Common Vulnerabilities and Exposures (CVE)

CVE-2024-5029

Nov 21, 2024 06:00:07 UTC

The CM Table Of Contents WordPress plugin before 1.2.4 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a ...

CVE-2024-10482

Nov 21, 2024 06:00:02 UTC

The Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO WordPress plugin before 1.5.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containin...

CVE-2024-7517

Nov 21, 2024 05:55:00 UTC

A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. ...

CVE-2024-10403

Nov 21, 2024 05:46:07 UTC

Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core d...

CVE-2024-10671

Nov 21, 2024 05:33:51 UTC

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.4 via the [btn_block] shortcode due to insufficient restrictions on wh...

CVE-2024-11334

Nov 21, 2024 05:33:50 UTC

The My Contador lesr plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportar_registros() function in all versions up to, and including, 2.0. This makes it possible for unauthentica...

CVE-2024-10788

Nov 21, 2024 05:33:50 UTC

The Activity Log – Monitor & Record User Changes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event parameters in all versions up to, and including, 2.11.1 due to insufficient input sanitization and output escap...

CVE-2024-10782

Nov 21, 2024 05:33:49 UTC

The Theme Builder For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. T...

CVE-2024-11438

Nov 21, 2024 05:33:49 UTC

The StreamWeasels Online Status Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sw-status-bar' shortcode in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output e...

CVE-2024-10528

Nov 21, 2024 05:33:48 UTC

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to unauthorized profile picture updates due to a missing capability check on the wp_ajax_u...

CVE-2024-10979

Nov 21, 2024 04:55:16 UTC

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attack...

CVE-2024-51503

Nov 21, 2024 04:55:15 UTC

A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers th...

CVE-2024-11395

Nov 21, 2024 04:55:14 UTC

Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2024-42450

Nov 21, 2024 04:55:12 UTC

The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a common password across all instances of Versa...

CVE-2022-27914

Nov 21, 2024 04:36:17 UTC

An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.