IDCVSSSummaryLast (major) updatePublished
CVE-2024-34128 None
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may
23-07-2024 - 12:15 23-07-2024 - 12:15
CVE-2024-41836 None
InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resultin
23-07-2024 - 12:15 23-07-2024 - 12:15
CVE-2024-41839 None
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and
23-07-2024 - 12:15 23-07-2024 - 12:15
CVE-2024-7014 None
EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older.
23-07-2024 - 10:15 23-07-2024 - 10:15
CVE-2024-29070 None
On versions before 2.1.4, session is not invalidated after logout. When the user logged in successfully, the Backend service returns "Authorization" as the front-end authentication credential. "Authorization" can still initiate requests and access da
23-07-2024 - 09:15 23-07-2024 - 09:15
CVE-2024-3596 None
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Respon
23-07-2024 - 09:15 09-07-2024 - 12:15
CVE-2024-41012 None
In the Linux kernel, the following vulnerability has been resolved: filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created lock with do_lock_file_wait(). However, LSMs can all
23-07-2024 - 08:15 23-07-2024 - 08:15
CVE-2024-4260 None
The Page Builder Gutenberg Blocks WordPress plugin before 3.1.12 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.
23-07-2024 - 06:15 23-07-2024 - 06:15
CVE-2024-6231 None
The Request a Quote WordPress plugin before 2.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disal
23-07-2024 - 06:15 23-07-2024 - 06:15
CVE-2024-6420 None
The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.
23-07-2024 - 06:15 23-07-2024 - 06:15
CVE-2024-6911 None
Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus: through 1.11.6507.0.
23-07-2024 - 03:15 22-07-2024 - 21:15
CVE-2024-6912 None
Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to login remove on all prone installations.This issue affects ProcessPlus: through 1.11.6507.0.
23-07-2024 - 03:15 22-07-2024 - 21:15
CVE-2024-6913 None
Execution with unnecessary privileges in PerkinElmer ProcessPlus allows an attacker to spawn a remote shell on the windows system.This issue affects ProcessPlus: through 1.11.6507.0.
23-07-2024 - 03:15 22-07-2024 - 21:15
CVE-2024-1575 None
The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device.
23-07-2024 - 02:15 23-07-2024 - 02:15
CVE-2024-6828 None
The Redux Framework plugin for WordPress is vulnerable to unauthenticated JSON file uploads due to missing authorization and capability checks on the Redux_Color_Scheme_Import function in versions 4.4.12 to 4.4.17. This makes it possible for unauthen
23-07-2024 - 02:15 23-07-2024 - 02:15
CVE-2024-6885 None
The MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the maxi_remove_custom_image_size and maxi_add_custom_image_size functions i
23-07-2024 - 02:15 23-07-2024 - 02:15
CVE-2024-6717 None
HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.
23-07-2024 - 01:15 23-07-2024 - 01:15
CVE-2024-3904 None
Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on MELIPC Series MI5122-VW firmware versions "05" to "07" allows a local attacker to execute arbitrary code by saving a malicious file to a specific folder
23-07-2024 - 01:15 04-07-2024 - 09:15
CVE-2024-24507 None
Cross Site Scripting vulnerability in Act-On 2023 allows a remote attacker to execute arbitrary code via the newUser parameter in the login.jsp component.
22-07-2024 - 22:15 22-07-2024 - 22:15
CVE-2024-40502 None
SQL injection vulnerability in Hospital Management System Project in ASP.Net MVC 1 allows aremote attacker to execute arbitrary code via the btn_login_b_Click function of the Loginpage.aspx
22-07-2024 - 21:15 22-07-2024 - 21:15
CVE-2024-6791 None
A directory path traversal vulnerability exists when loading a vsmodel file in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .vsmodel file. This vulnera
22-07-2024 - 21:15 22-07-2024 - 21:15
CVE-2024-6793 None
A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message. These vulnerabilities affect NI
22-07-2024 - 21:15 22-07-2024 - 21:15
CVE-2024-6794 None
A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message. These vulnerabilities affe
22-07-2024 - 21:15 22-07-2024 - 21:15
CVE-2024-6805 None
The NI VeriStand Gateway is missing authorization checks when an actor attempts to access File Transfer resources. These missing checks may result in information disclosure or remote code execution. This affects NI VeriStand 2024 Q2 and prior versi
22-07-2024 - 21:15 22-07-2024 - 21:15
CVE-2024-6806 None
The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project resources. These missing checks may result in remote code execution. This affects NI VeriStand 2024 Q2 and prior versions.
