7.5
CVE-2024-52299 - The PDF viewer macro allows accessing any attachment without access right checks
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to prevent this is computed incorrectly, calling skip on the digest stream doesn't update the digest. Thiโฆ
9.1
CVE-2024-52300 - macro-pdfviewer has a XSS through the width parameter
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin visitโฆ
7.1
CVE-2024-7295 - Hard-coded credentials used for temporary and cache data encryption
In Progressยฎ Telerikยฎ Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information.
6.5
CVE-2024-8049 - Telerik Document Processing Improper Handling of Memory Resources
In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable.
6.5
CVE-2024-52305 - UnoPim Stored XSS : Cookie hijacking through Create User function
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an emโฆ
7.8
CVE-2024-10012 - Progress UI for WPF format provider unsafe deserialization vulnerability
In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack is possible through an insecure deserialization vulnerability.
7.8
CVE-2024-10013 - Progress UI for WinForms format provider unsafe deserialization vulnerability
In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability.
7.7
CVE-2024-52306 - FileManager Deserialization of Untrusted Data
FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9.
7
CVE-2024-49504 - grub2 allows bypassing TPM-bound disk encryption on SL(E)M encrypted Images
grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.
4.6
CVE-2024-9477 - XSS in AirTies' Air4443 Firmware
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AirTies Air4443 Firmware allows Cross-Site Scripting (XSS).This issue affects Air4443 Firmware: through 14102024. NOTE: The vendor was contacted and it was learned that the product classifโฆ