CVE-2024-43250

CVE-2024-43250 concerns Bit Form Pro (WordPress plugin). Connected sources confirm an Incorrect Authorization vulnerability in Bit Form Pro, affecting versions up to 2.6.4, enabling Missing Authorization to update settings for Subscriber+ accounts. Root cause: ACL-related permission checks not pr...

CVE-2024-7903 DedeBIZ File Extension media_add.php unrestricted upload

A vulnerability was found in DedeBIZ 6.3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/mediaadd.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. The attack can be...

CVE-2024-43825

In the Linux kernel, the following vulnerability has been resolved: iio: Fix the sorting functionality in iiogtsbuildavailtimetable The sorting in iiogtsbuildavailtimetable is not working as intended. It could result in an out-of-bounds access when the time is zero. Here are more details: 1. When...

CVE-2024-43825 iio: Fix the sorting functionality in iio_gts_build_avail_time_table

In the Linux kernel, the following vulnerability has been resolved: iio: Fix the sorting functionality in iiogtsbuildavailtimetable The sorting in iiogtsbuildavailtimetable is not working as intended. It could result in an out-of-bounds access when the time is zero. Here are more details: 1. When...

CVE-2024-43825 iio: Fix the sorting functionality in iio_gts_build_avail_time_table

In the Linux kernel, the following vulnerability has been resolved: iio: Fix the sorting functionality in iiogtsbuildavailtimetable The sorting in iiogtsbuildavailtimetable is not working as intended. It could result in an out-of-bounds access when the time is zero. Here are more details: 1. When...

CVE-2024-38688

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-38530 Open eClass Platform allows Arbitrary File Upload in "modules/h5p/save.php"

The Open eClass platform formerly known as GUnet eClass is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RC...

CVE-2024-41651

An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploitation requires that an attacker be able to hijack network requests made by an admin user who, by...

CVE-2024-41651

The connected sources show a vulnerability in Prestashop up to version 8.1.7 where arbitrary code execution is possible via the module upgrade feature. The exploit is described as requiring the ability to hijack network requests made by an admin user, a condition that is disputed by some parties....

CVE-2024-42357 Shopware vulnerable to blind SQL-injection in DAL aggregations

Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the...

CVE-2024-42357 Shopware vulnerable to blind SQL-injection in DAL aggregations

Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the...

CVE-2024-42035

Permission control vulnerability in the App Multiplier module Impact:Successful exploitation of this vulnerability may affect functionality and confidentiality...

CVE-2024-42035

Permission control vulnerability in the App Multiplier module Impact:Successful exploitation of this vulnerability may affect functionality and confidentiality...

CVE-2024-42035

CVE-2024-42035 concerns a permission control vulnerability in the App Multiplier module. The NVD entry lists a HIGH impact across confidentiality, integrity, and availability with LOCAL attack vector, LOW complexity, and no user interaction required, while Huawei/CNA data cite the same issue with...

CVE-2024-42035

Permission control vulnerability in the App Multiplier module Impact:Successful exploitation of this vulnerability may affect functionality and confidentiality...

CVE-2024-6872

The CVE-2024-6872 entry concerns the WordPress TemplateSpare plugin (≤ 2.4.2). Root cause: missing capability checks in templatespare_activate_required_theme and templatespare_get_theme_status allow authenticated users with Subscriber+ privileges to activate any installed theme and read theme sta...

CVE-2024-6872 Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! – TemplateSpare <= 2.4.2 - Missing Authorization to Authenticated (Subscriber+) Theme Update

The Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! – TemplateSpare plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the...

PT-2024-37654 · WordPress · Userswp

Name of the Vulnerable Software and Affected Versions: UsersWP WordPress plugin versions prior to 1.2.12 Description: The issue allows unauthenticated attackers to download sensitive information, including IP addresses, usernames, and email addresses, due to the use of predictable filenames when ...

MAL-2024-7885 Malicious code in nodebs58 (npm)

The package contains a preinstall hook to execute unhook.js, which has cryptocurrency stealing functionality. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06acfd91a86ac73f0160fab5b4c198882f9f8dac8617c79b28f62ae487cbcf66 Any computer that has this package installe...

(0Day) (Pwn2Own) Pioneer DMH-WT7600NEX Telematics Improper Certificate Validation Vulnerability

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the telematics functionality, which...