5.3
CVE-2024-4022 - Keenetic KN-1010/KN-1410/KN-1711/KN-1810/KN-1910 Version Data version.js information disclosure
A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-1810 and KN-1910 up to 4.1.2.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /version.js of the component Version Data Handler. The manipulation leads to information disclosure…
5.3
CVE-2024-4021 - Keenetic KN-1010/KN-1410/KN-1711/KN-1810/KN-1910 Configuration Setting ndmComponents.js information…
A vulnerability was found in Keenetic KN-1010, KN-1410, KN-1711, KN-1810 and KN-1910 up to 4.1.2.15. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /ndmComponents.js of the component Configuration Setting Handler. The manipulation leads t…
8.8
CVE-2024-4020 - Tenda FH1206 addressNat fromAddressNat buffer overflow
A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument entrys leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed t…
6.3
CVE-2024-4019 - Byzoro Smart S80 Management Platform importhtml.php deserialization
A vulnerability classified as critical has been found in Byzoro Smart S80 Management Platform up to 20240411. Affected is an unknown function of the file /importhtml.php. The manipulation of the argument sql leads to deserialization. It is possible to launch the attack remotely. The exploit has bee…
6.4
CVE-2024-4014 - hCaptcha for WordPress <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-…
The hCaptcha for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf7-hcaptcha shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authent…
5.4
CVE-2024-1730 - Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop S…
The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via urls in link fields, images from URLs, and html tags used in widgets in…
6.4
CVE-2024-1057 - ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (forme…
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishsuite_button' shortcode in all versions up to, and including, 2.8.1 due to insufficient input…
7.5
CVE-2024-1480 - Unitronics Vision Standard Unauthenticated Password Retrieval
Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication.
6.5
CVE-2024-31994 - Mealie vulnerable to a DoS in recipe image importer (GHSL-2023-228)
Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, an attacker can point the image request to an arbitrarily large file. Mealie will attempt to retrieve this file in whole. If it can be retrieved, it may be stored on the file system in whole (leading to possible disk consumpti…
6.2
CVE-2024-31993 - Mealie vulnerable to a GET-based SSRF in recipe image importer (GHSL-2023-227)
Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the scrape_image function will retrieve an image based on a user-provided URL, however the provided URL is not validated to point to an external location and does not have any enforced rate limiting. The response from the Meal…