WordPress Tutor LMS plugin <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion vulnerability

Authenticated Instructor+ Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion vulnerability discovered by Thanh Nam Tran in WordPress Plugin Tutor LMS versions = 2.7.1...

CVE-2024-5505

NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this...

CVE-2024-30368

A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

PT-2024-6315 · Ivanti · Ivanti Epm

Name of the Vulnerable Software and Affected Versions: Ivanti EPM versions prior to 2022 SU6 Ivanti EPM versions prior to the 2024 September update Description: The issue is related to a SQL injection vulnerability in the LoadMotherboardTable method of Ivanti EPM, which does not properly protect...

PT-2024-19901 · WordPress · Clever Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Clever Addons for Elementor plugin for WordPress versions up to, and including, 2.1.9 Description: The issue is related to Stored Cross-Site Scripting via the CAFE Icon, CAFE Team Member, and CAFE Slider widgets due to insufficient input...

CVE-2023-52162

Mercusys MW325R EU V3 Firmware MW325REUV31.11.0 Build 221019 is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. Exploiting the vulnerability requires authentication...

CVE-2023-52162

Mercusys MW325R EU V3 Firmware MW325REUV31.11.0 Build 221019 is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. Exploiting the vulnerability requires authentication...

CVE-2023-52162

Mercusys MW325R EU V3 Firmware MW325REUV31.11.0 Build 221019 is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. Exploiting the vulnerability requires authentication...

OESA-2024-1683 libvirt security update

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support. Security Fixes: A race condition leading to a stack use-after-free flaw was found in libvirt. Due...

PT-2024-3975 · NetGear · Netgear Prosafe Network Management System

Name of the Vulnerable Software and Affected Versions: NETGEAR ProSAFE Network Management System affected versions not specified Description: The issue is related to the UpLoadServlet component of the NETGEAR ProSAFE Network Management System, which is vulnerable to directory traversal and remote...

CVE-2024-4484

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘xaiusername’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output escapin...

Ivanti Endpoint Manager GetLogFileRulesSQL SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetLogFileRulesSQL method. The issue results from the lack of proper validation ...

CVE-2024-5247

NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit...

CVE-2024-5247 NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability

NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit...

WordPress Plugin HT Mega–Absolute Addons For Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

PT-2024-3630 · Rockwell Automation · Factorytalk View Se

Name of the Vulnerable Software and Affected Versions: Rockwell Automation FactoryTalk View SE Datalog function Description: A threat actor could inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. This could result in...

Vulnerabilities fixed in Microsoft Dynamics

Microsoft fixed vulnerabilities in Dynamics 365 Customer Insights. A malicious party could exploit the vulnerabilities to launch a Cross-Site Scripting attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive data in the context of the...

CVE-2024-34338

Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authentication is required to exploit this vulnerabili...

RHEL 7 : mariadb (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mariadb: CONNECT storage engine heap-based buffer overflow CVE-2022-24052 - getsortbytable in MariaDB...

CVE-2024-34338

Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authentication is required to exploit this vulnerabili...