Security Vulnerabilities - CVEs Published In 2024
A vulnerability classified as critical was found in horilla up to 1.2.1. This vulnerability affects the function request_new/get_employee_shift/create_reimbursement/key_result_current_value_update/create_meetings/create_skills. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
6.3
EPSS Score
0.002
Published
2024-12-04
In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox
CVSS Score
8.0
EPSS Score
0.001
Published
2024-12-04
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
CVSS Score
3.7
EPSS Score
0.0
Published
2024-12-04
In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack
CVSS Score
4.2
EPSS Score
0.0
Published
2024-12-04
In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector
CVSS Score
4.3
EPSS Score
0.0
Published
2024-12-04
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding
CVSS Score
3.5
EPSS Score
0.0
Published
2024-12-04
The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
CVSS Score
6.4
EPSS Score
0.001
Published
2024-12-04
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter
CVSS Score
3.1
EPSS Score
0.0
Published
2024-12-04
Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromAdvSetLanip(overflow arg:lanMask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50
CVSS Score
9.8
EPSS Score
0.002
Published
2024-12-04
Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoublePppoeConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50
CVSS Score
9.8
EPSS Score
0.002
Published
2024-12-04