CVE-2024-37037

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ‘Path Traversal’ vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request...

Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the Agent

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability. Work...

CVE-2024-5697

A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox 127...

CVE-2024-5697

A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox 127...

Mozilla Firefox ESR < 115.12

The version of Firefox ESR installed on the remote Windows host is prior to 115.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-26 advisory. - By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if...

CVE-2024-36471 Apache Allura: sensitive information exposure via DNS rebinding

Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Project administrators can run these imports, which could cause Allura to read from internal services and expose them. This issue affects Apache Allura from 1.0.1 through 1.16.0. Users are...

CVE-2024-35747

Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through 2.1.7...

CVE-2024-35747 WordPress Contact Form Builder, Contact Widget plugin <= 2.1.7 - Bypass Vulnerability vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through 2.1.7...

CVE-2024-35747

CVE-2024-35747 affects WordPress plugin Contact Form Builder/Contact Widget (wpdevart) and is described as Improper Restriction of Excessive Authentication Attempts, enabling an Authentication/Functionality Bypass. Affected versions are from n/a through 2.1.7. The available documents confirm the ...

CVE-2024-35658

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ThemeHigh Checkout Field Editor for WooCommerce Pro allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce Pro: from n/a through 3.6.2...

CVE-2024-35658 WordPress Checkout Field Editor for WooCommerce (Pro) plugin <= 3.6.2 - Unauthenticated Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ThemeHigh Checkout Field Editor for WooCommerce Pro allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce Pro: from n/a through 3.6.2...

CVE-2024-35658 WordPress Checkout Field Editor for WooCommerce (Pro) plugin <= 3.6.2 - Unauthenticated Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ThemeHigh Checkout Field Editor for WooCommerce Pro allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce Pro: from n/a through 3.6.2...

CVE-2024-35658

CVE-2024-35658: Path Traversal vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows unauthenticated file deletion. Affected: Checkout Field Editor for WooCommerce (Pro) up to version 3.6.2. Root cause: improper limitation of a pathname to restricted directories. Remediati...

CVE-2024-34800 WordPress Crafthemes Demo Import plugin <= 3.3 - Arbitrary Plugin Installation vulnerability

Missing Authentication for Critical Function vulnerability in Aruphash Crafthemes Demo Import allows Functionality Misuse.This issue affects Crafthemes Demo Import: from n/a through 3.3...

CVE-2024-34800 WordPress Crafthemes Demo Import plugin <= 3.3 - Arbitrary plugin Installation vulnerability

Missing Authorization vulnerability in Crafthemes Crafthemes Demo Import crafthemes-demo-import allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crafthemes Demo Import: from n/a through = 3.3...

CVE-2024-34800

CVE-2024-34800 affects the WordPress plugin Crafthemes Demo Import (

CVE-2022-45176

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting XSS can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application through its vShare functionality section doesn't properly check parameters, sent in HTTP requests as...

CVE-2022-45176

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting XSS can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application through its vShare functionality section doesn't properly check parameters, sent in HTTP requests as...

Citrix Workspace App for HTML5 - Chromium Update Impact on Multi Monitor Functionality

When you click Multimonitor from the session toolbar, the session might not extend automatically. The issue occurs when you use Citrix Workspace app for HTML5 version that is earlier than 2404, and the Google Chromium browser version is equal to or greater than v125.0.0...

CVE-2022-45176

CVE-2022-45176 affects LIVEBOX Collaboration vDesk through v018. The issue is a stored Cross-site Scripting (XSS) vulnerability at the endpoint /api/v1/getbodyfile, triggered by the input parameter uri . The web application does not properly validate parameters before saving them on the server, a...