π¨ CVE-2024-37455
Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.31.
π@cveNotify
Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.31.
π@cveNotify
Patchstack
WordPress Ultimate Addons for elementor plugin <= 1.36.31 - Privilege Escalation vulnerability - Patchstack
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
π¨ CVE-2024-37520
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RadiusTheme ShopBuilder β Elementor WooCommerce Builder Addons allows Path Traversal.This issue affects ShopBuilder β Elementor WooCommerce Builder Addons: from n/a through 2.1.12.
π@cveNotify
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RadiusTheme ShopBuilder β Elementor WooCommerce Builder Addons allows Path Traversal.This issue affects ShopBuilder β Elementor WooCommerce Builder Addons: from n/a through 2.1.12.
π@cveNotify
Patchstack
Local File Inclusion in WordPress ShopBuilder β Elementor WooCommerce Builder Addons Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-37934
Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4.
π@cveNotify
Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4.
π@cveNotify
Patchstack
Broken Access Control in WordPress Ninja Forms Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2023-6717
A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.
π@cveNotify
A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.
π@cveNotify
π¨ CVE-2024-3727
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
π@cveNotify
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
π@cveNotify
π¨ CVE-2024-4708
mySCADA myPRO
uses a hard-coded password which could allow an attacker to remotely execute code on the affected device.
π@cveNotify
mySCADA myPRO
uses a hard-coded password which could allow an attacker to remotely execute code on the affected device.
π@cveNotify
π¨ CVE-2024-34685
Due to weak encoding of user-controlled input in
SAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can
be executed in the application, potentially leading to a Cross-Site Scripting
(XSS) vulnerability. This has no impact on the availability of the application
but it has a low impact on its confidentiality and integrity.
π@cveNotify
Due to weak encoding of user-controlled input in
SAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can
be executed in the application, potentially leading to a Cross-Site Scripting
(XSS) vulnerability. This has no impact on the availability of the application
but it has a low impact on its confidentiality and integrity.
π@cveNotify
π¨ CVE-2024-37173
Due to insufficient input validation, SAP
CRM WebClient UI allows an unauthenticated attacker to craft a URL link which
embeds a malicious script. When a victim clicks on this link, the script will
be executed in the victim's browser giving the attacker the ability to access
and/or modify information with no effect on availability of the application.
π@cveNotify
Due to insufficient input validation, SAP
CRM WebClient UI allows an unauthenticated attacker to craft a URL link which
embeds a malicious script. When a victim clicks on this link, the script will
be executed in the victim's browser giving the attacker the ability to access
and/or modify information with no effect on availability of the application.
π@cveNotify
π¨ CVE-2024-37174
Custom CSS support option in SAP CRM WebClient
UI does not sufficiently encode user-controlled inputs resulting in Cross-Site
Scripting vulnerability. On successful exploitation an attacker can cause
limited impact on confidentiality and integrity of the application.
π@cveNotify
Custom CSS support option in SAP CRM WebClient
UI does not sufficiently encode user-controlled inputs resulting in Cross-Site
Scripting vulnerability. On successful exploitation an attacker can cause
limited impact on confidentiality and integrity of the application.
π@cveNotify
π¨ CVE-2024-39592
Elements of PDCE does not perform necessary
authorization checks for an authenticated user, resulting in escalation of
privileges.
This
allows an attacker to read sensitive information causing high impact on the
confidentiality of the application.
π@cveNotify
Elements of PDCE does not perform necessary
authorization checks for an authenticated user, resulting in escalation of
privileges.
This
allows an attacker to read sensitive information causing high impact on the
confidentiality of the application.
π@cveNotify
π¨ CVE-2024-39593
SAP Landscape Management allows an authenticated
user to read confidential data disclosed by the REST Provider Definition
response. Successful exploitation can cause high impact on confidentiality of
the managed entities.
