Lucene search

K

R-30iB Plus, R-30iB Mate Plus, R-30iB Compact Plus, R-30iB Mini Plus Security Vulnerabilities

cvelist
cvelist

CVE-2024-5354 anji-plus AJ-Report detailByCode information disclosure

A vulnerability classified as problematic was found in anji-plus AJ-Report up to 1.4.1. This vulnerability affects unknown code of the file /reportShare/detailByCode. The manipulation of the argument shareToken leads to information disclosure. The attack can be initiated remotely. The exploit has.....

4.3CVSS

4.6AI Score

0.0004EPSS

2024-05-26 04:31 AM
vulnrichment
vulnrichment

CVE-2024-5354 anji-plus AJ-Report detailByCode information disclosure

A vulnerability classified as problematic was found in anji-plus AJ-Report up to 1.4.1. This vulnerability affects unknown code of the file /reportShare/detailByCode. The manipulation of the argument shareToken leads to information disclosure. The attack can be initiated remotely. The exploit has.....

4.3CVSS

6.7AI Score

0.0004EPSS

2024-05-26 04:31 AM
nvd
nvd

CVE-2024-5353

A vulnerability classified as critical has been found in anji-plus AJ-Report up to 1.4.1. This affects the function decompress of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...

6.3CVSS

6.4AI Score

0.0004EPSS

2024-05-26 04:15 AM
cve
cve

CVE-2024-5353

A vulnerability classified as critical has been found in anji-plus AJ-Report up to 1.4.1. This affects the function decompress of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-26 04:15 AM
25
cvelist
cvelist

CVE-2024-5353 anji-plus AJ-Report ZIP File decompress path traversal

A vulnerability classified as critical has been found in anji-plus AJ-Report up to 1.4.1. This affects the function decompress of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...

6.3CVSS

6.4AI Score

0.0004EPSS

2024-05-26 04:00 AM
vulnrichment
vulnrichment

CVE-2024-5353 anji-plus AJ-Report ZIP File decompress path traversal

A vulnerability classified as critical has been found in anji-plus AJ-Report up to 1.4.1. This affects the function decompress of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...

6.3CVSS

6.9AI Score

0.0004EPSS

2024-05-26 04:00 AM
fedora
fedora

[SECURITY] Fedora 40 Update: ruff-0.3.7-2.fc40

An extremely fast Python linter and code formatter, written in Rust. Ruff aims to be orders of magnitude faster than alternative tools while integrating more functionality behind a single, common interface. Ruff can be used to replace Flake8 (plus dozens of plugins), Black, isort, pydocstyle,...

7.4AI Score

2024-05-26 01:28 AM
cve
cve

CVE-2024-5352

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been rated as critical. Affected by this issue is the function validationRules of the component com.anjiplus.template.gaea.business.modules.datasetparam.controller.DataSetParamController#verification. The manipulation leads to...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-26 01:15 AM
25
nvd
nvd

CVE-2024-5352

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been rated as critical. Affected by this issue is the function validationRules of the component com.anjiplus.template.gaea.business.modules.datasetparam.controller.DataSetParamController#verification. The manipulation leads to...

6.3CVSS

6.4AI Score

0.0004EPSS

2024-05-26 01:15 AM
cvelist
cvelist

CVE-2024-5352 anji-plus AJ-Report validationRules deserialization

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been rated as critical. Affected by this issue is the function validationRules of the component com.anjiplus.template.gaea.business.modules.datasetparam.controller.DataSetParamController#verification. The manipulation leads to...

6.3CVSS

6.4AI Score

0.0004EPSS

2024-05-26 12:31 AM
cve
cve

CVE-2024-5351

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-26 12:15 AM
2
nvd
nvd

CVE-2024-5351

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been...

6.3CVSS

6.4AI Score

0.0004EPSS

2024-05-26 12:15 AM
vulnrichment
vulnrichment

CVE-2024-5351 anji-plus AJ-Report Javascript getValueFromJs deserialization

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been...

6.3CVSS

6.9AI Score

0.0004EPSS

2024-05-26 12:00 AM
cvelist
cvelist

CVE-2024-5351 anji-plus AJ-Report Javascript getValueFromJs deserialization

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been...

6.3CVSS

6.4AI Score

0.0004EPSS

2024-05-26 12:00 AM
cve
cve

CVE-2024-5350

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been classified as critical. Affected is the function pageList of the file /pageList. The manipulation of the argument p leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the.....

6.3CVSS

7.3AI Score

0.0004EPSS

2024-05-25 11:15 PM
24
nvd
nvd

CVE-2024-5350

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been classified as critical. Affected is the function pageList of the file /pageList. The manipulation of the argument p leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the.....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-25 11:15 PM
cvelist
cvelist

CVE-2024-5350 anji-plus AJ-Report pageList sql injection

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been classified as critical. Affected is the function pageList of the file /pageList. The manipulation of the argument p leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the.....

6.3CVSS

6.8AI Score

0.0004EPSS

2024-05-25 10:31 PM
wired
wired

Microsoft’s New Recall AI Tool May Be a ‘Privacy Nightmare’

Plus: US surveillance reportedly targets pro-Palestinian protesters, the FBI arrests a man for AI-generated CSAM, and stalkerware targets hotel...

7.4AI Score

2024-05-25 10:30 AM
6
githubexploit
githubexploit

Exploit for CVE-2024-5084

Wordpress Hash Form – Drag & Drop Form Builder <= 1.1.0 -...

9.8CVSS

8.5AI Score

0.035EPSS

2024-05-25 03:49 AM
17
f5
f5

K000139525: Libexpat vulnerability CVE-2022-43680

Security Advisory Description In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. (CVE-2022-43680) Impact System performance degradation can occur until the process is forced to restart.....

