CVE Notify
19.4K subscribers
4 photos
206K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
🚨 CVE-2024-0881
The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts

πŸŽ–@cveNotify
🚨 CVE-2024-30271
Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

πŸŽ–@cveNotify
🚨 CVE-2024-30272
Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

πŸŽ–@cveNotify
🚨 CVE-2024-30273
Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

πŸŽ–@cveNotify
🚨 CVE-2023-5392
C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.

πŸŽ–@cveNotify
🚨 CVE-2023-5393
Server receiving a malformed message that causes a disconnect to a hostname may causing a stack overflow resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.

πŸŽ–@cveNotify
🚨 CVE-2023-5394
Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.

πŸŽ–@cveNotify
🚨 CVE-2024-22717
Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the First Name field in the application.

πŸŽ–@cveNotify
🚨 CVE-2024-22718
Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the client_id parameter in the application URL.

πŸŽ–@cveNotify
🚨 CVE-2024-22719
SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary SQL commands via the 'keyword' when searching for a client.

πŸŽ–@cveNotify
🚨 CVE-2024-22721
Cross Site Request Forgery (CSRF) vulnerability in Form Tools 3.1.1 allows attackers to manipulate sensitive user data via crafted link.

πŸŽ–@cveNotify
🚨 CVE-2024-22722
Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application.

πŸŽ–@cveNotify
🚨 CVE-2023-47714
IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271531.

πŸŽ–@cveNotify
🚨 CVE-2024-25545
An issue in Weave Weave Desktop v.7.78.10 allows a local attacker to execute arbitrary code via a crafted script to the nwjs framework component.

πŸŽ–@cveNotify
🚨 CVE-2024-27261
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: 283986.

πŸŽ–@cveNotify