π@cveNotify
SAP Landscape Management allows an authenticated
user to read confidential data disclosed by the REST Provider Definition
response. Successful exploitation can cause high impact on confidentiality of
the managed entities.
π@cveNotify
π¨ CVE-2024-43920
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.4.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jegstudio Gutenverse allows Stored XSS.This issue affects Gutenverse: from n/a through 1.9.4.
π@cveNotify
Patchstack
WordPress Gutenverse β Gutenberg Blocks β Page Builder for Site Editor plugin <= 1.9.4 - Cross Site Scripting (XSS) vulnerabilityβ¦
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
π¨ CVE-2024-43921
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Magic Post Thumbnail allows Reflected XSS.This issue affects Magic Post Thumbnail: from n/a through 5.2.9.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Magic Post Thumbnail allows Reflected XSS.This issue affects Magic Post Thumbnail: from n/a through 5.2.9.
π@cveNotify
Patchstack
WordPress Generate Images β Magic Post Thumbnail plugin <= 5.2.9 - Cross Site Scripting (XSS) vulnerability - Patchstack
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
π1
π¨ CVE-2024-43947
Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26.
π@cveNotify
Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26.
π@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress WP Armour Extended Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-5866
Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing listing of arbitrary directory outside the root directory of the web application. Versions 23.1-HF7 and on have the patch.
π@cveNotify
Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing listing of arbitrary directory outside the root directory of the web application. Versions 23.1-HF7 and on have the patch.
π@cveNotify
GitHub
Advisories/K-Delinea-2023-002.md at master Β· klsecservices/Advisories
Contribute to klsecservices/Advisories development by creating an account on GitHub.
π1
π¨ CVE-2023-41993
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
π@cveNotify
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
π@cveNotify
security.gentoo.org
WebKitGTK+: Multiple Vulnerabilities (GLSA 202401-33) β Gentoo security
Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to remote code execution.
π¨ CVE-2023-39335
A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potential misuse of user accounts and resources.
π@cveNotify
A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potential misuse of user accounts and resources.
π@cveNotify
Ivanti
CVE-2023-39335 - Certificate creation authentication bypass in UPDATEPROFILE handler
A vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM) β formerly MobileIron Core. We are reporting this vulnerability as CVE-2023-39335.
This vulnerability impacts all supported versions of the products β EPMM Versions 11.11, 11.10β¦
This vulnerability impacts all supported versions of the products β EPMM Versions 11.11, 11.10β¦
π¨ CVE-2023-39337
A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device and environment configuration details, as well as secrets. This vulnerability poses a serious security risk, potentially exposing confidential data and system integrity.
π@cveNotify
A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device and environment configuration details, as well as secrets. This vulnerability poses a serious security risk, potentially exposing confidential data and system integrity.
π@cveNotify
Ivanti
CVE-2023-39337 - MobileConfig profile download authentication bypass
<p>A vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM) β formerly MobileIron Core. We are reporting this vulnerability as CVE-2023-39337.
This vulnerability impacts all supported versions of the products β EPMM Versions 11.11, 11.10β¦
This vulnerability impacts all supported versions of the products β EPMM Versions 11.11, 11.10β¦
π₯1
π¨ CVE-2023-43591
Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
π@cveNotify
Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
π@cveNotify
Zoom
Zoom Security Bulletins
View the latest Zoom Security Bulletins and make sure to update your Zoom app to the latest version in order to get the latest fixes and security improvements.
π¨ CVE-2023-48089
xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save.
π@cveNotify
xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save.
π@cveNotify
GitHub
Remote Code Execution in /xxl-job-admin/jobcode/save Β· Issue #3333 Β· xuxueli/xxl-job
Environment MySQL 5.7.44, XXL-Job-Admin 2.4.0 Virtual Machine 1: Ubuntu 22.04.3 (as XXL-Job-Admin) Virtual Machine 2: Ubuntu 22.04.3 (as XXL-Job-Executor) Vulnerability Information It was found tha...