The NVD has a new announcement page with status updates, news, and how to stay connected!
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2024-6340 - The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 4.10.35 due to insufficient input sanitization and output escaping on user s... read CVE-2024-6340
Published: July 03, 2024; 4:15:10 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2024-2235 - The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack
Published: July 03, 2024; 2:15:03 AM -0400V3.1: 4.3 MEDIUM
-
CVE-2024-2375 - The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
Published: July 03, 2024; 2:15:03 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2024-2376 - The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
Published: July 03, 2024; 2:15:03 AM -0400V3.1: 8.8 HIGH
-
CVE-2024-4482 - The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Countdown' widget in all versions up to, and including, 5.6.1 due to i... read CVE-2024-4482
Published: July 03, 2024; 4:15:09 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2024-6263 - The WP Lightbox 2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 3.0.6.6 due to insufficient input sanitization and output escaping. This makes it possible for auth... read CVE-2024-6263
Published: July 03, 2024; 4:15:10 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2024-4543 - The Snippet Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.4. This is due to missing or incorrect nonce validation when adding or editing shortcodes. This makes it possible for... read CVE-2024-4543
Published: July 03, 2024; 1:15:10 AM -0400V3.1: 4.3 MEDIUM
-
CVE-2024-2040 - The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack
Published: July 03, 2024; 2:15:02 AM -0400V3.1: 4.3 MEDIUM
-
CVE-2024-2233 - The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group
Published: July 03, 2024; 2:15:03 AM -0400V3.1: 4.3 MEDIUM
-
CVE-2024-2234 - The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks
Published: July 03, 2024; 2:15:03 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2024-39143 - A stored cross-site scripting (XSS) vulnerability exists in ResidenceCMS 2.10.1 that allows a low-privilege user to create malicious property content with HTML inside which acts as a stored XSS payload.
Published: July 02, 2024; 10:15:13 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2024-37185 - in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.
Published: July 02, 2024; 5:15:19 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-37077 - in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.
Published: July 02, 2024; 5:15:19 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-37030 - in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through use after free.
Published: July 02, 2024; 5:15:18 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-36278 - in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion.
Published: July 02, 2024; 5:15:18 AM -0400V3.1: 3.3 LOW
-
CVE-2024-36260 - in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.
Published: July 02, 2024; 5:15:18 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-36243 - in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds read and write.
Published: July 02, 2024; 5:15:18 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-31071 - in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion.
Published: July 02, 2024; 5:15:18 AM -0400V3.1: 3.3 LOW
-
CVE-2024-37134 - Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access.
Published: July 02, 2024; 4:15:05 AM -0400V3.1: 6.7 MEDIUM
-
CVE-2024-37133 - Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access.
Published: July 02, 2024; 4:15:05 AM -0400V3.1: 6.7 MEDIUM