Microsoft Power Pages Leak Millions of Private Records
Less-experienced users of Microsoft's website building platform may not understand all the implications of the access controls in its low- or no-code environment.
NA - CVE-2024-5083 - A stored Cross-site Scripting vulnerability has...
A stored Cross-site Scripting vulnerability has been discovered in Sonatype Nexus Repository 2 This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.
NA - CVE-2024-5082 - A Remote Code Execution vulnerability has been...
A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2. This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.
NA - CVE-2023-34049 - The Salt-SSH pre-flight option copies the...
The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and...
NA - CVE-2024-10146 - The Simple File List WordPress plugin before...
The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could...
NA - CVE-2024-9186 - The Recover WooCommerce Cart Abandonment,...
The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter...
NA - CVE-2024-7787 - Improper Neutralization of Input During Web...
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ITG Computer Technology vSRM Supplier Relationship Management System allows...
NA - CVE-2024-2550 - A null pointer dereference vulnerability in the...
A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by...
