CVE-2024-6015

The CVE-2024-6015 entry concerns itsourcecode Online House Rental System 1.0, where an unknown function in manage_user.php allows SQL injection via the month_of argument. The vulnerability is exploitable remotely, with public disclosure and various attestations across sources (NVD/NVDCentric entr...

CVE-2024-38394

Mismatches in interpreting USB authorization policy between GNOME Settings Daemon GSD through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and...

CVE-2024-31161

The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system...

CVE-2024-5898

A vulnerability was found in itsourcecode Payroll Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file printpayroll.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has...

CVE-2024-5905

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability...

CVE-2024-37037

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ‘Path Traversal’ vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request...

CVE-2024-37037

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ‘Path Traversal’ vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request...

CVE-2024-37037

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ‘Path Traversal’ vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request...

Cortex XDR Agent: Local Windows User Can Disrupt Functionality of the Agent

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability. Work...

CVE-2024-5697

A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox 127...

CVE-2024-5697

A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox 127...

Mozilla Firefox ESR < 115.12

The version of Firefox ESR installed on the remote Windows host is prior to 115.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-26 advisory. - By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if...

CVE-2024-36471 Apache Allura: sensitive information exposure via DNS rebinding

Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Project administrators can run these imports, which could cause Allura to read from internal services and expose them. This issue affects Apache Allura from 1.0.1 through 1.16.0. Users are...

CVE-2024-35747

Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through 2.1.7...

CVE-2024-35747 WordPress Contact Form Builder, Contact Widget plugin <= 2.1.7 - Bypass Vulnerability vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through 2.1.7...

CVE-2024-35747

CVE-2024-35747 affects WordPress plugin Contact Form Builder/Contact Widget (wpdevart) and is described as Improper Restriction of Excessive Authentication Attempts, enabling an Authentication/Functionality Bypass. Affected versions are from n/a through 2.1.7. The available documents confirm the ...

CVE-2024-35658

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ThemeHigh Checkout Field Editor for WooCommerce Pro allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce Pro: from n/a through 3.6.2...

CVE-2024-35658

CVE-2024-35658: Path Traversal vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows unauthenticated file deletion. Affected: Checkout Field Editor for WooCommerce (Pro) up to version 3.6.2. Root cause: improper limitation of a pathname to restricted directories. Remediati...

CVE-2024-35658 WordPress Checkout Field Editor for WooCommerce (Pro) plugin <= 3.6.2 - Unauthenticated Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ThemeHigh Checkout Field Editor for WooCommerce Pro allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce Pro: from n/a through 3.6.2...

CVE-2024-35658 WordPress Checkout Field Editor for WooCommerce (Pro) plugin <= 3.6.2 - Unauthenticated Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ThemeHigh Checkout Field Editor for WooCommerce Pro allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce Pro: from n/a through 3.6.2...