22-07-2024 - 21:15 22-07-2024 - 21:15
CVE-2024-5674 None
The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the check_api_key function in all versions up to, and including, 2.4.5. This makes it possible for unauth
22-07-2024 - 20:44 12-06-2024 - 11:15
CVE-2024-34329 None
Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.4 and earlier allows unauthenticated attackers to execute arbitrary code as SYSTEM via a crafted DLL payload.
22-07-2024 - 20:15 22-07-2024 - 20:15
CVE-2024-39250 None
EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via the q parameter in the search web interface.
22-07-2024 - 20:15 22-07-2024 - 20:15
CVE-2024-6121 None
An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior ve
22-07-2024 - 20:15 22-07-2024 - 20:15
CVE-2024-6122 None
An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects
22-07-2024 - 20:15 22-07-2024 - 20:15
CVE-2024-6638 None
An integer overflow vulnerability due to improper input validation when reading TDMS files in LabVIEW may result in an infinite loop. Successful exploitation requires an attacker to provide a user with a specially crafted TDMS file. This vulnerabil
22-07-2024 - 20:15 22-07-2024 - 20:15
CVE-2024-6675 None
A deserialization of untrusted data vulnerability exists in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects VeriS
22-07-2024 - 20:15 22-07-2024 - 20:15
CVE-2023-29824 None
A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue.
22-07-2024 - 20:15 06-07-2023 - 21:15
CVE-2022-47578 None
An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is
22-07-2024 - 20:15 20-12-2022 - 04:15
CVE-2024-22855 None
A cross-site scripting (XSS) vulnerability in the User Maintenance section of ITSS iMLog v1.307 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter.
22-07-2024 - 20:12 12-06-2024 - 17:15
CVE-2024-40034 None
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=del
22-07-2024 - 20:10 09-07-2024 - 19:15
CVE-2024-40039 None
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=del
22-07-2024 - 20:03 09-07-2024 - 19:15
CVE-2024-40037 None
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=del
22-07-2024 - 20:02 09-07-2024 - 19:15
CVE-2024-30534 None
Missing Authorization vulnerability in typps Calendarista Basic Edition.This issue affects Calendarista Basic Edition: from n/a through 3.0.5.
22-07-2024 - 19:23 09-06-2024 - 09:15
CVE-2023-52232 None
Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2.
22-07-2024 - 19:22 09-06-2024 - 09:15
CVE-2024-37380 None
A misconfiguration on UniFi U6+ Access Point could cause an incorrect VLAN traffic forwarding to APs meshed to UniFi U6+ Access Point. Affected Products: UniFi U6+ Access Point (Version 6.6.65 and earlier) Mitigation: Update your UniFi U6+ Acce
22-07-2024 - 19:15 22-07-2024 - 19:15
CVE-2024-38944 None
An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generateForm.cgi?formID=142 component.
22-07-2024 - 19:15 22-07-2024 - 19:15
CVE-2024-40075 None
Laravel v11.x was discovered to contain an XML External Entity (XXE) vulnerability.
22-07-2024 - 19:15 22-07-2024 - 19:15
CVE-2024-41880 None
In veilid-core in Veilid before 0.3.4, the protocol's ping function can be misused in a way that decreases the effectiveness of safety and private routes.
22-07-2024 - 19:15 22-07-2024 - 19:15
CVE-2023-52230 None
Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.3.
22-07-2024 - 19:02 09-06-2024 - 09:15
CVE-2024-30537 None
Missing Authorization vulnerability in WPClever WPC Badge Management for WooCommerce.This issue affects WPC Badge Management for WooCommerce: from n/a through 2.4.0.
22-07-2024 - 18:58 09-06-2024 - 09:15
CVE-2024-30538 None
Missing Authorization vulnerability in DELUCKS GmbH DELUCKS SEO.This issue affects DELUCKS SEO: from n/a through 2.5.4.
22-07-2024 - 18:55 09-06-2024 - 09:15
CVE-2024-30539 None
Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7.
22-07-2024 - 18:43 09-06-2024 - 09:15
CVE-2024-2762 None
The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, which could allow users with a role as low as Author
22-07-2024 - 18:31 13-06-2024 - 06:15
CVE-2024-20753 None
Photoshop Desktop versions 24.7.3, 25.7 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerabi
22-07-2024 - 18:20 13-06-2024 - 12:15
Back to Top Mark selected
Back to Top