Total
274402 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-46394 | 1 Frogcms Project | 1 Frogcms | 2024-09-25 | N/A | 8.8 HIGH |
| FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/?/user/add | |||||
| CVE-2024-45752 | 1 Pixlone | 1 Logiops | 2024-09-25 | N/A | 7.3 HIGH |
| logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction. | |||||
| CVE-2024-9031 | 1 Workdo | 1 Crmgo Saas | 2024-09-25 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in CodeCanyon CRMGo SaaS up to 7.2. This issue affects some unknown processing of the file /project/task/{task_id}/show. The manipulation of the argument comment leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-40838 | 1 Apple | 1 Macos | 2024-09-25 | N/A | 3.3 LOW |
| A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15. A malicious app may be able to access notifications from the user's device. | |||||
| CVE-2024-47060 | 1 Zitadel | 1 Zitadel | 2024-09-25 | N/A | 6.5 MEDIUM |
| Zitadel is an open source identity management platform. In Zitadel, even after an organization is deactivated, associated projects, respectively their applications remain active. Users across other organizations can still log in and access through these applications, leading to unauthorized access. Additionally, if a project was deactivated access to applications was also still possible. The issue stems from the fact that when an organization is deactivated in Zitadel, the applications associated with it do not automatically deactivate. The application lifecycle is not tightly coupled with the organization's lifecycle, leading to a situation where the organization or project is marked as inactive, but its resources remain accessible. This vulnerability allows for unauthorized access to projects and their resources, which should have been restricted post-organization deactivation. Versions 2.62.1, 2.61.1, 2.60.2, 2.59.3, 2.58.5, 2.57.5, 2.56.6, 2.55.8, and 2.54.10 have been released which address this issue. Users are advised to upgrade. Users unable to upgrade may explicitly disable the application to make sure the client is not allowed anymore. | |||||
| CVE-2024-7625 | 2024-09-25 | N/A | 5.8 MEDIUM | ||
| In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability, CVE-2024-7625, is fixed in Nomad 1.6.14, 1.7.11, and 1.8.3. Access or compromise of the Nomad client agent at the source allocation first is a prerequisite for leveraging this vulnerability. | |||||
| CVE-2024-44005 | 1 Greenshiftwp | 1 Greenshift - Animation And Page Builder Blocks | 2024-09-25 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Stored XSS.This issue affects Greenshift – animation and page builder blocks: from n/a through 9.3.7. | |||||
| CVE-2024-43999 | 1 Ninjaforms | 1 Ninja Forms | 2024-09-25 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.11. | |||||
| CVE-2024-44124 | 1 Apple | 2 Ipados, Iphone Os | 2024-09-25 | N/A | 6.5 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A malicious Bluetooth input device may bypass pairing. | |||||
| CVE-2024-8364 | 1 Webhammer | 1 Wp Custom Fields Search | 2024-09-25 | N/A | 5.4 MEDIUM |
| The WP Custom Fields Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode in all versions up to, and including, 1.2.35 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-31570 | 1 Freeimage Project | 1 Freeimage | 2024-09-25 | N/A | 9.8 CRITICAL |
| libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file. | |||||
| CVE-2024-44623 | 1 Spx | 1 Spx Graphics Controller | 2024-09-25 | N/A | 9.8 CRITICAL |
| An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function. | |||||
| CVE-2024-33109 | 2 Ergophone, Yealink | 4 Tiptel Ip 286, Tiptel Ip 286 Firmware, Sip-t28p and 1 more | 2024-09-25 | N/A | 9.8 CRITICAL |
| Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function. | |||||
| CVE-2024-40125 | 1 Closed-loop | 1 Cless Server | 2024-09-25 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint. | |||||
| CVE-2024-45452 | 1 Cryoutcreations | 1 Septera | 2024-09-25 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Septera septera allows Stored XSS.This issue affects Septera: from n/a through 1.5.1. | |||||
| CVE-2024-43970 | 1 Surecart | 1 Surecart | 2024-09-25 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SureCart allows Reflected XSS.This issue affects SureCart: from n/a through 2.29.3. | |||||
| CVE-2024-43971 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2024-09-25 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Sunshine Sunshine Photo Cart allows Reflected XSS.This issue affects Sunshine Photo Cart: from n/a through 3.2.5. | |||||
| CVE-2024-43972 | 1 Pagelayer | 1 Pagelayer | 2024-09-25 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pagelayer Team PageLayer allows Stored XSS.This issue affects PageLayer: from n/a through 1.8.7. | |||||
| CVE-2024-43975 | 1 Superstorefinder | 1 Super Store Finder | 2024-09-25 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in highwarden Super Store Finder allows Cross-Site Scripting (XSS).This issue affects Super Store Finder: from n/a through 6.9.7. | |||||
| CVE-2024-43983 | 1 Podlove | 1 Podlove Podcast Publisher | 2024-09-25 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13. | |||||