8.4
CVE-2024-4080 - Memory Corruption Due to Improper Length Checks in LabVIEW tdcore.dll
A memory corruption issue due to an improper length check in LabVIEW tdcore.dll may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.
7.8
CVE-2024-4079 - Out of Bounds Read Due to Missing Bounds Check in LabVIEW
An out of bounds read due to a missing bounds check in LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.
7.8
CVE-2024-5602 - Stack-based Buffer Overflow Vulnerability in NI I/O Trace Tool
A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted nitrace file. The NI I/O Trace tool is installed as part of the NI Sysβ¦
5.5
CVE-2024-41836 - InDesign Desktop | NULL Pointer Dereference (CWE-476)
InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. An attacker could exploit this vulnerability to crash the application, resulting in a DoS. Exploitation of this issue β¦
3.5
CVE-2024-41839 - Adobe Experience Manager | Improper Input Validation (CWE-20)
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation ofβ¦
5.4
CVE-2024-34128 - Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimβs browser when they browβ¦
7.1
CVE-2024-7014 - Improper multimedia file attachment validation in Telegram for Android app
EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older.
9.1
CVE-2024-29070 - Apache StreamPark: session not invalidated after logout
On versions before 2.1.4,Β session is not invalidated after logout. When the user logged in successfully, the Backend service returns "Authorization" as the front-end authentication credential. "Authorization" can still initiate requests and access data even after logout. Mitigation: all users shoβ¦
8.6
CVE-2024-6420 - Hide My WP Ghost < 5.2.02 - Hidden Login Page Disclosure
The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.
5.9
CVE-2024-6231 - Request a Quote < 2.4.1 - Admin+ Stored XSS
The Request a Quote WordPress plugin before 2.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)