6.4
CVE-2024-6639 - MDx <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via mdx_list_item Shortcode
The MDx theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdx_list_item' shortcode in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,…
9.9
CVE-2024-6684 - Authentication Bypass in GST Electronics' inohom Nova Panel N7
Authentication Bypass Using an Alternate Path or Channel vulnerability in GST Electronics inohom Nova Panel N7 allows Authentication Bypass.This issue affects inohom Nova Panel N7: through 1.9.9.6. NOTE: The vendor was contacted and it was learned that the product is not supported.
9.1
CVE-2024-42167 - Command Injection in Organisationname
The function "generate_app_certificates" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malici…
9.1
CVE-2024-42166 - Command Injection in Applicationname
The function "generate_app_certificates" in lib/app_certificates.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicious…
6.3
CVE-2024-42165 - Arbitrary User Activation
Insufficiently random values for generating activation token in FIWARE Keyrock <= 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link.
4.3
CVE-2024-42164 - Disabling MFA without Authentication
Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable_2fa link.
8.3
CVE-2024-42163 - Password Manipulation
Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link.
6.5
CVE-2024-6758 - Improper Privilege Management vulnerability in Sprecher Automation SPRECON-E
Improper Privilege Management in Sprecher Automation SPRECON-E below version 8.71j allows a remote attacker with low privileges to save unauthorized protection assignments.
6.5
CVE-2024-7700 - Foreman: command injection in "host init config" template via "install packages" field on foreman
A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. This flaw allows an attacker with the necessary privileges to inject arbitrary commands into the configuration, potentially allowing unautho…
7.5
CVE-2024-7697 - Logical vulnerability in com.transsion.carlcare
Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user information leakage risks.