CVE-2024-42035

Permission control vulnerability in the App Multiplier module Impact:Successful exploitation of this vulnerability may affect functionality and confidentiality...

CVE-2024-42035

Permission control vulnerability in the App Multiplier module Impact:Successful exploitation of this vulnerability may affect functionality and confidentiality...

CVE-2024-6872

The CVE-2024-6872 entry concerns the WordPress TemplateSpare plugin (≤ 2.4.2). Root cause: missing capability checks in templatespare_activate_required_theme and templatespare_get_theme_status allow authenticated users with Subscriber+ privileges to activate any installed theme and read theme sta...

CVE-2024-6872 Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! – TemplateSpare <= 2.4.2 - Missing Authorization to Authenticated (Subscriber+) Theme Update

The Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! – TemplateSpare plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the...

PT-2024-37654 · WordPress · Userswp

Name of the Vulnerable Software and Affected Versions: UsersWP WordPress plugin versions prior to 1.2.12 Description: The issue allows unauthenticated attackers to download sensitive information, including IP addresses, usernames, and email addresses, due to the use of predictable filenames when ...

MAL-2024-7885 Malicious code in nodebs58 (npm)

The package contains a preinstall hook to execute unhook.js, which has cryptocurrency stealing functionality. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06acfd91a86ac73f0160fab5b4c198882f9f8dac8617c79b28f62ae487cbcf66 Any computer that has this package installe...

The vulnerability of Google Chrome and Microsoft Edge web browsers allows a malicious actor to gain unauthorized access to limited functionality.

The vulnerability of Google Chrome and Microsoft Edge web browsers relates to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to limited functionality...

(0Day) (Pwn2Own) Pioneer DMH-WT7600NEX Telematics Directory Traversal Arbitrary File Creation Vulnerability

This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

(0Day) (Pwn2Own) Pioneer DMH-WT7600NEX Telematics Improper Certificate Validation Vulnerability

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the telematics functionality, which...

The vulnerability of the Canvas component in Google Chrome and Microsoft Edge browsers allows attackers to gain unauthorized access to limited functionality.

The vulnerability of the Canvas component in Google Chrome and Microsoft Edge is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to limited functionality...

CVE-2024-6366

The CVE concerns the WordPress plugin User Profile Builder (cozmoslabs) prior to version 3.11.8, where improper authorization allows unauthenticated users to upload media files via the async upload feature. Affected: User Profile Builder

AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

Arbitrary Script Execution

anki is vulnerable to Arbitrary Script Execution. The vulnerability is due to inadequate validation and handling of flashcard content in the MPV functionality, allowing an attacker to send a malicious flashcard that can trigger arbitrary code execution...

CVE-2024-38288

A command-injection issue in the Certificate Signing Request CSR functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root...

Malicious code in harthat-chain (npm)

The package contains a preinstall hook which silently executes a malicious script with downloader functionality. This is characteristic of an ongoing North Korean state-sponsored campaign...

SUSE CVE-2024-32152

A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability...

Certification Vulnerabilities for Multiple SICAM Products Lacking Critical Functionality

The SICAM 8 power automation platform is a universal, integrated hardware and software-based solution for all applications in the power supply sector.The SICAM A8000 RTUs are modular devices for remote control and automation applications in all areas of energy supply.The SICAM EGS is the gateway ...

NVIDIA GPU Compiler Driver Shader Functionality out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2024-1956 NVIDIA GPU Compiler Driver Shader Functionality out-of-bounds read vulnerability July 23, 2024 CVE Number CVE-2024-0107 SUMMARY An out-of-bounds read vulnerability exists in the Shader Functionality functionality of NVIDIA GPU Compiler Driver 551.61,...

GHSA-9GQ7-P5W9-W899 Ankitects Anki arbitrary script execution vulnerability

An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability...

CVE-2024-32152

A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability...