Latest Vulnerabilities

Multiple vulnerabilities have been identified in plugins for WordPress, such as BackUpWordPress, WPC Composite Products, and Form Maker by 10Web, exposing websites to potential attacks. Additionally, Tenda networking devices are prone to stack-based overflows, creating opportunities for remote attackers. Moreover, security flaws in Z/IP Gateway devices could lead to Denial of Service incidents. It's vital for users to stay informed about these vulnerabilities and ensure their software and devices are updated to prevent exploitation by cyber threats.

CVE-2024-4245
Tenda i21 formQosManageDouble_user stack-based overflow
CVE-2024-3034
The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.13 via the hmbkp_directory_browse parameter. This makes it possible for authentica...
CVE-2024-2838
The WPC Composite Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wooco_components[0][name]' parameter in all versions up to, and including, 7.2.7 d...
CVE-2024-2258
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all vers...
CVE-2024-2859
By default, SANnav OVA is shipped with root user login enabled (CVE-2024-2859)
GHSA-q655-3pj8-9fxq
### Description: During the source Code Review of the metrics.erb view of the Sidekiq Web UI, A reflected XSS vulnerability is discovered. The value of substr parameter is reflected in the response wi...
rubygems/sidekiq>=7.2.0<7.2.4
CVE-2024-4244
Tenda W9 DhcpSetSer fromDhcpSetSer stack-based overflow
CVE-2024-4243
Tenda W9 wifiSSIDset formwrlSSIDset stack-based overflow
CVE-2024-3052
Z/IP Gateway S2 Nonce Get Denial of Service Vulnerability
CVE-2024-3051
Z/IP Gateway Device Reset Locally Denial of Service Vulnerability
CVE-2024-32883
MCUboot Injection attack of unprotected TLV values
CVE-2024-32887
Reflected XSS in sidekiq
rubygems/sidekiq>=7.2.0<7.2.4
CVE-2024-4242
Tenda W9 wifiSSIDget formwrlSSIDget stack-based overflow
CVE-2024-4241
Tenda W9 formQosManageDouble_auto stack-based overflow
CVE-2024-32881
Unauthorized access to GET/SET of Slack Bot Tokens in Danswer
CVE-2024-32878
Use of Uninitialized Variable Vulnerability in llama.cpp
CVE-2024-4240
Tenda W9 formQosManageDouble_user stack-based overflow
CVE-2024-4239
Tenda AX1806 SetRebootTimer formSetRebootTimer stack-based overflow
CVE-2024-4238
Tenda AX1806 SetOnlineDevName formSetDeviceName stack-based overflow
CVE-2022-48611
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.
CVE-2024-4237
Tenda AX1806 execCommand R7WebsSecurityHandler stack-based overflow
CVE-2024-4236
Tenda AX1803 SetDDNSCfg formSetSysToolDDNS stack-based overflow
CVE-2024-4235
Netgear DG834Gv5 Web Management Interface cleartext storage
GHSA-9m6p-x4h2-6frq
### Impact DoS vuln via OOM using jq in ignoreDifferences. ``` ignoreDifferences: - group: apps kind: Deployment jqPathExpressions: - 'until(true == false; [.] + [1])' ``` ##...
go/github.com/argoproj/argo-cd/v2<2.8.17
go/github.com/argoproj/argo-cd/v2>=2.9.0<2.9.13
go/github.com/argoproj/argo-cd/v2>=2.10.0<2.10.8
CVE-2024-32730
Missing authorization check in SAP Enable Now Manager
CVE-2024-27790
Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker Server. This issue has been fixed in FileMaker Server 20.3.2 b...
CVE-2023-42955
Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue h...
CVE-2024-32476
Denial of Service via malicious jqPathExpressions in ignoreDifferences
go/github.com/argoproj/argo-cd/v2<2.8.17
go/github.com/argoproj/argo-cd/v2>=2.9.0<2.9.13
go/github.com/argoproj/argo-cd/v2>=2.10.0<2.10.8
CVE-2023-41290
QuFirewall
CVE-2023-41291
QuFirewall
CVE-2023-47222
Media Streaming add-on
CVE-2023-50361
QTS, QuTS hero
CVE-2023-50362
QTS, QuTS hero
CVE-2023-50363
QTS, QuTS hero
CVE-2023-50364
QTS, QuTS hero
CVE-2023-51364
QTS, QuTS hero, QuTScloud
CVE-2023-51365
QTS, QuTS hero, QuTScloud
CVE-2024-21905
QTS, QuTS hero, QuTScloud
CVE-2024-27124
QTS, QuTS hero, QuTScloud
CVE-2024-32764
myQNAPcloud Link
CVE-2024-32766
QTS, QuTS hero, QuTScloud
CVE-2022-40975
WordPress Post Slider plugin <= 1.6.7 - Broken Access Control vulnerability
CVE-2024-3076
MM-email2image <= 0.2.5 - Stored XSS via CSRF
CVE-2024-4234
WordPress Filterable Portfolio plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability
CVE-2024-33688
WordPress Teluro theme <= 1.0.31 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-33689
WordPress Radio Station plugin <= 2.5.7 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-33690
WordPress Financio theme <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-33691
WordPress Popup Builder by OptinMonster plugin <= 2.15.3 - Cross Site Request Forgery (CSRF) Notice Dismissal vulnerability
CVE-2024-33692
WordPress Smart Recent Posts Widget plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability
CVE-2024-33693
WordPress Meks Smart Social Widget plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203