π¨ CVE-2024-37211
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali2Woo Team Ali2Woo Lite allows Reflected XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali2Woo Team Ali2Woo Lite allows Reflected XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress AliNext Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-37244
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ninja Team Ninja Beaver Add-ons for Beaver Builder allows Stored XSS.This issue affects Ninja Beaver Add-ons for Beaver Builder: from n/a through 2.4.5.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ninja Team Ninja Beaver Add-ons for Beaver Builder allows Stored XSS.This issue affects Ninja Beaver Add-ons for Beaver Builder: from n/a through 2.4.5.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Ninja Beaver Add-ons for Beaver Builder Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-1724
In snapd versions prior to 2.62, when using AppArmor for enforcement of
sandbox permissions, snapd failed to restrict writes to the $HOME/bin
path. In Ubuntu, when this path exists, it is automatically added to
the users PATH. An attacker who could convince a user to install a
malicious snap which used the 'home' plug could use this vulnerability
to install arbitrary scripts into the users PATH which may then be run
by the user outside of the expected snap sandbox and hence allow them
to escape confinement.
π@cveNotify
In snapd versions prior to 2.62, when using AppArmor for enforcement of
sandbox permissions, snapd failed to restrict writes to the $HOME/bin
path. In Ubuntu, when this path exists, it is automatically added to
the users PATH. An attacker who could convince a user to install a
malicious snap which used the 'home' plug could use this vulnerability
to install arbitrary scripts into the users PATH which may then be run
by the user outside of the expected snap sandbox and hence allow them
to escape confinement.
π@cveNotify
GitHub
interfaces/builtin/home: add apparmor rule Β· canonical/snapd@aa191f9
Signed-off-by: Zeyad Gouda <zeyad.gouda@canonical.com>
π¨ CVE-2024-40318
An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file.
π@cveNotify
An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file.
π@cveNotify
GitHub
RCE-QloApps-CVE-2024-40318/qloapps--RCE.pdf at main Β· 3v1lC0d3/RCE-QloApps-CVE-2024-40318
Remote code execution Vulnerability in QloApps (version 1.6.0.0) - 3v1lC0d3/RCE-QloApps-CVE-2024-40318
π¨ CVE-2024-5557
CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause
exposure of SNMP credentials when an attacker has access to the controller logs.
π@cveNotify
CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause
exposure of SNMP credentials when an attacker has access to the controller logs.
π@cveNotify
π¨ CVE-2024-5558
CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could
cause escalation of privileges when an attacker abuses a limited admin account.
π@cveNotify
CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could
cause escalation of privileges when an attacker abuses a limited admin account.
π@cveNotify
π¨ CVE-2024-5560
CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the
deviceβs web interface when an attacker sends a specially crafted HTTP request.
π@cveNotify
CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the
deviceβs web interface when an attacker sends a specially crafted HTTP request.
π@cveNotify
π¨ CVE-2024-37215
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in creativeinteractivemedia Transition Slider β Responsive Image Slider and Gallery allows Stored XSS.This issue affects Transition Slider β Responsive Image Slider and Gallery: from n/a through 2.20.3.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in creativeinteractivemedia Transition Slider β Responsive Image Slider and Gallery allows Stored XSS.This issue affects Transition Slider β Responsive Image Slider and Gallery: from n/a through 2.20.3.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Transition Slider β Responsive Image Slider and Gallery Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-37216
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rami Yushuvaev Sketchfab Embed allows Stored XSS.This issue affects Sketchfab Embed: from n/a through 1.5.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rami Yushuvaev Sketchfab Embed allows Stored XSS.This issue affects Sketchfab Embed: from n/a through 1.5.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Sketchfab Embed Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-37217
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ProWCPlugins Empty Cart Button for WooCommerce allows Stored XSS.This issue affects Empty Cart Button for WooCommerce: from n/a through 1.3.8.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ProWCPlugins Empty Cart Button for WooCommerce allows Stored XSS.This issue affects Empty Cart Button for WooCommerce: from n/a through 1.3.8.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Empty Cart Button for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-37219
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PBN Hosting SL Page Builder Sandwich β Front-End Page Builder allows Stored XSS.This issue affects Page Builder Sandwich β Front-End Page Builder: from n/a through 5.1.0.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PBN Hosting SL Page Builder Sandwich β Front-End Page Builder allows Stored XSS.This issue affects Page Builder Sandwich β Front-End Page Builder: from n/a through 5.1.0.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Page Builder Sandwich β Front-End Page Builder Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-37221
