CVE-2024-32868 - ZITADEL provides users the possibility to use Time-based One-Time-Password (TOTP) and One-Time-Password (OTP) through SMS and Email. While ZITADEL already gives administrators the option to define a `Lockout Policy` with a maximum amount of failed... read CVE-2024-32868
Published: April 25, 2024; 8:15:08 PM -0400

V3.1: 8.1 HIGH

CVE-2024-30048 - Dynamics 365 Customer Insights Spoofing Vulnerability
Published: May 14, 2024; 1:17:19 PM -0400

V3.1: 4.1 MEDIUM

CVE-2024-29892 - ZITADEL, open source authentication management software, uses Go templates to render the login UI. Under certain circumstances an action could set reserved claims managed by ZITADEL. For example it would be possible to set the claim `urn:zitadel:i... read CVE-2024-29892
Published: March 27, 2024; 4:15:08 PM -0400

V3.1: 4.9 MEDIUM

CVE-2024-2110 - The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. Th... read CVE-2024-2110
Published: March 27, 2024; 10:15:09 PM -0400

CVE-2024-30049 - Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Published: May 14, 2024; 1:17:20 PM -0400

CVE-2024-29891 - ZITADEL users can upload their own avatar image and various image types are allowed. Due to a missing check, an attacker could upload HTML and pretend it is an image to gain access to the victim's account in certain scenarios. A possible victim wo... read CVE-2024-29891
Published: March 27, 2024; 4:15:07 PM -0400

V3.1: 8.7 HIGH

CVE-2023-6525 - The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the progress bar element attributes in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This... read CVE-2023-6525
Published: March 15, 2024; 11:15:06 PM -0400

V3.1: 4.8 MEDIUM

CVE-2024-28855 - ZITADEL, open source authentication management software, uses Go templates to render the login UI. Due to a improper use of the `text/template` instead of the `html/template` package, the Login UI did not sanitize input parameters prior to version... read CVE-2024-28855
Published: March 18, 2024; 6:15:08 PM -0400

V3.1: 6.1 MEDIUM

CVE-2024-30050 - Windows Mark of the Web Security Feature Bypass Vulnerability
Published: May 14, 2024; 1:17:21 PM -0400

CVE-2021-47015 - In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix RX consumer index logic in the error path. In bnxt_rx_pkt(), the RX buffers are expected to complete in order. If the RX consumer index indicates an out of order bu... read CVE-2021-47015
Published: February 28, 2024; 4:15:38 AM -0500

V3.1: 5.5 MEDIUM

CVE-2024-3267 - The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_price_list shortcode in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supp... read CVE-2024-3267
Published: April 09, 2024; 3:15:40 PM -0400

V3.1: 5.4 MEDIUM

CVE-2024-3266 - The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of widgets in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attrib... read CVE-2024-3266
Published: April 09, 2024; 3:15:40 PM -0400

V3.1: 5.4 MEDIUM

CVE-2024-2149 - A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file settings.php. The manipulation of the argument currency leads to sql injection. The attack can be i... read CVE-2024-2149
Published: March 03, 2024; 1:15:10 PM -0500

V3.1: 7.2 HIGH

CVE-2024-30053 - Azure Migrate Cross-Site Scripting Vulnerability
Published: May 14, 2024; 1:17:22 PM -0400

V3.1: 5.4 MEDIUM

CVE-2021-47014 - In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix wild memory access when clearing fragments while testing re-assembly/re-fragmentation using act_ct, it's possible to observe a crash like the following on... read CVE-2021-47014
Published: February 28, 2024; 4:15:38 AM -0500

V3.1: 7.8 HIGH

CVE-2024-54491 - The issue was resolved by sanitizing logging This issue is fixed in macOS Sequoia 15.2. A malicious application may be able to determine a user's current location.
Published: December 11, 2024; 9:15:30 PM -0500

V3.1: 3.3 LOW

CVE-2024-1095 - The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settings_export() function in all versions up to, and including, 1.3.5.4. Thi... read CVE-2024-1095
Published: March 04, 2024; 9:15:26 PM -0500

CVE-2021-47011 - In the Linux kernel, the following vulnerability has been resolved: mm: memcontrol: slab: fix obtain a reference to a freeing memcg Patch series "Use obj_cgroup APIs to charge kmem pages", v5. Since Roman's series "The new cgroup slab memory co... read CVE-2021-47011
Published: February 28, 2024; 4:15:38 AM -0500

V3.1: 5.5 MEDIUM

CVE-2024-2115 - The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.0. This is due to missing or incorrect nonce validation on the filter_users functions. This makes it p... read CVE-2024-2115
Published: April 05, 2024; 4:15:07 AM -0400

CVE-2021-47007 - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix panic during f2fs_resize_fs() f2fs_resize_fs() hangs in below callstack with testcase: - mkfs 16GB image & mount image - dd 8GB fileA - dd 8GB fileB - sync - rm fileA ... read CVE-2021-47007
Published: February 28, 2024; 4:15:38 AM -0500

V3.1: 5.5 MEDIUM