Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-29001 |
A SolarWinds Platform SWQL Injection Vulnerability was identified in the user interface. This vulnerability requires authentication and user interaction to be exploited. Published: April 18, 2024; 5:15:11 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28076 |
The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format Published: April 18, 2024; 5:15:11 AM -0400 |
V3.1: 7.0 HIGH V2.0:(not available) |
CVE-2023-41864 |
Cross-Site Request Forgery (CSRF) vulnerability in Pepro Dev. Group PeproDev CF7 Database.This issue affects PeproDev CF7 Database: from n/a through 1.8.0. Published: April 18, 2024; 5:15:11 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32142 |
Missing Authorization vulnerability in Ovic Team Ovic Responsive WPBakery.This issue affects Ovic Responsive WPBakery: from n/a through 1.3.0. Published: April 18, 2024; 4:15:38 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31869 |
Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.expose_config" configuration (The celery provider is the only community provider currently that has sensitive configurations). You should migrate to Airflow 2.9 or change your "expose_config" configuration to False as a workaround. This is similar, but different to CVE-2023-46288 https://github.com/advisories/GHSA-9qqg-mh7c-chfq which concerned API, not UI configuration page. Published: April 18, 2024; 4:15:38 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-49742 |
Missing Authorization vulnerability in Support Genix.This issue affects Support Genix: from n/a through 1.2.3. Published: April 18, 2024; 4:15:37 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2729 |
The Otter Blocks WordPress plugin before 2.6.6 does not properly escape its mainHeadings blocks' attribute before appending it to the final rendered block, allowing contributors to conduct Stored XSS attacks. Published: April 18, 2024; 1:15:48 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1429 |
The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tab_link’ attribute of the Panel Slider widget in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: April 18, 2024; 1:15:48 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1426 |
The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute of the Price List widget in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: April 18, 2024; 1:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29956 |
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the Brocade SANnav password in clear text in supportsave logs when a user schedules a switch Supportsave from Brocade SANnav. Published: April 17, 2024; 10:15:06 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3932 |
A vulnerability classified as problematic has been found in Totara LMS 18.0.1 Build 20231128.01. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261369 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: April 17, 2024; 8:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3931 |
A vulnerability was found in Totara LMS 18.0.1 Build 20231128.01. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin/roles/check.php of the component Profile Handler. The manipulation of the argument ID Number leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261368. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: April 17, 2024; 8:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3928 |
A vulnerability was found in Dromara open-capacity-platform 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /actuator/heapdump of the component auth-server. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261367. Published: April 17, 2024; 8:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-4509 |
It is possible for an API key to be logged in clear text in the audit log file after an invalid login attempt. Published: April 17, 2024; 8:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-4235 |
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver_report(). Published: April 17, 2024; 7:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-4234 |
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_submit_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_submit_report(). Published: April 17, 2024; 7:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-4233 |
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the sms_decode_address_field() function during the SMS PDU decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. Published: April 17, 2024; 7:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-4232 |
A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_status_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_status_report(). Published: April 17, 2024; 7:15:06 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32472 |
excalidraw is an open source virtual hand-drawn style whiteboard. A stored XSS vulnerability in Excalidraw's web embeddable component. This allows arbitrary JavaScript to be run in the context of the domain where the editor is hosted. There were two vectors. One rendering untrusted string as iframe's `srcdoc` without properly sanitizing against HTML injection. Second by improperly sanitizing against attribute HTML injection. This in conjunction with allowing `allow-same-origin` sandbox flag (necessary for several embeds) resulted in the XSS. This vulnerability is fixed in 0.17.6 and 0.16.4. Published: April 17, 2024; 6:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29955 |
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key. Published: April 17, 2024; 6:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |