CVE-2024-3808

The Porto Theme – Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the ‘portoportfolios’ shortcode ‘portfoliolayout’ attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions,...

WordPress plugin WP Compress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-3757 · Vmware · Vmware Workstation +1

Name of the Vulnerable Software and Affected Versions: VMware Workstation and Fusion affected versions not specified Description: The issue is related to an information disclosure vulnerability in the Host Guest File Sharing HGFS functionality. A malicious actor with local administrative privileg...

CVE-2024-4213 Shopping Cart & eCommerce Store <= 5.6.4 - Sensitive Information Exposure

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.4 via the order report functionality. This makes it possible for unauthenticated attackers to extract sensitive data including order details such as...

What's the Right EDR for You?

A guide to finding the right endpoint detection and response EDR solution for your business' unique needs. Cybersecurity has become an ongoing battle between hackers and small- and mid-sized businesses. Though perimeter security measures like antivirus and firewalls have traditionally served as t...

Hidden Functionality vulnerability in DT900

Overview DT900 contains a Hidden Functionality vulnerabilityCWE-912. Specified versions allow an attacker to access the system setting. reported by Mr. Gianluca Altomani and Mr. Manuel Romei. for NEC-PSIRT Impact Regarding the impact of the vulnerability, please refer to the vendor advisory...

CVE-2024-3809 Porto Theme - Functionality <= 3.0.9 - Authenticated (Contributor+) Local File Inclusion via Post Meta

The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 via the 'slideshowtype' post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

WordPress Porto Theme - Functionality plugin <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode/post meta vulnerability

WordPress Porto Theme - Functionality plugin = 3.1.0 - Authenticated Contributor+ Local File Inclusion via Shortcode/post meta vulnerability discovered by István Márton in WordPress Plugin Porto Theme - Functionality versions = 3.1.0...

WordPress Porto Theme - Functionality Plugin <= 3.1.0 is vulnerable to Local File Inclusion

Software Porto Theme - Functionality Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.1.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3808 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 05d6982e8315 Credits István Márton Required privileg...

CVE-2024-34471

CVE-2024-34471 affects HSC Mailinspector 5.2.17-3 (and up to 5.2.18 per CNVD/CNNVD) due to a faulty validation of the filename parameter in the mliRealtimeEmails.php export HTML function. The path traversal flaw enables an attacker to read and delete arbitrary server files, evidenced by reads of ...

CVE-2024-33844

The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAVMISSIONTYPE0, 1, 2, 255, which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSIONCOUNT command with a wrong MAVMISSIONTYPE...

CVE-2023-35721

NETGEAR Multiple Routers curlpost Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of multiple NETGEAR routers. Authentication is not required t...

CVE-2023-41183

The CVE-2023-41183 issue affects NETGEAR Orbi 760 routers, where the SOAP API implementation lacks authentication, enabling network-adjacent attackers to bypass authentication and access protected functionality. The NVD/NIST records (and ZDI) confirm an authentication bypass with CVSSv3.0 metrics...

CVE-2023-41183 NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability

NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR Orbi 760 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2023-41183 NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability

NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR Orbi 760 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2023-38123 Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability

Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. User interaction is required to explo...

CVE-2024-1416 Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Missing Authorization

The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on several functions in all versions up to, and including, 1.8.9. This makes it possible for unauthenticated attackers to invok...

CVE-2023-41970

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62...

CVE-2024-23462 ZCC Mac validinstaller file integrity check missing

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector binary and thus removing client functionality.This issue affects Client Connector on MacOS: before 3.4...

DEBIAN-CVE-2023-47212

A heap-based buffer overflow vulnerability exists in the comment functionality of stb vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability...