CVE-2024-4837

In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability...

CVE-2023-6322

CVE-2023-6322 affects the Roku Indoor Camera SE (v3.0.2.4679) and Wyze Cam v3 (v4.36.11.5859). The root cause is a stack-based buffer overflow in the message parsing functionality . An attacker who can make authenticated requests can trigger the overflow, potentially leading to impact on confiden...

CVE-2024-33583

A vulnerability has been identified in SIMATIC RTLS Locating Manager 6GT2780-0DA00 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA10 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA20 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA30 All versions...

CVE-2024-22268

VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service condition...

CVE-2024-33583

A vulnerability has been identified in SIMATIC RTLS Locating Manager 6GT2780-0DA00 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA10 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA20 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA30 All versions...

CVE-2024-33583

A vulnerability has been identified in SIMATIC RTLS Locating Manager 6GT2780-0DA00 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA10 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA20 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA30 All versions...

CVE-2024-33583

CVE-2024-33583 affects Siemens SIMATIC RTLS Locating Manager families (see 6GT2780-0DA00/0DA10/0DA20/0DA30/1EA10/1EA20/1EA30; all versions

WordPress plugin WP Compress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-3757 · Vmware · Vmware Workstation +1

Name of the Vulnerable Software and Affected Versions: VMware Workstation and Fusion affected versions not specified Description: The issue is related to an information disclosure vulnerability in the Host Guest File Sharing HGFS functionality. A malicious actor with local administrative privileg...

CVE-2024-3808

The Porto Theme – Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the ‘portoportfolios’ shortcode ‘portfoliolayout’ attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions,...

CVE-2024-4213 Shopping Cart & eCommerce Store <= 5.6.4 - Sensitive Information Exposure

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.4 via the order report functionality. This makes it possible for unauthenticated attackers to extract sensitive data including order details such as...

What's the Right EDR for You?

A guide to finding the right endpoint detection and response EDR solution for your business' unique needs. Cybersecurity has become an ongoing battle between hackers and small- and mid-sized businesses. Though perimeter security measures like antivirus and firewalls have traditionally served as t...

Hidden Functionality vulnerability in DT900

Overview DT900 contains a Hidden Functionality vulnerabilityCWE-912. Specified versions allow an attacker to access the system setting. reported by Mr. Gianluca Altomani and Mr. Manuel Romei. for NEC-PSIRT Impact Regarding the impact of the vulnerability, please refer to the vendor advisory...

CVE-2024-3809 Porto Theme - Functionality <= 3.0.9 - Authenticated (Contributor+) Local File Inclusion via Post Meta

The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 via the 'slideshowtype' post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

WordPress Porto Theme - Functionality plugin <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode/post meta vulnerability

WordPress Porto Theme - Functionality plugin = 3.1.0 - Authenticated Contributor+ Local File Inclusion via Shortcode/post meta vulnerability discovered by István Márton in WordPress Plugin Porto Theme - Functionality versions = 3.1.0...

WordPress Porto Theme - Functionality Plugin <= 3.1.0 is vulnerable to Local File Inclusion

Software Porto Theme - Functionality Type Plugin Vulnerable versions = 3.1.0 Fixed in 3.1.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3808 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 05d6982e8315 Credits István Márton Required privileg...

CVE-2024-34471

CVE-2024-34471 affects HSC Mailinspector 5.2.17-3 (and up to 5.2.18 per CNVD/CNNVD) due to a faulty validation of the filename parameter in the mliRealtimeEmails.php export HTML function. The path traversal flaw enables an attacker to read and delete arbitrary server files, evidenced by reads of ...

CVE-2024-33844

The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAVMISSIONTYPE0, 1, 2, 255, which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSIONCOUNT command with a wrong MAVMISSIONTYPE...

CVE-2023-35721

NETGEAR Multiple Routers curlpost Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of multiple NETGEAR routers. Authentication is not required t...

CVE-2023-41183 NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability

NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR Orbi 760 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...