VYPR

CVEs

100,082 total · page 671 of 2,002

  • CVE-2024-36972HigJun 10, 2024
    risk 0.49cvss 7.5epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock. Billy Jheng Bing-Jhong reported a race between __unix_gc() and queue_oob(). __unix_gc() tries to garbage-collect close()d inflight sockets,…

  • CVE-2024-36528HigJun 10, 2024
    risk 0.57cvss 8.8epss 0.01

    nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and /admin/extensions/upload.php.

  • CVE-2024-5785HigJun 10, 2024
    risk 0.52cvss 8.0epss 0.01

    Command injection vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. This vulnerability could allow an authenticated user to execute commands inside the router by making a POST request to the URL “/boaform/admin/formUserTracert”.

  • CVE-2024-36971HigKEVJun 10, 2024
    risk 0.56cvss 7.8epss 0.03

    In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear…

  • CVE-2024-4328HigJun 10, 2024
    risk 0.53cvss 8.1epss 0.00

    A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows…

  • CVE-2024-37880HigJun 10, 2024
    risk 0.00cvss 7.5epss 0.01

    The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because poly_frommsg in poly.c does not…

  • CVE-2024-5389HigJun 9, 2024
    risk 0.46cvss 8.1epss 0.00

    In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organization. This issue arises due to the application not properly validating the…

  • CVE-2024-37570HigJun 9, 2024
    risk 0.57cvss 8.8epss 0.01

    On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending flags to the busybox ftpget command. This leads to $() command execution.

  • CVE-2024-37569HigJun 9, 2024
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The provis.html endpoint performs no sanitization on the hostname parameter (sent…

  • CVE-2024-5585HigJun 9, 2024
    risk 0.45cvss 7.7epss 0.29

    In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments…

  • CVE-2024-37568HigJun 9, 2024
    risk 0.49cvss 7.5epss 0.00

    lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. (This is similar to CVE-2022-29217 and CVE-2024-33663.)

  • CVE-2024-31304HigJun 9, 2024
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through 4.1.3.

  • CVE-2024-31283HigJun 9, 2024
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.6.2.

  • CVE-2024-31275HigJun 9, 2024
    risk 0.53cvss 8.2epss 0.00

    Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.4.

  • CVE-2024-32705HigJun 9, 2024
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.

  • CVE-2024-32704HigJun 9, 2024
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.

  • CVE-2024-32703HigJun 9, 2024
    risk 0.50cvss 7.7epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4.

  • CVE-2024-32715HigJun 9, 2024
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1.

  • CVE-2024-32798HigJun 9, 2024
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.8.0.

  • CVE-2024-32778HigJun 9, 2024
    risk 0.50cvss 7.7epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.4.

  • CVE-2024-32777HigJun 9, 2024
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint.This issue affects BizPrint: from n/a through 4.3.39.

  • CVE-2024-33564HigJun 9, 2024
    risk 0.57cvss 8.8epss 0.00

    Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.

  • CVE-2024-33563HigJun 9, 2024
    risk 0.49cvss 7.6epss 0.00

    Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.

  • CVE-2024-33561HigJun 9, 2024
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.

  • CVE-2024-33555HigJun 9, 2024
    risk 0.53cvss 8.1epss 0.00

    Missing Authorization vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.8.

  • CVE-2024-33547HigJun 9, 2024
    risk 0.54cvss 8.3epss 0.00

    Missing Authorization vulnerability in AA-Team WZone.This issue affects WZone: from n/a through 14.0.10.

  • CVE-2024-33543HigJun 9, 2024
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.06.

  • CVE-2024-31243HigJun 9, 2024
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17.

  • CVE-2024-30485HigJun 9, 2024
    risk 0.57cvss 8.8epss 0.01

    Missing Authorization vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0.

  • CVE-2024-25092HigJun 9, 2024
    risk 0.57cvss 8.8epss 0.01

    Missing Authorization vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.17.0.

  • CVE-2023-31080HigJun 9, 2024
    risk 0.54cvss 8.3epss 0.00

    Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.65.

  • CVE-2024-31098HigJun 9, 2024
    risk 0.53cvss 8.1epss 0.00

    Missing Authorization vulnerability in Mr.Ebabi New Order Notification for Woocommerce.This issue affects New Order Notification for Woocommerce: from n/a through 2.0.2.

  • CVE-2024-5774HigJun 9, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability has been found in SourceCodester Stock Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument username/password leads to sql…

  • CVE-2024-4680HigJun 8, 2024
    risk 0.57cvss 8.8epss 0.00

    A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised…

  • CVE-2024-35678HigJun 8, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft.This issue affects Contact Form to DB by BestWebSoft: from n/a through 1.7.2.

  • CVE-2024-35706HigJun 8, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login allows Cross-Site Scripting (XSS).This issue affects Heateor Social Login: from n/a through 1.1.32.

  • CVE-2024-35697HigJun 8, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThimPress Eduma allows Reflected XSS.This issue affects Eduma: from n/a through 5.4.7.

  • CVE-2024-35696HigJun 8, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Fahad Mahmood WP Docs allows Reflected XSS.This issue affects WP Docs: from n/a through 2.1.3.

  • CVE-2024-35694HigJun 8, 2024
    risk 0.46cvss 7.1epss 0.01

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amauri WPMobile.App wpappninja.This issue affects WPMobile.App: from n/a through <= 11.41.

  • CVE-2024-35693HigJun 8, 2024
    risk 0.46cvss 7.1epss 0.01

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list.This issue affects 12 Step Meeting List: from n/a through <= 3.14.33.

  • CVE-2024-35687HigJun 8, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library link-library allows Reflected XSS.This issue affects Link Library: from n/a through 7.6.3.

  • CVE-2024-35679HigJun 8, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through <= 3.12.0.

  • CVE-2024-37408HigJun 8, 2024
    risk 0.47cvss 7.3epss 0.00

    fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pam_fprintd.so" for Sudo. NOTE: the supplier disputes this because they believe issue resolution would involve modifying the PAM configuration to…

  • CVE-2024-35718HigJun 8, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.5.

  • CVE-2024-35750HigJun 8, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.

  • CVE-2024-35737HigJun 8, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Loopus WP Visitors Tracker allows Reflected XSS.This issue affects WP Visitors Tracker: from n/a through 2.3.

  • CVE-2024-35736HigJun 8, 2024
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Visualizer.This issue affects Visualizer: from n/a through 3.11.1.

  • CVE-2024-35734HigJun 8, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.This issue affects WP Time Slots Booking Form: from n/a through 1.2.10.

  • CVE-2024-35733HigJun 8, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RLDD Auto Coupons for WooCommerce allows Reflected XSS.This issue affects Auto Coupons for WooCommerce: from n/a through 3.0.14.

  • CVE-2024-35730HigJun 8, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in realmag777 Active Products Tables for WooCommerce allows Reflected XSS.This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.3.