U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • CPE Name Search: false
There are 239,947 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2024-2024

The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Published: June 14, 2024; 9:15:51 AM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2024-2023

The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. This makes it possible for authenticated attackers, with author access and above, to upload files to arbitrary locations on the server.

Published: June 14, 2024; 9:15:50 AM -0400
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2024-36459

A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser.

Published: June 14, 2024; 8:15:09 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2023-51376

Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through 1.0.34.

Published: June 14, 2024; 7:15:50 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-5685

Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.

Published: June 14, 2024; 6:15:10 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-3912

Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device.

Published: June 14, 2024; 6:15:10 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2024-34012

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.24135.272.

Published: June 14, 2024; 6:15:10 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-2472

The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to view other customer's cabinets, including the ability to view PII such as email addresses and to change their LatePoint user password, which may or may not be associated with a WordPress account.

Published: June 14, 2024; 6:15:09 AM -0400
V4.0:(not available)
V3.1: 9.1 CRITICAL
V2.0:(not available)
CVE-2024-5996

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the system.

Published: June 14, 2024; 5:15:11 AM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2024-4863

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Published: June 14, 2024; 5:15:10 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-37182

Mattermost Desktop App versions <=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes.

Published: June 14, 2024; 5:15:10 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-36287

Mattermost Desktop App versions <=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on macOS.

Published: June 14, 2024; 5:15:09 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-25142

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.  Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache Airflow: before 2.9.2. Users are recommended to upgrade to version 2.9.2, which fixes the issue.

Published: June 14, 2024; 5:15:09 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-5995

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be reused.

Published: June 14, 2024; 4:15:43 AM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2024-5961

Improper neutralization of input during web page generation vulnerability in 2ClickPortal software allows reflected cross-site scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects 2ClickPortal software versions from 7.2.31 through 7.6.4.

Published: June 14, 2024; 4:15:42 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-5577

The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version <= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file. This makes it possible for unauthenticated attackers to include and execute arbitrary files hosted on external servers, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution. This requires allow_url_include to be set to true in order to exploit, which is not commonly enabled.

Published: June 14, 2024; 4:15:42 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2024-5465

Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect availability.

Published: June 14, 2024; 4:15:41 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-5464

Vulnerability of insufficient permission verification in the NearLink module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Published: June 14, 2024; 4:15:41 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-36503

Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect availability.

Published: June 14, 2024; 4:15:41 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-36502

Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect availability.

Published: June 14, 2024; 4:15:41 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)