a username and its password in the address book.... Read more
Affected Products :- Published: Nov. 22, 2024
- Modified: Nov. 22, 2024
-
8.0
HIGHCVE-2024-31408
OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent authenticated attacker may execute an arbitrary OS command with root privileges by sending a specially crafted request.... Read more
Affected Products :- Published: Nov. 22, 2024
- Modified: Nov. 22, 2024
-
6.9
MEDIUMCVE-2024-52056
Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to delete any directory on the file system if the target directory contains an XML definition file.... Read more
Affected Products : streaming_engine- Published: Nov. 21, 2024
- Modified: Nov. 21, 2024
-
8.2
HIGHCVE-2024-52055
Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to read any file on the file system if the target directory contains an XML definition file.... Read more
Affected Products : streaming_engine- Published: Nov. 21, 2024
- Modified: Nov. 21, 2024
-
5.1
MEDIUMCVE-2024-52054
Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to create an XML definition file anywhere on the file system.... Read more
Affected Products : streaming_engine- Published: Nov. 21, 2024
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2024-52053
Stored Cross-Site Scripting in the Manager component of Wowza Streaming Engine below 4.9.1 allows an unauthenticated attacker to inject client-side JavaScript into the web dashboard to automatically hijack admin accounts.... Read more
Affected Products : streaming_engine- Published: Nov. 21, 2024
- Modified: Nov. 21, 2024
-
9.4
CRITICALCVE-2024-52052
Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application property and poison a stream target for high-privilege remote code execution.... Read more
Affected Products : streaming_engine- Published: Nov. 21, 2024
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2024-52616
A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction ID... Read more
- Published: Nov. 21, 2024
- Modified: May. 14, 2025
-
5.3
MEDIUMCVE-2024-52615
A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.... Read more
Affected Products : avahi- Published: Nov. 21, 2024
- Modified: Jul. 21, 2025
-
9.8
CRITICALCVE-2024-51367
An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard v2.0.0.2 allows attackers to execute arbitrary code via uploading a crafted .xml file.... Read more
Affected Products :- Published: Nov. 21, 2024
- Modified: Nov. 27, 2024
-
9.8
CRITICALCVE-2024-51366
An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file.... Read more
Affected Products :- Published: Nov. 21, 2024
- Modified: Dec. 04, 2024
-
8.8
HIGHCVE-2024-51364
An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers to execute arbitrary code via uploading a crafted .xml file.... Read more
Affected Products :- Published: Nov. 21, 2024
- Modified: Nov. 27, 2024
-
6.8
MEDIUMCVE-2024-49588
Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections.... Read more
Affected Products :- Published: Nov. 21, 2024
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2024-53095
In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace. Recently, we got a customer report that CIFS triggers oops while reconnecting to a server. [0] The workload runs on Kubernetes, a... Read more
Affected Products : linux_kernel- Published: Nov. 21, 2024
- Modified: Mar. 24, 2025