๐จ CVE-2024-0420
The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks
๐@cveNotify
The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks
๐@cveNotify
WPScan
MapPress Maps for WordPress < 2.88.15 - Contributor+ Stored XSS
See details on MapPress Maps for WordPress < 2.88.15 - Contributor+ Stored XSS CVE 2024-0420. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2024-0421
The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts.
๐@cveNotify
The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts.
๐@cveNotify
WPScan
MapPress Maps for WordPress < 2.88.16 - Unauthenticated Arbitrary Private/Draft Post Disclosure
See details on MapPress Maps for WordPress < 2.88.16 - Unauthenticated Arbitrary Private/Draft Post Disclosure CVE 2024-0421. View the latest Plugin Vulnerabilities on WPScan.
๐2
๐จ CVE-2023-52059
A cross-site scripting (XSS) vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field.
๐@cveNotify
A cross-site scripting (XSS) vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field.
๐@cveNotify
๐จ CVE-2024-36303
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability is similar to, but not identical to, CVE-2024-36302.
๐@cveNotify
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability is similar to, but not identical to, CVE-2024-36302.
๐@cveNotify
๐จ CVE-2024-36305
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
๐@cveNotify
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
๐@cveNotify
๐จ CVE-2024-36306
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
๐@cveNotify
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
๐@cveNotify
๐จ CVE-2024-7354
The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
๐@cveNotify
The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
๐@cveNotify
WPScan
Ninja Forms 3.8.6-3.8.10 - Reflected XSS
See details on Ninja Forms 3.8.6-3.8.10 - Reflected XSS CVE 2024-7354. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2024-7691
The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators.
๐@cveNotify
The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators.
๐@cveNotify
WPScan
Flaming Forms <= 1.0.1 - Unauthenticated Stored XSS
See details on Flaming Forms <= 1.0.1 - Unauthenticated Stored XSS CVE 2024-7691. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2024-7692
The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
๐@cveNotify
The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
๐@cveNotify
WPScan
Flaming Forms <= 1.0.1 - Reflected XSS
See details on Flaming Forms <= 1.0.1 - Reflected XSS CVE 2024-7692. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2024-47129
The goTenna Pro has a payload length vulnerability that makes it possible to tell the length of the payload regardless of the encryption used.
๐@cveNotify
The goTenna Pro has a payload length vulnerability that makes it possible to tell the length of the payload regardless of the encryption used.
๐@cveNotify
๐จ CVE-2024-47130
The goTenna Pro series allows unauthenticated attackers to remotely update the local public keys used for P2P and Group messages.
๐@cveNotify
The goTenna Pro series allows unauthenticated attackers to remotely update the local public keys used for P2P and Group messages.
๐@cveNotify
๐จ CVE-2024-9280
A vulnerability has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff and classified as critical. This vulnerability affects the function fileUpload of the file FileUploadKit.java. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
๐@cveNotify
A vulnerability has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff and classified as critical. This vulnerability affects the function fileUpload of the file FileUploadKit.java. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
๐@cveNotify
GitHub
111 ยท Issue #1 ยท Arvin-Shi/111
A serious vulnerability has been discovered in kvf-admin, which affects file uploads. Failure to filter file extensions and content can result in uploading malicious files and gaining server privil...
๐จ CVE-2024-46803
In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: Check debug trap enable before write dbg_ev_file
In interrupt context, write dbg_ev_file will be run by work queue. It
will cause write dbg_ev_file execution after debug_trap_disable, which
will cause NULL pointer access.
v2: cancel work "debug_event_workarea" before set dbg_ev_file as NULL.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: Check debug trap enable before write dbg_ev_file
In interrupt context, write dbg_ev_file will be run by work queue. It
will cause write dbg_ev_file execution after debug_trap_disable, which
will cause NULL pointer access.
v2: cancel work "debug_event_workarea" before set dbg_ev_file as NULL.
๐@cveNotify
๐จ CVE-2024-46804
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add array index check for hdcp ddc access
[Why]
Coverity reports OVERRUN warning. Do not check if array
index valid.