6.7AI Score

0.004EPSS

2024-05-25 12:00 AM
19
nessus
nessus

Oracle Linux 9 : kernel (ELSA-2024-3306)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3306 advisory. [5.14.0-427.18.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya...

6.7AI Score

0.0004EPSS

2024-05-25 12:00 AM
6
openbugbounty
openbugbounty

n-e-r-v-o-u-s.com Cross Site Scripting vulnerability OBB-3930116

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-05-24 03:27 PM
1
debiancve
debiancve

CVE-2021-47505

In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This...

6.5AI Score

0.0004EPSS

2024-05-24 03:15 PM
3
cve
cve

CVE-2021-47505

In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This is...

6.5AI Score

0.0004EPSS

2024-05-24 03:15 PM
26
nvd
nvd

CVE-2021-47505

In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This is...

6.3AI Score

0.0004EPSS

2024-05-24 03:15 PM
cvelist
cvelist

CVE-2021-47505 aio: fix use-after-free due to missing POLLFREE handling

In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally the case. This is...

6.3AI Score

0.0004EPSS

2024-05-24 03:01 PM
1
nvd
nvd

CVE-2024-4037

The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running do_shortcode. This...

6.5CVSS

7.1AI Score

0.001EPSS

2024-05-24 09:15 AM
cve
cve

CVE-2024-4037

The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running do_shortcode. This...

6.5CVSS

7.5AI Score

0.001EPSS

2024-05-24 09:15 AM
22
cvelist
cvelist

CVE-2024-4037 WP Photo Album Plus <= 8.7.02.003 - Unauthenticated Arbitrary Shortcode Execution

The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running do_shortcode. This...

6.5CVSS

7.1AI Score

0.001EPSS

2024-05-24 08:30 AM
vulnrichment
vulnrichment

CVE-2024-4037 WP Photo Album Plus <= 8.7.02.003 - Unauthenticated Arbitrary Shortcode Execution

The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running do_shortcode. This...

6.5CVSS

7.6AI Score

0.001EPSS

2024-05-24 08:30 AM
1
cve
cve

CVE-2024-4484

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xai_username’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-24 07:15 AM
29
nvd
nvd

CVE-2024-4484

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xai_username’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-24 07:15 AM
1
cve
cve

CVE-2024-4485

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_custom_attributes’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-24 07:15 AM
27
nvd
nvd

CVE-2024-4485

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_custom_attributes’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-24 07:15 AM
cvelist
cvelist

CVE-2024-4484 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xai_username’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-24 06:42 AM
1
vulnrichment
vulnrichment

CVE-2024-4484 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xai_username’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-24 06:42 AM
1
vulnrichment
vulnrichment

CVE-2024-4485 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_custom_attributes’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-24 06:42 AM
cvelist
cvelist

CVE-2024-4485 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_custom_attributes’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-24 06:42 AM
cve
cve

CVE-2024-3718

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-24 06:15 AM
28
nvd
nvd

CVE-2024-3718

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-24 06:15 AM
cvelist
cvelist

CVE-2024-3718 The Plus Addons for Elementor <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Progress Bar, Header Meta Content, Scroll Navigation, Pricing Table, & Flip Box

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.9AI Score

0.001EPSS

2024-05-24 05:30 AM
vulnrichment
vulnrichment

CVE-2024-3718 The Plus Addons for Elementor <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Progress Bar, Header Meta Content, Scroll Navigation, Pricing Table, & Flip Box

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-24 05:30 AM
nvd
nvd

CVE-2024-2784

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Hover Card widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-24 05:15 AM
cve
cve

CVE-2024-2784

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Hover Card widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-24 05:15 AM
29
cvelist
cvelist

CVE-2024-2784 The Plus Addons for Elementor <= 5.5.4 - Authenticated (Contibutor+) Stored Cross-Site Scripting via Hover Card

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Hover Card widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....

6.4CVSS

5.9AI Score

0.0004EPSS

2024-05-24 04:29 AM
1
vulnrichment
vulnrichment

CVE-2024-2784 The Plus Addons for Elementor <= 5.5.4 - Authenticated (Contibutor+) Stored Cross-Site Scripting via Hover Card

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Hover Card widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-24 04:29 AM
arista
arista

Security Advisory 0097

Security Advisory 0097 PDF Date: May 24, 2024 Revision | Date | Changes ---|---|--- 1.0 | May 24, 2024 | Initial release The CVE-ID tracking this issue: CVE-2023-52424 CVSSv3.1 Base Score: Not indicated by NVD as of 5/23/2024 Description Arista Networks is providing this security update in...

6AI Score

EPSS

2024-05-24 12:00 AM
5
oraclelinux
oraclelinux

idm:DL1 security update

bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves: rhbz#2022762 [11.6-2] - Rebuild against bind 9.11.26 - Resolves: rhbz#1904612 [11.6-1] - New upstream release - Resolves: rhbz#1891735 [11.3-1] -...

5.3CVSS

7.6AI Score

0.0004EPSS

2024-05-24 12:00 AM
10
nessus
nessus

ManageEngine ServiceDesk Plus MSP < 14.7 Build 14720

The version of ManageEngine ServiceDesk Plus MSP installed on the remote host is prior to 14.7 Build 14720. It is, therefore, affected by a vulnerability as referenced in the service-desk-msp_cve-2024-27314 advisory. A stored cross-site scripting (XSS) vulnerability allowed users with the SDAdmin.....

2.4CVSS

3.4AI Score

0.0004EPSS

2024-05-24 12:00 AM
2
wpvulndb
wpvulndb

The Plus Addons for Elementor < 5.5.3 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘button_custom_attributes’ parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web...

6.4CVSS

5.8AI Score

0.001EPSS

2024-05-24 12:00 AM
2
Total number of security vulnerabilities120184