PT-2024-26543 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in idccms via the component "/admin/vpsApi deal.php?mudi=rev&nohrefStr=close". This issue allows for unauthorized requests to be made on behalf of the use...

"Linguistic Lumberjack" Vulnerability Discovered in Popular Logging Utility Fluent Bit

Cybersecurity researchers have discovered a critical security flaw in a popular logging and metrics utility called Fluent Bit that could be exploited to achieve denial-of-service DoS, information disclosure, or remote code execution. The vulnerability, tracked as CVE-2024-4323, has been codenamed...

CVE-2024-2782 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Setting Manipulation

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including,...

EUVD-2024-27715

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes ...

PT-2024-26226 · Eramba · Eramba

Name of the Vulnerable Software and Affected Versions: Eramba Community versions prior to 3.22.0 Description: A bug was found in the /attachments/attachments/download/ API endpoint, allowing arbitrary file download due to a lack of user permission checks. This issue is related to an Insecure Dire...

PT-2024-25521 · Linqi · Linqi

Name of the Vulnerable Software and Affected Versions: linqi versions prior to 1.4.0.1 Description: An issue was discovered in linqi, where there is a potential XSS vulnerability in the "/api/DocumentTemplate/GUID" API endpoint. Recommendations: For versions prior to 1.4.0.1, update to version...

PT-2024-25518 · Linqi · Linqi

Name of the Vulnerable Software and Affected Versions: linqi versions prior to 1.4.0.1 Description: An issue was discovered in linqi, allowing local file inclusion via the /api/Cdn/GetFile API endpoint. Recommendations: For versions prior to 1.4.0.1, update to version 1.4.0.1 or later to resolve...

PT-2024-4567

Name of the Vulnerable Software and Affected Versions: MASA CMS versions prior to 7.4.6 MASA CMS versions prior to 7.3.13 MASA CMS versions prior to 7.2.8 Description: MASA CMS, an Enterprise Content Management platform, contains a SQL injection vulnerability in the processAsyncObject method...

PT-2024-25754 · Unknown · Computer Laboratory Management System

Name of the Vulnerable Software and Affected Versions: Computer Laboratory Management System version 1.0 Description: The issue concerns a Cross Site Scripting vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the firstname, middlename, lastname parameters in th...

CVE-2024-34453

TwoNav 2.1.13 contains an SSRF vulnerability via the url paramater to index.php?c=api&method=readdata&type=connectivitytest which reaches /system/api.php...

CVE-2024-2667 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.22 - Unauthenticated Arbitrary File Upload

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for...

CVE-2024-2667

CVE-2024-2667 affects the InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress. The root cause is insufficient file validation in the REST API endpoint /wp-json/instawp-connect/v1/config, affecting all versions up to 0.1.0.22. This enables unauthenticated attackers to upload arbi...

WordPress plugin InstaWP Connect 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

GHSA-7GRX-F945-MJ96 Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation

Summary Installation of a maliciously crafted plugin allows for remote code execution by an authenticated attacker. Details Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding AP...

CVE-2024-33309

An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository...

PT-2024-30533 · Unknown · Adive Framework

Name of the Vulnerable Software and Affected Versions: Adive Framework version 2.0.8 Description: The issue is related to insufficient encoding of user-controlled inputs, resulting in a persistent Cross-Site Scripting XSS vulnerability. This vulnerability can be exploited via the...

TVS Motor Connect Mobile Application 安全漏洞

TVS Motor Connect Mobile Application is an application by TVS Motor India to experience the products and services of TVS Motor Company. A security vulnerability exists in TVS Motor Connect Mobile Application Android v.4.5.1 and iOS v.5.0.0, which stems from a vulnerability that allows a remote...

CVE-2024-33309

An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository...

CVE-2024-33309

An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository...

CVE-2024-33309

The CVE-2024-33309 issue affects TVS Connet on Android v4.5.1 and iOS v5.0.0, per multiple sources (Red Hat, NVD/CNNVD listing). The root cause is an insecure API endpoint that could allow a remote attacker to obtain sensitive information. Documents consistently describe vendor app TVS Connet as ...