Search Results (Refine Search)
- Results Type: Overview
- Search Type: Search Last 3 Months
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-6402 |
A vulnerability classified as critical was found in Tenda A301 15.13.08.12. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269947. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: June 28, 2024; 1:15:03 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-38522 |
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the `tips.hushline.app` website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version 0.1.0. Published: June 28, 2024; 1:15:03 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-38521 |
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the `safe` Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0. Published: June 28, 2024; 12:15:04 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-35139 |
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from the container due to incorrect default permissions. IBM X-Force ID: 292415. Published: June 28, 2024; 12:15:04 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-35137 |
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413. Published: June 28, 2024; 12:15:04 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-29039 |
tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a misleading picture of the TPM state. This issue has been patched in version 5.7. Published: June 28, 2024; 12:15:03 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-38531 |
Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assume the permissions of a Nix daemon worker and hijack all future builds. This issue was patched in version(s) 2.23.1, 2.22.2, 2.21.3, 2.20.7, 2.19.5 and 2.18.4. Published: June 28, 2024; 10:15:03 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-29038 |
tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7. Published: June 28, 2024; 10:15:03 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-3816 |
Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to a blind SQL Injection executed using the search bar. Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears. Published: June 28, 2024; 9:15:03 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-3801 |
Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSS via including scripts in one of GET header parameters. Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears. Published: June 28, 2024; 9:15:03 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2024-3800 |
Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to Reflected XSS via including scripts in requested file names. Only a part of observed services is vulnerable, but since vendor has not investigated the root problem, it is hard to determine when the issue appears. Published: June 28, 2024; 9:15:02 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2024-39704 |
Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows a remote attacker to execute arbitrary code on a client's machine via a crafted packet on TCP port 46318. Published: June 28, 2024; 9:15:02 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2024-37741 |
OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture. Published: June 28, 2024; 9:15:02 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2024-5737 |
Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default (text/html) is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0. Published: June 28, 2024; 8:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2024-5736 |
Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla! extension in afGdStream.php script allows to access local files or server pages available only from localhost. This issue affects AdmirorFrames: before 5.0. Published: June 28, 2024; 8:15:10 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2024-5735 |
Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0. Published: June 28, 2024; 8:15:10 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2024-5925 |
The Theron Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: June 28, 2024; 5:15:03 AM -0400 |
V4.0:(not available) V3.1: 6.4 MEDIUM V2.0:(not available) |
CVE-2024-5922 |
The Scylla lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: June 28, 2024; 5:15:02 AM -0400 |
V4.0:(not available) V3.1: 6.4 MEDIUM V2.0:(not available) |
CVE-2024-5662 |
The Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the Social Count (Static) widget in all versions up to, and including, 3.11.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: June 28, 2024; 5:15:02 AM -0400 |
V4.0:(not available) V3.1: 6.4 MEDIUM V2.0:(not available) |
CVE-2024-5424 |
The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘galleryID’ and 'className' parameters in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: June 28, 2024; 5:15:02 AM -0400 |
V4.0:(not available) V3.1: 6.4 MEDIUM V2.0:(not available) |