Security Vulnerabilities - CVEs Published In November 2024
In ResStringPool::setTo of ResourceTypes.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-11-19
Tenda W9 v1.0.0.7(4456) was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.
CVSS Score
8.0
EPSS Score
0.002
Published
2024-11-19
Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.
CVSS Score
8.0
EPSS Score
0.002
Published
2024-11-19
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Charity Addon for Elementor charity-addon-for-elementor allows DOM-Based XSS.This issue affects Charity Addon for Elementor: from n/a through <= 1.3.2.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-11-19
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nazmul Ahsan MDC YouTube Downloader mdc-youtube-downloader allows DOM-Based XSS.This issue affects MDC YouTube Downloader: from n/a through <= 3.0.0.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-11-19
Missing Authorization vulnerability in boldthemes Bold Page Builder bold-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bold Page Builder: from n/a through <= 5.1.3.
CVSS Score
4.3
EPSS Score
0.004
Published
2024-11-19
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kevin Stover Ninja Forms ninja-forms allows Stored XSS.This issue affects Ninja Forms: from n/a through <= 3.8.16.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-11-19
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kevin Stover Ninja Forms ninja-forms allows Stored XSS.This issue affects Ninja Forms: from n/a through <= 3.8.16.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-11-19
E-cology has a directory traversal vulnerability. An attacker can exploit this vulnerability to delete the server directory, causing the server to permanently deny service.
CVSS Score
6.5
EPSS Score
0.008
Published
2024-11-19
Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.2.9.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-11-19