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Bester Kimili Flash Embed allows Stored XSS.This issue affects Kimili Flash Embed: from n/a through 2.5.3.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Bester Kimili Flash Embed allows Stored XSS.This issue affects Kimili Flash Embed: from n/a through 2.5.3.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Kimili Flash Embed Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-37223
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nicdark Restaurant Reservations allows Stored XSS.This issue affects Restaurant Reservations: from n/a through 2.0.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nicdark Restaurant Reservations allows Stored XSS.This issue affects Restaurant Reservations: from n/a through 2.0.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Restaurant Reservations Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-37229
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AuburnForest Blogmentor β Blog Layouts for Elementor allows Stored XSS.This issue affects Blogmentor β Blog Layouts for Elementor: from n/a through 1.5.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AuburnForest Blogmentor β Blog Layouts for Elementor allows Stored XSS.This issue affects Blogmentor β Blog Layouts for Elementor: from n/a through 1.5.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Blogmentor β Blog Layouts for Elementor Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-37239
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Branda allows Stored XSS.This issue affects Branda: from n/a through 3.4.17.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Branda allows Stored XSS.This issue affects Branda: from n/a through 3.4.17.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Branda Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-37037
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (βPath
Traversalβ) vulnerability exists that could allow an authenticated user with access to the deviceβs
web interface to corrupt files and impact device functionality when sending a crafted HTTP
request.
π@cveNotify
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (βPath
Traversalβ) vulnerability exists that could allow an authenticated user with access to the deviceβs
web interface to corrupt files and impact device functionality when sending a crafted HTTP
request.
π@cveNotify
π¨ CVE-2024-37038
CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated
user with access to the deviceβs web interface to perform unauthorized file and firmware
uploads when crafting custom web requests.
π@cveNotify
CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated
user with access to the deviceβs web interface to perform unauthorized file and firmware
uploads when crafting custom web requests.
π@cveNotify
π¨ CVE-2024-37039
CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the
device when an attacker sends a specially crafted HTTP request.
π@cveNotify
CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the
device when an attacker sends a specially crafted HTTP request.
π@cveNotify
π¨ CVE-2024-37040
CWE-120: Buffer Copy without Checking Size of Input (βClassic Buffer Overflowβ) vulnerability
exists that could allow a user with access to the deviceβs web interface to cause a fault on the
device when sending a malformed HTTP request.
π@cveNotify
CWE-120: Buffer Copy without Checking Size of Input (βClassic Buffer Overflowβ) vulnerability
exists that could allow a user with access to the deviceβs web interface to cause a fault on the
device when sending a malformed HTTP request.
π@cveNotify
π¨ CVE-2024-37878
Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a remote attacker to execute arbitrary code via the /TWCMS-gh-pages/twcms/runtime/twcms_view/default,index.htm.php" PHP directly echoes parameters input from external sources
π@cveNotify
Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a remote attacker to execute arbitrary code via the /TWCMS-gh-pages/twcms/runtime/twcms_view/default,index.htm.php" PHP directly echoes parameters input from external sources
π@cveNotify
Gist
CVE-2024-37878
CVE-2024-37878. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2024-1724
In snapd versions prior to 2.62, when using AppArmor for enforcement of
sandbox permissions, snapd failed to restrict writes to the $HOME/bin
path. In Ubuntu, when this path exists, it is automatically added to
the users PATH. An attacker who could convince a user to install a
malicious snap which used the 'home' plug could use this vulnerability
to install arbitrary scripts into the users PATH which may then be run
by the user outside of the expected snap sandbox and hence allow them
to escape confinement.
π@cveNotify
In snapd versions prior to 2.62, when using AppArmor for enforcement of
sandbox permissions, snapd failed to restrict writes to the $HOME/bin
path. In Ubuntu, when this path exists, it is automatically added to
the users PATH. An attacker who could convince a user to install a
malicious snap which used the 'home' plug could use this vulnerability
to install arbitrary scripts into the users PATH which may then be run
by the user outside of the expected snap sandbox and hence allow them
to escape confinement.
π@cveNotify
GitHub
interfaces/builtin/home: add apparmor rule Β· canonical/snapd@aa191f9
Signed-off-by: Zeyad Gouda <zeyad.gouda@canonical.com>
π1