๐จ CVE-2024-43687
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
๐@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
๐@cveNotify
www.gruppotim.it
Vulnerability Research & Advisor
๐จ CVE-2024-41512
A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter.
๐@cveNotify
A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter.
๐@cveNotify
4PACE
CADClickยฎ: 2D- & 3D-Konfiguration basierend auf CAD- & BIM-Modellen | 4PACE
Erwecken Sie Ihr komplexes Produktportfolio mit 2D- & 3D-Visualisierung zum Leben und leiten Sie in Echtzeit erzeugte Modelle aus. โฅ Mehr erfahren
๐จ CVE-2024-41513
A reflected cross-site scripting (XSS) vulnerability in "Artikel.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "searchindex" parameter.
๐@cveNotify
A reflected cross-site scripting (XSS) vulnerability in "Artikel.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "searchindex" parameter.
๐@cveNotify
4PACE
CADClickยฎ: 2D- & 3D-Konfiguration basierend auf CAD- & BIM-Modellen | 4PACE
Erwecken Sie Ihr komplexes Produktportfolio mit 2D- & 3D-Visualisierung zum Leben und leiten Sie in Echtzeit erzeugte Modelle aus. โฅ Mehr erfahren
๐จ CVE-2024-41514
A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter.
๐@cveNotify
A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter.
๐@cveNotify
4PACE
CADClickยฎ: 2D- & 3D-Konfiguration basierend auf CAD- & BIM-Modellen | 4PACE
Erwecken Sie Ihr komplexes Produktportfolio mit 2D- & 3D-Visualisierung zum Leben und leiten Sie in Echtzeit erzeugte Modelle aus. โฅ Mehr erfahren
๐จ CVE-2024-37868
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received using the "$- FILES" variable.
๐@cveNotify
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received using the "$- FILES" variable.
๐@cveNotify
Gist
gist:bfca92171143e28899bb8511f311f9ed
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-37869
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using the "$- FILES" variable
๐@cveNotify
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using the "$- FILES" variable
๐@cveNotify
Gist
gist:7e5dfdd3583bf9fd81196f557a8b8879
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-47910
An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT.
๐@cveNotify
An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT.
๐@cveNotify
Sonar Community
SonarQube / GitHub integration information leakage
Sonar will submit a new CVE for a SonarQube vulnerability this week. We want to ensure that the Sonar community and our customers are aware before the CVE is made public. The fix was released in versions 9.9.5 LTA and 10.5 on 25 June; there is no known exploitation.โฆ
๐จ CVE-2024-47913
An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter.
๐@cveNotify
An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter.
๐@cveNotify
๐จ CVE-2024-47848
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - PageTriage allows Authentication Bypass.This issue affects Mediawiki - PageTriage: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.
๐@cveNotify
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - PageTriage allows Authentication Bypass.This issue affects Mediawiki - PageTriage: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.
๐@cveNotify
๐จ CVE-2024-47840
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Apex skin allows Stored XSS.This issue affects Mediawiki - Apex skin: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.
๐@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Apex skin allows Stored XSS.This issue affects Mediawiki - Apex skin: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.
๐@cveNotify
๐จ CVE-2024-47845
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.
๐@cveNotify
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.
๐@cveNotify
๐จ CVE-2024-47846
Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.
๐@cveNotify
Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.
๐@cveNotify
๐จ CVE-2024-47847
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.
๐@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.
๐@cveNotify
๐จ CVE-2024-47849
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.
๐@cveNotify
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.
๐@cveNotify
๐จ CVE-2024-24142
Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter.
๐@cveNotify
Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter.
๐@cveNotify
GitHub
GitHub - BurakSevben/CVE-2024-24142
Contribute to BurakSevben/CVE-2024-24142 development by creating an account on GitHub.
๐จ CVE-2024-31098
Missing Authorization vulnerability in Mr.Ebabi New Order Notification for Woocommerce.This issue affects New Order Notification for Woocommerce: from n/a through 2.0.2.
๐@cveNotify
Missing Authorization vulnerability in Mr.Ebabi New Order Notification for Woocommerce.This issue affects New Order Notification for Woocommerce: from n/a through 2.0.2.
๐@cveNotify
๐จ CVE-2024-31246
Missing Authorization vulnerability in Post Grid Team by WPXPO PostX โ Gutenberg Blocks for Post Grid.This issue affects PostX โ Gutenberg Blocks for Post Grid: from n/a through 3.2.3.
๐@cveNotify
Missing Authorization vulnerability in Post Grid Team by WPXPO PostX โ Gutenberg Blocks for Post Grid.This issue affects PostX โ Gutenberg Blocks for Post Grid: from n/a through 3.2.3.
๐@cveNotify
Patchstack
WordPress Post Grid Gutenberg Blocks and WordPress Blog Plugin โ PostX plugin <= 3.2.3 - Author+ Post/Page Duplication vulnerabilityโฆ
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
๐จ CVE-2024-31294
Missing Authorization vulnerability in Fahad Mahmood WP Sort Order.This issue affects WP Sort Order: from n/a through 1.3.1.
๐@cveNotify
Missing Authorization vulnerability in Fahad Mahmood WP Sort Order.This issue affects WP Sort Order: from n/a through 1.3.1.
๐@cveNotify
Patchstack
WordPress WP Sort Order plugin <= 1.3.1 - Broken Access Control vulnerability - Patchstack
Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
๐จ CVE-2023-23639
Missing Authorization vulnerability in MainWP MainWP Staging Extension.This issue affects MainWP Staging Extension: from n/a through 4.0.3.
๐@cveNotify
Missing Authorization vulnerability in MainWP MainWP Staging Extension.This issue affects MainWP Staging Extension: from n/a through 4.0.3.
๐@cveNotify
Patchstack
Broken Access Control in WordPress MainWP Staging Extension Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2023-23640
Missing Authorization vulnerability in MainWP MainWP UpdraftPlus Extension.This issue affects MainWP UpdraftPlus Extension: from n/a through 4.0.6.
๐@cveNotify
Missing Authorization vulnerability in MainWP MainWP UpdraftPlus Extension.This issue affects MainWP UpdraftPlus Extension: from n/a through 4.0.6.
๐@cveNotify
Patchstack
Broken Access Control in WordPress MainWP UpdraftPlus Extension Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2024-8318
The Attributes for Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โattributesForBlocksโ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
๐@cveNotify
The Attributes for Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โattributesForBlocksโ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
๐@cveNotify