U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 242,739 matching records.
Displaying matches 181 through 200.
Vuln ID Summary CVSS Severity
CVE-2024-39916

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports have the no_subtree_check option. The no_subtree_check option means that if a client performs a file operation, the server will only check if the requested file is on the correct filesystem, not if it is in the correct directory. This enables modifying files in /images, accessing other files on the same filesystem, and accessing files on other filesystems. This vulnerability is fixed in 1.5.10.30.

Published: July 12, 2024; 11:15:11 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-39914

FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34.

Published: July 12, 2024; 11:15:11 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-39909

KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems. A time/boolean SQL Injection is present in the following resource `/api/applicationResources` via the following parameter `packageID`. As it can be seen in backend/pkg/database/id_view.go, while building the SQL Query the `fmt.Sprintf` function is used to build the query string without the input having first been subjected to any validation. This vulnerability is fixed in 2.23.1.

Published: July 12, 2024; 11:15:11 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-39903

Solara is a pure Python, React-style framework for scaling Jupyter and web apps. A Local File Inclusion (LFI) vulnerability was identified in widgetti/solara, in version <1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system.

Published: July 12, 2024; 11:15:11 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-38715

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ExS ExS Widgets allows PHP Local File Inclusion.This issue affects ExS Widgets: from n/a through 0.3.1.

Published: July 12, 2024; 11:15:10 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-38709

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Milan Petrovic GD Rating System allows PHP Local File Inclusion.This issue affects GD Rating System: from n/a through 3.6.

Published: July 12, 2024; 10:15:16 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-38706

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in HasThemes HT Mega allows Path Traversal.This issue affects HT Mega: from n/a through 2.5.7.

Published: July 12, 2024; 10:15:15 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-38704

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DynamicWebLab WordPress Team Manager allows PHP Local File Inclusion.This issue affects WordPress Team Manager: from n/a through 2.1.12.

Published: July 12, 2024; 10:15:15 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-38700

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in realmag777 WPCS allows Code Injection.This issue affects WPCS: from n/a through 1.2.0.3.

Published: July 12, 2024; 10:15:15 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-37941

Cross-Site Request Forgery (CSRF) vulnerability in Internal Link Juicer Internal Link Juicer: SEO Auto Linker for WordPress.This issue affects Internal Link Juicer: SEO Auto Linker for WordPress: from n/a through 2.24.3.

Published: July 12, 2024; 10:15:14 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-37940

Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutions Seraphinite Accelerator (Full, premium).This issue affects Seraphinite Accelerator (Full, premium): from n/a through 2.21.13.

Published: July 12, 2024; 10:15:14 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-37939

Cross-Site Request Forgery (CSRF) vulnerability in VolThemes Patricia Lite.This issue affects Patricia Lite: from n/a through 1.2.3.

Published: July 12, 2024; 10:15:14 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-37938

Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop SociallyViral.This issue affects SociallyViral: from n/a through 1.0.10.

Published: July 12, 2024; 10:15:14 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-37933

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anhvnit Woocommerce OpenPos.This issue affects Woocommerce OpenPos: from n/a through 6.4.4.

Published: July 12, 2024; 10:15:13 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-37932

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in anhvnit Woocommerce OpenPos allows File Manipulation.This issue affects Woocommerce OpenPos: from n/a through 6.4.4.

Published: July 12, 2024; 10:15:13 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-37928

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NooTheme Jobmonster allows File Manipulation.This issue affects Jobmonster: from n/a through 4.7.0.

Published: July 12, 2024; 10:15:13 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-37927

Improper Privilege Management vulnerability in NooTheme Jobmonster allows Privilege Escalation.This issue affects Jobmonster: from n/a through 4.7.0.

Published: July 12, 2024; 10:15:13 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-37564

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PayPlus LTD PayPlus Payment Gateway.This issue affects PayPlus Payment Gateway: from n/a through 7.0.7.

Published: July 12, 2024; 10:15:13 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-37560

Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation.This issue affects WP User Switch: from n/a through 1.1.0.

Published: July 12, 2024; 10:15:12 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-37544

Missing Authorization vulnerability in Tobias Conrad Get Better Reviews for WooCommerce.This issue affects Get Better Reviews for WooCommerce: from n/a through 4.0.6.

Published: July 12, 2024; 10:15:12 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)