Total
90969 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-28044 | 1 Openatom | 1 Openharmony | 2024-09-04 | N/A | 5.5 MEDIUM |
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause crash through integer overflow. | |||||
CVE-2024-8328 | 1 Easy Test Online Learning And Testing Platform Project | 1 Easy Test Online Learning And Testing Platform | 2024-09-04 | N/A | 5.4 MEDIUM |
Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary JavaScript code and perform Reflected Cross-site scripting attacks. | |||||
CVE-2024-38382 | 1 Openatom | 1 Openharmony | 2024-09-04 | N/A | 5.5 MEDIUM |
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | |||||
CVE-2024-41162 | 1 Mattermost | 1 Mattermost Server | 2024-09-04 | N/A | 4.3 MEDIUM |
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a malicious remote to make an arbitrary local channel read-only. | |||||
CVE-2024-41926 | 1 Mattermost | 1 Mattermost Server | 2024-09-04 | N/A | 4.3 MEDIUM |
Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote. | |||||
CVE-2024-45509 | 1 Misp | 1 Misp | 2024-09-04 | N/A | 6.5 MEDIUM |
In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to bookmarks data in the case where the user is not an org admin. | |||||
CVE-2024-39612 | 1 Openatom | 1 Openharmony | 2024-09-04 | N/A | 5.5 MEDIUM |
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | |||||
CVE-2024-41371 | 1 Organizr | 1 Organizr | 2024-09-04 | N/A | 6.1 MEDIUM |
Organizr v1.90 is vulnerable to Cross Site Scripting (XSS) via api.php. | |||||
CVE-2024-41351 | 1 Baijunyao | 1 Bjyadmin | 2024-09-04 | N/A | 6.1 MEDIUM |
bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/getContent.php | |||||
CVE-2024-41350 | 1 Baijunyao | 1 Bjyadmin | 2024-09-04 | N/A | 6.1 MEDIUM |
bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/imageUp.php | |||||
CVE-2024-41348 | 1 Jpatokal | 1 Openflights | 2024-09-04 | N/A | 6.1 MEDIUM |
openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/alsearch.php | |||||
CVE-2024-41347 | 1 Jpatokal | 1 Openflights | 2024-09-04 | N/A | 6.1 MEDIUM |
openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/settings.php | |||||
CVE-2024-41346 | 1 Jpatokal | 1 Openflights | 2024-09-04 | N/A | 5.4 MEDIUM |
openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/submit.php | |||||
CVE-2024-44920 | 1 Seacms | 1 Seacms | 2024-09-04 | N/A | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter. | |||||
CVE-2024-8004 | 1 3ds | 1 3dexperience Enovia | 2024-09-04 | N/A | 5.4 MEDIUM |
A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||
CVE-2024-7938 | 1 3ds | 1 3dexperience | 2024-09-04 | N/A | 5.4 MEDIUM |
A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | |||||
CVE-2024-38858 | 1 Checkmk | 1 Checkmk | 2024-09-04 | N/A | 6.1 MEDIUM |
Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject and run malicious scripts in the Robotmk logs view. | |||||
CVE-2024-8365 | 1 Hashicorp | 1 Vault | 2024-09-04 | N/A | 6.5 MEDIUM |
Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9. | |||||
CVE-2024-5024 | 1 Memberpress | 1 Memberpress | 2024-09-04 | N/A | 6.1 MEDIUM |
The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mepr_screenname' and 'mepr_key' parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
CVE-2024-4401 | 1 Wpvibes | 1 Elementor Addon Elements | 2024-09-04 | N/A | 5.4 MEDIUM |
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ and 'eae_slider_animation' parameters in all versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |