CVE-2024-3269 Download Monitor <= 4.9.13 - Missing Authorization

The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlmuninstallplugin function in all versions up to, and including, 4.9.13. This makes it possible for authenticated attackers to uninstall the plugin and delete...

CVE-2024-5514 MinMax CMS - Hidden Functionality

MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without bei...

CVE-2024-5514 MinMax CMS - Hidden Functionality

MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without bei...

CVE-2024-4358

In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability...

CVE-2024-4358

In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability...

CVE-2024-4358 Registration Authentication Bypass Vulnerability

In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability...

CVE-2024-4358

CVE-2024-4358 affects Progress Telerik Report Server (2024 Q1 10.0.24.305 and earlier) on IIS, allowing an unauthenticated attacker to bypass authentication and access restricted functionality. Public details come from multiple sources in the connected docs: Exploit-DB/Metasploit references descr...

CVE-2024-25977

CVE-2024-25977 corresponds to a session-fixation vulnerability in the HAWKI interface (HAWK Digital Environments). The issue arises because the application does not change the session token on login/logout, allowing an attacker to set a victim’s token (e.g., via XSS) and prompt login, resulting i...

CVE-2024-25977 Session Fixation

The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim's browser e.g. via XSS and prompt the victim to log in e.g. via a redirect to the login page. This results in the victim's account being taken over...

Umbraco Commerce vulnerable to Stored Cross-site Scripting on Print Functionality

Impact Stored Cross-site scripting XSS enable attackers to inject malicious code into Print Functionality Patches 12.1.4, 10.0.5 References https://docs.umbraco.com/umbraco-commerce/release-notesid-13.0.0-december-13th-2023...

Cross-site Scripting (XSS)

Overview Umbraco.Commerce is a the only Umbraco supported ecommerce solution that lets you sell how you want to sell. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Print functionality. An attacker can inject and execute malicious scripts by sending craft...

GHSA-RPJ9-XJWM-WR6W Umbraco Commerce vulnerable to Stored Cross-site Scripting on Print Functionality

Impact Stored Cross-site scripting XSS enable attackers to inject malicious code into Print Functionality Patches 12.1.4, 10.0.5 References https://docs.umbraco.com/umbraco-commerce/release-notesid-13.0.0-december-13th-2023...

CVE-2024-35240

Umbraco Commerce is an open source dotnet ecommerce solution. In affected versions there exists a stored Cross-site scripting XSS issue which would enable attackers to inject malicious code into Print Functionality. This issue has been addressed in versions 12.1.4, and 10.0.5. Users are advised t...

CVE-2024-35240 Stored Cross-site Scripting on Print Functionality in Umbraco Commerce

Umbraco Commerce is an open source dotnet ecommerce solution. In affected versions there exists a stored Cross-site scripting XSS issue which would enable attackers to inject malicious code into Print Functionality. This issue has been addressed in versions 12.1.4, and 10.0.5. Users are advised t...

CVE-2024-35240 Stored Cross-site Scripting on Print Functionality in Umbraco Commerce

Umbraco Commerce is an open source dotnet ecommerce solution. In affected versions there exists a stored Cross-site scripting XSS issue which would enable attackers to inject malicious code into Print Functionality. This issue has been addressed in versions 12.1.4, and 10.0.5. Users are advised t...

CVE-2024-35240 Stored Cross-site Scripting on Print Functionality in Umbraco Commerce

Umbraco Commerce is an open source dotnet ecommerce solution. In affected versions there exists a stored Cross-site scripting XSS issue which would enable attackers to inject malicious code into Print Functionality. This issue has been addressed in versions 12.1.4, and 10.0.5. Users are advised t...

CVE-2024-24962

A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker can send an unauthenticated packet to trigger this...

CVE-2024-24851

A heap-based buffer overflow vulnerability exists in the Programming Software Connection FiBurn functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability...

CVE-2024-24946

A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger these vulnerability.This...

CVE-2024-23951

Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the...