Latest CVE Feed
-
6.4
MEDIUMCVE-2024-9118
The QS Dark Mode Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated a... Read more
Affected Products : qs_dark_mode- Published: Oct. 01, 2024
- Modified: Oct. 04, 2024
-
6.8
MEDIUMCVE-2023-7273
Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header ... Read more
Affected Products :- Published: Oct. 01, 2024
- Modified: Oct. 04, 2024
-
5.6
MEDIUMCVE-2024-44610
PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before 2.11.0 are vulnerable to Command injection via shell metacharacters in a Software Update to processing.php.... Read more
Affected Products :- Published: Oct. 01, 2024
- Modified: Oct. 04, 2024
-
4.8
MEDIUMCVE-2024-46475
A reflected cross-site scripting (XSS) vulnerability on the homepage of Metronic Admin Dashboard Template v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.... Read more
Affected Products :- Published: Sep. 30, 2024
- Modified: Oct. 04, 2024
-
7.5
HIGHCVE-2024-46511
LoadZilla LLC LoadLogic v1.4.3 was discovered to contain insecure permissions vulnerability which allows a remote attacker to execute arbitrary code via the LogicLoadEc2DeployLambda and CredsGenFunction function.... Read more
Affected Products :- Published: Sep. 30, 2024
- Modified: Oct. 04, 2024
-
6.1
MEDIUMCVE-2024-8727
The DK PDF plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.6. This makes it possible for unauthenticated attackers to in... Read more
Affected Products :- Published: Oct. 01, 2024
- Modified: Oct. 04, 2024
-
7.1
HIGHCVE-2024-8981
The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg in /app/admin-notices/features/class-view.php without appropriate escaping on the URL in all versions up to, and including, 2.4.0.... Read more
Affected Products : broken_link_checker- Published: Oct. 01, 2024
- Modified: Oct. 04, 2024
-
6.1
MEDIUMCVE-2024-8786
The Auto Featured Image from Title plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthent... Read more
Affected Products :- Published: Oct. 01, 2024
- Modified: Oct. 04, 2024
-
7.8
HIGHCVE-2024-47560
RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this vulnerability is exploited, unintended processes may be executed in the sandbox environment. Even if malware is executed in the sandbox environment, it do... Read more
Affected Products :- Published: Oct. 01, 2024
- Modified: Oct. 04, 2024
-
5.3
MEDIUMCVE-2024-21531
All versions of the package git-shallow-clone are vulnerable to Command injection due to missing sanitization or mitigation flags in the process variable of the gitShallowClone function.... Read more
Affected Products :- Published: Oct. 01, 2024
- Modified: Oct. 04, 2024
-
4.9
MEDIUMCVE-2024-0116
NVIDIA Triton Inference Server contains a vulnerability where a user may cause an out-of-bounds read issue by releasing a shared memory region while it is in use. A successful exploit of this vulnerability may lead to denial of service.... Read more
Affected Products : triton_inference_server- Published: Oct. 01, 2024
- Modified: Oct. 04, 2024
-
6.5
MEDIUMCVE-2024-47641
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloperr Confetti Fall Animation allows Stored XSS.This issue affects Confetti Fall Animation: from n/a through 1.3.0.... Read more
Affected Products :- Published: Sep. 30, 2024
- Modified: Oct. 04, 2024
-
6.3
MEDIUMCVE-2024-46548
TP-Link Tapo P125M and Kasa KP125M v1.0.3 was discovered to improperly validate certificates, allowing attackers to eavesdrop on communications and access sensitive information via a man-in-the-middle attack.... Read more
Affected Products :- Published: Sep. 30, 2024
- Modified: Oct. 04, 2024
-
7.6
HIGHCVE-2024-46549
An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users.... Read more
Affected Products :- Published: Sep. 30, 2024
- Modified: Oct. 04, 2024
-
8.8
HIGHCVE-2024-46280
PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access Control. The TELNET service is enabled with weak credentials for a root-level account, without the possibility of changing them.... Read more
Affected Products :- Published: Sep. 30, 2024
- Modified: Oct. 04, 2024
-
9.3
CRITICALCVE-2024-45367
The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication process, which can lead to an attacker authenticating without a password.... Read more
Affected Products :- Published: Oct. 03, 2024
- Modified: Oct. 04, 2024
-
8.8
HIGHCVE-2024-8885
A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2024.2.0 and older allows writing of arbitrary files.... Read more
Affected Products :- Published: Oct. 02, 2024
- Modified: Oct. 04, 2024
-
7.5
HIGHCVE-2024-44017
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MinHyeong Lim MH Board allows PHP Local File Inclusion.This issue affects MH Board: from n/a through 1.3.2.1.... Read more
Affected Products :- Published: Oct. 02, 2024
- Modified: Oct. 04, 2024
-
6.5
MEDIUMCVE-2024-35294
An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials.... Read more
Affected Products :- Published: Oct. 02, 2024
- Modified: Oct. 04, 2024
-
3.3
LOWCVE-2024-0125
NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause a NULL pointer dereference by running nvdisasm on a malformed ELF file. A successful exploit of this vulnerability might lead to a ... Read more
Affected Products : cuda_toolkit- Published: Oct. 03, 2024
- Modified: Oct. 04, 2024