3.5
CVE-2023-37541 - HCL Connections is vulnerable to broken access control
HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.
9.1
CVE-2024-5806 - MOVEit Transfer Authentication Bypass Vulnerability
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.
9.1
CVE-2024-5805 - MOVEit Gateway Authentication Bypass Vulnerability
Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0.
5.3
CVE-2024-37087 -
The vCenter Server contains a denial-of-service vulnerability.Β A malicious actor with network access to vCenter Server may create a denial-of-service condition.
6.8
CVE-2024-37086 -
VMware ESXi contains an out-of-bounds read vulnerability.Β A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the host.
6.8
CVE-2024-37085 -
VMware ESXi contains an authentication bypass vulnerability.Β A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-activβ¦
7.2
CVE-2024-21827 -
A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger β¦
6.4
CVE-2024-5451 - The7 β Website and eCommerce Builder for WordPress <= 11.13.0 - Authenticated (Contributor+) Storedβ¦
The The7 β Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all versions up to, and including, 11.13.0 due to insufficient input sanitization and output escaping on usβ¦
5
CVE-2024-32111 - WordPress core < 6.5.5 - Auth. Arbitrary .html File Read (Windows Only) vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, fβ¦
4.8
CVE-2024-6299 - Use of a Key Past its Expiration Date in Conduit
Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date