9.8
CVE-2024-38812 - Heap-overflow vulnerability
TheΒ vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol.Β A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
6
CVE-2024-8796 - Insufficient Default OTP Shared Secret Length
Under the default configuration, Devise-Two-Factor versions >= 2.2.0 & < 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret shorter than the minimum to generate a multi-factor authentication code could make it easier for anβ¦
7.8
CVE-2024-7788 - Signatures in "repair mode" should not be trusted
Improper Digital Signature InvalidationΒ vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5.
8.1
CVE-2021-27916 - Relative Path Traversal / Arbitrary File Deletion in Mautic (GrapesJS Builder)
Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files. β¦
7.6
CVE-2021-27915 - XSS Cross-site Scripting Stored (XSS) - Description field
Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated access to the system.
5.1
CVE-2024-38860 - Reflected links in error message facilitate phishing attacks
Improper neutralization of input in Checkmk before versions 2.3.0p16 and 2.2.0p34 allows attackers to craft malicious links that can facilitate phishing attacks.
8.8
CVE-2024-22303 - WordPress Houzez theme <= 3.2.4 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4.
8.8
CVE-2024-21743 - WordPress Houzez Login Register plugin <= 3.2.5 - Privilege Escalation vulnerability
Privilege Escalation vulnerability in favethemes Houzez Login Register houzez-login-register.This issue affects Houzez Login Register: from n/a through 3.2.5.
9.4
CVE-2024-7873 - Stored XSS in Veribilim Software's Veribase Order Management
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, CWE - 83 Improper Neutralization of Script in Attributes in a Web Page vulnerability in Veribilim Software Veribase Order allows Stored XSS, Cross-Site Scripting (XSβ¦
6.1
CVE-2024-8897 -
Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site. *This bug only affects Firefox foβ¦