IDCVSSSummaryLast (major) updatePublished
CVE-2023-52291 None
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user
17-07-2024 - 09:15 17-07-2024 - 09:15
CVE-2024-29737 None
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user
17-07-2024 - 09:15 17-07-2024 - 09:15
CVE-2024-30471 None
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is r
17-07-2024 - 09:15 17-07-2024 - 09:15
CVE-2024-31070 None
Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly.
17-07-2024 - 09:15 17-07-2024 - 09:15
CVE-2024-31979 None
Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. These en
17-07-2024 - 09:15 17-07-2024 - 09:15
CVE-2024-36475 None
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrar
17-07-2024 - 09:15 17-07-2024 - 09:15
CVE-2024-36491 None
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow a remote unauthenticated attacker to execute an arbitrary OS command, obtain and/or alter sensitive information, and be able to cause a denial of service (DoS
17-07-2024 - 09:15 17-07-2024 - 09:15
CVE-2024-40617 None
Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 (M2M-GW for FENICS). If a remote authenticated attacker with User Class privilege sends a specially crafted request to the affected product, access restricted files containing sensi
17-07-2024 - 09:15 17-07-2024 - 09:15
CVE-2024-39863 None
Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.
17-07-2024 - 08:15 17-07-2024 - 08:15
CVE-2024-39877 None
Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Air
17-07-2024 - 08:15 17-07-2024 - 08:15
CVE-2024-5582 None
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' attribute within the Q&A Block widget in all versions up to, and including, 1.33 due to insufficient input sanitization
17-07-2024 - 08:15 17-07-2024 - 08:15
CVE-2024-5703 None
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized API access due to a missing capability check in all versions up to, and including, 5.7.
17-07-2024 - 08:15 17-07-2024 - 08:15
CVE-2024-6220 None
The ????? (Keydatas) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatas_downloadImages function in all versions up to, and including, 2.5.2. This makes it possible for unauthenticated atta
17-07-2024 - 08:15 17-07-2024 - 08:15
CVE-2024-6047 None
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
17-07-2024 - 08:15 17-06-2024 - 06:15
CVE-2024-41009 None
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overrunning reservations in ringbuf The BPF ring buffer internally is implemented as a power-of-2 sized circular buffer, with two logical and ever-increasing counters: con
17-07-2024 - 07:15 17-07-2024 - 07:15
CVE-2024-41010 None
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix too early release of tcx_entry Pedro Pinto and later independently also Hyunwoo Kim and Wongi Lee reported an issue that the tcx_entry can be released too early leading to
17-07-2024 - 07:15 17-07-2024 - 07:15
CVE-2024-5251 None
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_pricing shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping o
17-07-2024 - 07:15 17-07-2024 - 07:15
CVE-2024-5254 None
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_info_banner shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escapin
17-07-2024 - 07:15 17-07-2024 - 07:15
CVE-2024-5255 None
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_dual_color shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping
17-07-2024 - 07:15 17-07-2024 - 07:15
CVE-2024-6033 None
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'import_file' function in all versions up to, and including, 4.0.4. This
17-07-2024 - 07:15 17-07-2024 - 07:15
CVE-2024-6467 None
The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpress_save_lite_wizar
17-07-2024 - 07:15 17-07-2024 - 07:15
CVE-2024-6660 None
The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpress_im
17-07-2024 - 07:15 17-07-2024 - 07:15
CVE-2024-6669 None
The AI ChatBot for WordPress – WPBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.7 due to insufficient input sanitization and output escaping. This makes it possible f
17-07-2024 - 07:15 17-07-2024 - 07:15
CVE-2024-5252 None
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_info_table shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping
17-07-2024 - 07:15 17-07-2024 - 07:15
CVE-2024-5253 None
The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ult_team shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user su
17-07-2024 - 07:15 17-07-2024 - 07:15
CVE-2024-6387 None
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to aut
17-07-2024 - 05:15 01-07-2024 - 13:15
CVE-2024-5154 None
A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.
