8.8
CVE-2024-28828 - 1-Click compromize via CSRF
Cross-Site request forgery in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) could lead to 1-click compromize of the site.
8.8
CVE-2024-28827 - Privilege escalation in Windows agent
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and <= 2.0.0p39 (EOL) allows a local attacker to gain SYSTEM privileges.
8.7
CVE-2024-3799 - Shell command injection in Phoniebox
Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reaches…
8.7
CVE-2024-3798 - Insecure handling of GET argument in Phoniebox
Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reaches …
5.3
CVE-2024-6556 - SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.8 - Unauthenticated Full Path…
The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.10.8. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthen…
9.8
CVE-2024-6422 - Pepperl+Fuchs: OIT Products can be manipulated via unintended Telnet access
An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data.
7.5
CVE-2024-6421 - Pepperl+Fuchs: Incorrectly configured FTP-Server in OIT Products
An unauthenticated remote attacker can read out sensitive device information through a incorrectly configured FTP service.
6.4
CVE-2024-5664 - MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 5.5 - Authenticated (Contributor+) Stored …
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.5 due to insufficient input sanitization and output…
6.1
CVE-2023-6813 - Login by Auth0 <= 4.6.0 - Reflected Cross-Site Scripting via wle
The Login by Auth0 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wle’ parameter in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script…
6.1
CVE-2024-36453 -
Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a web…