CVE-2024-13408

The CVE-2024-13408 issue affects the WordPress plugin Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget. It enables Local File Inclusion via the theme attribute of the pgcu shortcode, exploitable by authenticated users with Contributor-level access and abo...

CVE-2024-12805

CVE-2024-12805 is a post-authentication format-string vulnerability in SonicOS management affecting SonicWall SonicOS devices. The issue, described in connected sources as a format string flaw, can allow a remote, authenticated attacker to crash the firewall and potentially achieve code execution...

CVE-2024-53706

A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges to root and potentially lead to code execution...

CVE-2024-12571

CVE-2024-12571 affects the Store Locator for WordPress with Google Maps – LotsOfLocales plugin (WordPress) up to version 3.98.10. The issue is an unauthenticated Local File Inclusion via the sl_engine parameter, enabling an attacker to include and execute arbitrary PHP code on the server, potenti...

CVE-2024-37143

Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 for RCM 3.8.x train and prior to RCM 3.7.6.0 for RCM 3.7.x train, Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior...

CVE-2023-27195

Trimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tmajax.msw?func=UserfromUUID&uuid= to retrieve the last registration access code and use this access code to register a valid account. via a PUT /inc/tmajax.msw request. If the access code was used to create an Administrator...

CGA-GF6X-W54G-9482

Bulletin has no description...

CVE-2024-7582

A vulnerability classified as critical was found in Tenda i22 1.0.0.34687. This vulnerability affects the function formApPortalAccessCodeAuth of the file /goform/apPortalAccessCodeAuth. The manipulation of the argument accessCode/data/acceInfo leads to buffer overflow. The attack can be initiated...

CGA-RV8W-7M8J-82GJ

Bulletin has no description...

CGA-MQF8-R2VP-3GCJ

Bulletin has no description...

CGA-RXR7-QJJ9-XF8J

Bulletin has no description...

CVE-2024-37895

Lobe Chat is an open-source LLMs/AI chat framework. In affected versions if an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. This issu...

CVE-2024-37895 API Key Leak in lobe-chat

Lobe Chat is an open-source LLMs/AI chat framework. In affected versions if an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. This issu...

CVE-2024-37895

CVE-2024-37895 affects Lobe Chat, an open-source LLM/AI chat framework. In affected versions, if an attacker can authenticate via SSO/Access Code, they can modify the frontend base URL to point to a malicious attack URL and trigger a server-side request, enabling retrieval of the real backend API...

CGA-QJG9-JJWV-XV5C

Bulletin has no description...

CGA-HH23-J43V-7RCP

Bulletin has no description...

CGA-R9QQ-3R2C-H7G5

Bulletin has no description...

CVE-2024-1417 Local Code Injection Vulnerability in AuthPoint Password Manager App for macOS Safari

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute code under the context of the AuthPoint Password Manager application. This issue affects AuthPoint...

Trimble TM4Web 22.2.0 Privilege Escalation / Access Code Disclosure Vulnerability

An access control issue in Trimble TM4Web version 22.2.0 allows unauthenticated attackers to access a specific crafted URL path to retrieve the last registration access code and use this access code to register a valid account. If the access code was used to create an Administrator account,...

Trimble TM4Web 22.2.0 Privilege Escalation / Access Code Disclosure

CVE ID: CVE-2023-27195 Description: An access control issue in Trimble TM4Web v22.2.0 allows unauthenticated attackers to access a specific crafted URL path to retrieve the last registration access code and use this access code to register a valid account. If the access code was used to create an...