Security Vulnerabilities - CVEs Published In August 2024
An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup.
CVSS Score
5.9
EPSS Score
0.002
Published
2024-08-13
Incorrect Privilege Assignment vulnerability in WofficeIO Woffice woffice.This issue affects Woffice: from n/a through <= 5.4.10.
EPSS Score
0.001
Published
2024-08-13
A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. IBM X-Force ID: 290674.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-08-13
A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution.
CVSS Score
9.1
EPSS Score
0.009
Published
2024-08-13
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MagePeople Team Event Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Event Manager for WooCommerce: from n/a through 4.2.1.
CVSS Score
6.5
EPSS Score
0.007
Published
2024-08-13
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows PHP Local File Inclusion.This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.4.
CVSS Score
7.5
EPSS Score
0.009
Published
2024-08-13
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows PHP Local File Inclusion.This issue affects WPCafe: from n/a through 2.2.28.
CVSS Score
7.5
EPSS Score
0.017
Published
2024-08-13
Improper Privilege Management vulnerability in realmag777 HUSKY allows Privilege Escalation.This issue affects HUSKY: from n/a through 1.3.6.1.
CVSS Score
9.1
EPSS Score
0.004
Published
2024-08-13
Improper Control of Generation of Code ('Code Injection') vulnerability in WC Product Table WooCommerce Product Table Lite allows Code Injection.This issue affects WooCommerce Product Table Lite: from n/a through 3.5.1.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-08-13
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPDeveloper BetterDocs allows PHP Local File Inclusion.This issue affects BetterDocs: from n/a through 3.5.8.
CVSS Score
6.5
EPSS Score
0.012
Published
2024-08-13