Security Vulnerabilities - CVEs Published In August 2024
The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mk_file_folder_manager AJAX action in all versions up to, and including, 8.3.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS Score
8.8
EPSS Score
0.098
Published
2024-08-23
Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant.
CVSS Score
7.5
EPSS Score
0.08
Published
2024-08-23
A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been classified as critical. Affected is an unknown function of the file /ecommerce/admin/products/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-08-23
A vulnerability has been found in SourceCodester E-Commerce System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ecommerce/admin/login.php of the component Admin Login. The manipulation of the argument user_email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
7.3
EPSS Score
0.001
Published
2024-08-22
A vulnerability was found in SourceCodester E-Commerce System 1.0 and classified as critical. This issue affects some unknown processing of the file /ecommerce/popup_Item.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-08-22
Microsoft Edge for Android Spoofing Vulnerability
CVSS Score
6.1
EPSS Score
0.005
Published
2024-08-22
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.009
Published
2024-08-22
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.011
Published
2024-08-22
A vulnerability, which was classified as problematic, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file /php-ocls/classes/SystemSettings.php?f=update_settings of the component Setting Handler. The manipulation of the argument System Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
2.4
EPSS Score
0.001
Published
2024-08-22
Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689.
CVSS Score
4.5
EPSS Score
0.001
Published
2024-08-22