17-07-2024 - 05:15 12-06-2024 - 09:15
CVE-2024-5037 None
A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication.
17-07-2024 - 05:15 05-06-2024 - 18:15
CVE-2024-6807 None
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/classes/Users.php?f=save of the component HTTP POST Re
17-07-2024 - 04:15 17-07-2024 - 04:15
CVE-2024-6808 None
A vulnerability was found in itsourcecode Simple Task List 1.0. It has been classified as critical. This affects the function insertUserRecord of the file signUp.php. The manipulation of the argument username leads to sql injection. It is possible to
17-07-2024 - 04:15 17-07-2024 - 04:15
CVE-2024-6535 None
A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to byp
17-07-2024 - 03:15 17-07-2024 - 03:15
CVE-2024-6803 None
A vulnerability has been found in itsourcecode Document Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file insert.php. The manipulation of the argument anothercont leads to sql inj
17-07-2024 - 03:15 17-07-2024 - 03:15
CVE-2024-5344 None
The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘forgoturl’ attribute within the plugin's WP Login & Register widget in all versions up to, and including, 5.5.6 due to insuff
17-07-2024 - 03:07 21-06-2024 - 02:15
CVE-2024-3610 None
The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possible for una
17-07-2024 - 03:06 21-06-2024 - 02:15
CVE-2024-1955 None
The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible fo
17-07-2024 - 03:05 21-06-2024 - 02:15
CVE-2024-4384 None
The CSSable Countdown WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disa
17-07-2024 - 03:01 21-06-2024 - 06:15
CVE-2024-4382 None
The CB (legacy) WordPress plugin through 0.9.4.18 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks
17-07-2024 - 02:56 21-06-2024 - 06:15
CVE-2024-4381 None
The CB (legacy) WordPress plugin through 0.9.4.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disal
17-07-2024 - 02:54 21-06-2024 - 06:15
CVE-2024-4377 None
The DOP Shortcodes WordPress plugin through 1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perf
17-07-2024 - 02:53 21-06-2024 - 06:15
CVE-2024-4474 None
The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
17-07-2024 - 02:48 21-06-2024 - 06:15
CVE-2024-4475 None
The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF attack
17-07-2024 - 02:47 21-06-2024 - 06:15
CVE-2024-6595 None
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package dat
17-07-2024 - 02:15 17-07-2024 - 02:15
CVE-2024-6801 None
A vulnerability, which was classified as critical, has been found in SourceCodester Online Student Management System 1.0. This issue affects some unknown processing of the file /add-students.php. The manipulation of the argument image leads to unrest
17-07-2024 - 02:15 17-07-2024 - 02:15
CVE-2024-6802 None
A vulnerability, which was classified as critical, was found in SourceCodester Computer Laboratory Management System 1.0. Affected is an unknown function of the file /lms/classes/Master.php?f=save_record. The manipulation of the argument id leads to
17-07-2024 - 02:15 17-07-2024 - 02:15
CVE-2023-40389 None
The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Ventura 13.6.5, macOS Monterey 12.7.4. An app may be able to access sensitive user data.
17-07-2024 - 02:15 10-06-2024 - 20:15
CVE-2023-41989 None
The issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1. An attacker may be able to execute arbitrary code as root from the Lock Screen.
17-07-2024 - 02:15 25-10-2023 - 19:15
CVE-2023-7010 None
Use after free in WebRTC in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
16-07-2024 - 23:15 16-07-2024 - 23:15
CVE-2024-21122 None
Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Text Catalog). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network acc
16-07-2024 - 23:15 16-07-2024 - 23:15
CVE-2024-21132 None
Vulnerability in the Oracle Purchasing product of Oracle E-Business Suite (component: Approvals). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP t
16-07-2024 - 23:15 16-07-2024 - 23:15
CVE-2024-21139 None
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Answers). Supported versions that are affected are 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allo
16-07-2024 - 23:15 16-07-2024 - 23:15
Back to Top Mark selected
Back to Top