Total
88282 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28806 | 1 Zscaler | 1 Client Connector | 2024-08-07 | N/A | 6.5 MEDIUM |
| An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This issue affects Client Connector on Windows <4.2.0.190. | |||||
| CVE-2024-23464 | 1 Zscaler | 1 Client Connector | 2024-08-07 | N/A | 4.9 MEDIUM |
| In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows <4.2.1 | |||||
| CVE-2024-6995 | 1 Google | 2 Android, Chrome | 2024-08-07 | N/A | 4.7 MEDIUM |
| Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-2843 | 2024-08-07 | N/A | 6.5 MEDIUM | ||
| The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin users delete users via CSRF attacks | |||||
| CVE-2024-7564 | 1 Logsign | 1 Unified Secops Platform | 2024-08-07 | N/A | 6.5 MEDIUM |
| Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the get_response_json_result endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-24680. | |||||
| CVE-2024-7005 | 1 Google | 1 Chrome | 2024-08-07 | N/A | 4.3 MEDIUM |
| Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low) | |||||
| CVE-2024-7003 | 1 Google | 1 Chrome | 2024-08-07 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2024-41381 | 2024-08-07 | N/A | 6.1 MEDIUM | ||
| microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\settings\admin.php. | |||||
| CVE-2024-41380 | 2024-08-07 | N/A | 6.1 MEDIUM | ||
| microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\tags\add_tagging_tagged.php. | |||||
| CVE-2024-7368 | 1 Oretnom23 | 1 Simple Realtime Quiz System | 2024-08-07 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability has been found in SourceCodester Simple Realtime Quiz System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /ajax.php?action=save_quiz. The manipulation of the argument title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273352. | |||||
| CVE-2024-3636 | 2024-08-07 | N/A | 5.4 MEDIUM | ||
| The Pinpoint Booking System WordPress plugin before 2.9.9.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-7353 | 2024-08-07 | N/A | 5.4 MEDIUM | ||
| The Accept Stripe Payments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's accept_stripe_payment_ng shortcode in all versions up to, and including, 2.0.86 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-6496 | 2024-08-07 | N/A | 6.5 MEDIUM | ||
| The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks when deleting polls, which could allow attackers to make logged in users perform such action via a CSRF attack | |||||
| CVE-2024-7357 | 2024-08-07 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgi_main of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273329 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | |||||
| CVE-2024-7466 | 1 Pmweb | 1 Pmweb | 2024-08-06 | 3.3 LOW | 5.4 MEDIUM |
| A vulnerability has been found in PMWeb 7.2.00 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Application Firewall. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273559. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-5963 | 2024-08-06 | N/A | 6.7 MEDIUM | ||
| Unquoted Executable Path vulnerability in Hitachi Device Manager on Windows (Device Manager Server component).This issue affects Hitachi Device Manager: before 8.8.7-00. | |||||
| CVE-2024-41820 | 2024-08-06 | N/A | 6.0 MEDIUM | ||
| Kubean is a cluster lifecycle management toolchain based on kubespray and other cluster LCM engine. The ClusterRole has `*` verbs of `*` resources. If a malicious user can access the worker node which has kubean's deployment, he/she can abuse these excessive permissions to do whatever he/she likes to the whole cluster, resulting in a cluster-level privilege escalation. This issue has been addressed in release version 0.18.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-6766 | 2024-08-06 | N/A | 5.4 MEDIUM | ||
| The shortcodes-ultimate-pro WordPress plugin before 7.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2024-7055 | 2024-08-06 | 7.5 HIGH | 6.3 MEDIUM | ||
| A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651. | |||||
| CVE-2024-5081 | 2024-08-05 | N/A | 6.1 MEDIUM | ||
| The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | |||||