[How]
Check msg_id valid and valid array index.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add array index check for hdcp ddc access
[Why]
Coverity reports OVERRUN warning. Do not check if array
index valid.
[How]
Check msg_id valid and valid array index.
๐@cveNotify
๐จ CVE-2024-46807
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/amdgpu: Check tbo resource pointer
Validate tbo resource pointer, skip if NULL
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/amdgpu: Check tbo resource pointer
Validate tbo resource pointer, skip if NULL
๐@cveNotify
๐จ CVE-2024-46810
In the Linux kernel, the following vulnerability has been resolved:
drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ
Make sure the connector is fully initialized before signalling any
HPD events via drm_kms_helper_hotplug_event(), otherwise this may
lead to NULL pointer dereference.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ
Make sure the connector is fully initialized before signalling any
HPD events via drm_kms_helper_hotplug_event(), otherwise this may
lead to NULL pointer dereference.
๐@cveNotify
๐จ CVE-2024-46813
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check link_index before accessing dc->links[]
[WHY & HOW]
dc->links[] has max size of MAX_LINKS and NULL is return when trying to
access with out-of-bound index.
This fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check link_index before accessing dc->links[]
[WHY & HOW]
dc->links[] has max size of MAX_LINKS and NULL is return when trying to
access with out-of-bound index.
This fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity.
๐@cveNotify
๐จ CVE-2024-9281
A vulnerability was found in bg5sbk MiniCMS up to 1.11 and classified as problematic. This issue affects some unknown processing of the file post-edit.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions confusing version and file name information. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A vulnerability was found in bg5sbk MiniCMS up to 1.11 and classified as problematic. This issue affects some unknown processing of the file post-edit.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions confusing version and file name information. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
GitHub
There is another CSRF vulnerabilities in post-edit.php that can lead to add article ยท Issue #51 ยท bg5sbk/MiniCMS
Vendor of Product https://github.com/bg5sbk/MiniCMS Vulnerability Type CSRF Vulnerable File post-edit.php Affected Product Code Base <v1.11 POC <!-- CSRF PoC - generated by Burp Suite Profess...
๐จ CVE-2024-9282
A vulnerability was found in bg5sbk MiniCMS 1.11. It has been classified as problematic. Affected is an unknown function of the file page-edit.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions confusing version and file name information. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A vulnerability was found in bg5sbk MiniCMS 1.11. It has been classified as problematic. Affected is an unknown function of the file page-edit.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions confusing version and file name information. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
GitHub
There is another CSRF vulnerabilities in page-edit.php that can lead to add page ยท Issue #52 ยท bg5sbk/MiniCMS
Vendor of Product https://github.com/bg5sbk/MiniCMS Vulnerability Type CSRF Vulnerable File page-edit.php Affected Product Code Base <v1.11 POC <html> <!-- CSRF PoC - generated by Burp ...
๐จ CVE-2024-47182
Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3.
๐@cveNotify
Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3.
๐@cveNotify
GitHub
feat: uses bcrypt hash instead (#3293) ยท amir20/dozzle@de79f03
Realtime log viewer for docker containers. . Contribute to amir20/dozzle development by creating an account on GitHub.
๐จ CVE-2024-47184
Ampache is a web based audio/video streaming application and file manager. Prior to version 6.6.0, the Democratic Playlist Name is vulnerable to a stored cross-site scripting. Version 6.6.0 fixes this issue.
๐@cveNotify
Ampache is a web based audio/video streaming application and file manager. Prior to version 6.6.0, the Democratic Playlist Name is vulnerable to a stored cross-site scripting. Version 6.6.0 fixes this issue.
๐@cveNotify
GitHub
ampache/public/templates/show_democratic.inc.php at ff332c9810e493fd51b258f5e53119fad86c23bf ยท ampache/ampache
A web based audio/video streaming application and file manager allowing you to access your music & videos from anywhere, using almost any internet enabled device. - ampache/ampache