VulDB Recent Entries

A vulnerability was found in Siemens RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL-Router family, SCALANCE M816-1 ADSL-Router family, SCALANCE M826-2 SHDSL-Router, SCALANCE M874-2, SCALANCE M874-3, SCALANCE M874-3 3G-Router (CN), SCALANCE M876-3, SCALANCE M876-3 (ROK), SCALANCE M876-4, SCALANCE M876-4 (EU), SCALANCE M876-4 (NAM), SCALANCE MUM853-1 (A1), SCALANCE MUM853-1 (B1), SCALANCE MUM853-1 (EU), SCALANCE MUM856-1 (A1), SCALANCE MUM856-1 (B1), SCALANCE MUM856-1 (CN), SCALANCE MUM856-1 (EU), SCALANCE MUM856-1 (RoW), SCALANCE S615 EEC LAN-Router and SCALANCE S615 LAN-Router up to 8.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component VPN Configuration Handler. The manipulation leads to improper input validation. This vulnerability is known as CVE-2024-41976. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Siemens SINEC NMS up to 2.x. It has been classified as very critical. Affected is an unknown function. The manipulation leads to incorrect authorization. This vulnerability is traded as CVE-2024-41939. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Siemens SINEC NMS up to 2.x and classified as problematic. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to incorrect authorization. The identification of this vulnerability is CVE-2024-41941. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Siemens SINEC Traffic Analyzer up to 1.x and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improper restriction of excessive authentication attempts. This vulnerability was named CVE-2024-41904. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Siemens SINEC Traffic Analyzer up to 1.x. This affects an unknown part. The manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2024-41903. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Siemens Location Intelligence family up to 4.3. Affected by this issue is some unknown functionality. The manipulation leads to weak password requirements. This vulnerability is handled as CVE-2024-41683. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Siemens Location Intelligence family up to 4.3. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is known as CVE-2024-41682. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Siemens RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL-Router family, SCALANCE M816-1 ADSL-Router family, SCALANCE M826-2 SHDSL-Router, SCALANCE M874-2, SCALANCE M874-3, SCALANCE M874-3 3G-Router (CN), SCALANCE M876-3, SCALANCE M876-3 (ROK), SCALANCE M876-4, SCALANCE M876-4 (EU), SCALANCE M876-4 (NAM), SCALANCE MUM853-1 (A1), SCALANCE MUM853-1 (B1), SCALANCE MUM853-1 (EU), SCALANCE MUM856-1 (A1), SCALANCE MUM856-1 (B1), SCALANCE MUM856-1 (CN), SCALANCE MUM856-1 (EU), SCALANCE MUM856-1 (RoW), SCALANCE S615 EEC LAN-Router and SCALANCE S615 LAN-Router up to 8.0. Affected is an unknown function of the component User Session Handler. The manipulation leads to exposure of data element to wrong session. This vulnerability is traded as CVE-2024-41977. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Generate Images Plugin up to 5.2.7 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-6724. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in bdthemes Element Pack Elementor Addons Plugin up to 5.7.2 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-7247. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240812. It has been classified as critical. This affects the function sprintf of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument filter leads to command injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2024-7715. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. It is recommended to replace the affected component with an alternative.

A vulnerability was found in WPDeveloper BetterDocs Plugin up to 3.5.8 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-43227. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in iberezansky 3D FlipBook Plugin up to 1.15.6 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-43152. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Themeum Tutor LMS Plugin up to 2.7.3 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-43231. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Averta Depicter Slider Plugin up to 3.1.2 on WordPress. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-43161. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in AddonMaster Post Grid Master Plugin up to 3.4.10 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-43156. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Blockspare Plugin up to 3.2.0 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-43164. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Jeroen Sormani WP Dashboard Notes Plugin up to 1.0.11 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-43226. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in CreativeMindsSolutions CM Tooltip Glossary Plugin up to 4.3.7 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-43149. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in BannerSky BSK Forms Blacklist Plugin up to 3.8 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-43233. It is possible to launch the attack remotely. There is no exploit available.