Total
94775 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5880 | 2024-08-21 | N/A | 4.3 MEDIUM | ||
| The Hide My Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 due to the plugin not restricting access to the REST API when password protection is enabled. This makes it possible for unauthenticated attackers to gain unauthorized access to the site. | |||||
| CVE-2024-6322 | 2024-08-21 | N/A | 4.4 MEDIUM | ||
| Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query access to the impacted datasource. | |||||
| CVE-2024-7090 | 2024-08-21 | N/A | 6.1 MEDIUM | ||
| The LH Add Media From Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘lh_add_media_from_url-file_url’ parameter in all versions up to, and including, 1.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2024-23729 | 1 Heytap | 1 Internet Browser | 2024-08-20 | N/A | 6.1 MEDIUM |
| The ColorOS Internet Browser com.heytap.browser application 45.10.3.4.1 for Android allows a remote attacker to execute arbitrary JavaScript code via the com.android.browser.RealBrowserActivity component. | |||||
| CVE-2024-7902 | 1 Public Knowledge Project | 1 Open Journal Systems | 2024-08-20 | 5.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in pkp ojs up to 3.4.0-6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login/signOut. The manipulation of the argument source with the input .example.com leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7901 | 1 Scada-lts | 1 Scada-lts | 2024-08-20 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability has been found in Scada-LTS 2.7.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/app.shtm#/alarms/Scada of the component Message Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: A fix is planned for the upcoming release at the end of September 2024. | |||||
| CVE-2024-7900 | 1 Tpmecms | 1 Tpmecms | 2024-08-20 | 3.3 LOW | 4.8 MEDIUM |
| A vulnerability, which was classified as problematic, was found in xiaohe4966 TpMeCMS 1.3.3.2. Affected is an unknown function of the file /h.php/general/config?ref=addtabs of the component Basic Configuration Handler. The manipulation of the argument Site Name/Beian/Contact address/copyright/technical support leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-5916 | 1 Paloaltonetworks | 1 Pan-os | 2024-08-20 | N/A | 4.4 MEDIUM |
| An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems. | |||||
| CVE-2024-37028 | 1 F5 | 1 Big-ip Next Central Manager | 2024-08-20 | N/A | 5.3 MEDIUM |
| BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2024-41723 | 1 F5 | 21 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 18 more | 2024-08-20 | N/A | 4.3 MEDIUM |
| Undisclosed requests to BIG-IP iControl REST can lead to information leak of user account names. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2024-7866 | 1 Xpdfreader | 1 Xpdf | 2024-08-20 | N/A | 5.5 MEDIUM |
| In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow. | |||||
| CVE-2024-42032 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-20 | N/A | 5.5 MEDIUM |
| Access permission verification vulnerability in the Contacts module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-42030 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-20 | N/A | 6.2 MEDIUM |
| Access permission verification vulnerability in the content sharing pop-up module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-43400 | 1 Xwiki | 1 Xwiki | 2024-08-20 | N/A | 5.4 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible for a user without Script or Programming rights to craft a URL pointing to a page with arbitrary JavaScript. This requires social engineer to trick a user to follow the URL. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0. | |||||
| CVE-2024-7453 | 1 Fastadmin | 1 Fastadmin | 2024-08-20 | 3.3 LOW | 4.8 MEDIUM |
| A vulnerability was found in FastAdmin 1.5.0.20240328. It has been declared as problematic. This vulnerability affects unknown code of the file /[admins_url].php/general/attachment/edit/ids/4?dialog=1 of the component Attachment Management Section. The manipulation of the argument row[url]/row[imagewidth]/row[imageheight] leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273544. | |||||
| CVE-2024-25009 | 2024-08-20 | N/A | 6.5 MEDIUM | ||
| Ericsson Packet Core Controller (PCC) contains a vulnerability in Access and Mobility Management Function (AMF) where improper input validation can lead to denial of service which may result in service degradation. | |||||
| CVE-2024-7850 | 2024-08-20 | N/A | 6.1 MEDIUM | ||
| The BP Profile Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.7.5. This is due to missing or incorrect nonce validation on the bps_ajax_field_selector(), bps_ajax_template_options(), and bps_ajax_field_row() functions. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-43326 | 2024-08-20 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Jamie Bergen Plugin Notes Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Plugin Notes Plus: from n/a through 1.2.7. | |||||
| CVE-2024-7686 | 1 Mayurik | 1 Advocate Office Management System | 2024-08-20 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This affects an unknown part of the file register_case.php. The manipulation of the argument title/description/opposite_lawyer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7685 | 1 Mayurik | 1 Advocate Office Management System | 2024-08-20 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the file adds.php. The manipulation of the argument name/dob/email/mobile/address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||