Latest CVE Feed
-
4.7
MEDIUMCVE-2024-39694
Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trusted. If such a Url is returned as ... Read more
Affected Products :- Published: Jul. 31, 2024
- Modified: Aug. 01, 2024
-
9.4
CRITICALCVE-2024-7205
When the device is shared, the homepage module are before 2.19.0 in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information.... Read more
Affected Products : ewelink- Published: Jul. 31, 2024
- Modified: Jul. 31, 2024
-
7.2
HIGHCVE-2024-6770
The Lifetime free Drag & Drop Contact Form Builder for WordPress VForm plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it ... Read more
Affected Products :- Published: Jul. 31, 2024
- Modified: Jul. 31, 2024
-
6.5
MEDIUMCVE-2024-7135
The Tainacan plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_file' function in all versions up to, and including, 0.21.7. The function is also vulnerable to directory traversal. This makes it... Read more
Affected Products : tainacan- Published: Jul. 31, 2024
- Modified: Jul. 31, 2024
-
5.3
MEDIUMCVE-2024-2508
The WP Mobile Menu plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_menu_item_icon function in all versions up to, and including, 2.8.4.4. This makes it possible for unauthenticated atta... Read more
Affected Products :- Published: Jul. 31, 2024
- Modified: Jul. 31, 2024