CINXE.COM

<!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><title>Newest CVEs | Tenable®</title><meta name="description" content="Listing newest CVEs."/><meta property="og:title" content="Newest CVEs"/><meta property="og:description" content="Listing newest CVEs."/><meta name="twitter:title" content="Newest CVEs"/><meta name="twitter:description" content="Listing newest CVEs."/><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"/><meta name="viewport" content="width=device-width, initial-scale=1"/><link rel="apple-touch-icon" sizes="180x180" href="https://www.tenable.com/themes/custom/tenable/img/favicons/apple-touch-icon.png"/><link rel="manifest" href="https://www.tenable.com/themes/custom/tenable/img/favicons/manifest.json"/><link rel="mask-icon" href="https://www.tenable.com/themes/custom/tenable/img/favicons/safari-pinned-tab.svg" color="#0071dd"/><link rel="icon" href="https://www.tenable.com/favicon.ico" sizes="any"/><link rel="icon" href="https://www.tenable.com/themes/custom/tenable/img/favicons/favicon.svg" type="image/svg+xml"/><meta name="msapplication-config" content="https://www.tenable.com/themes/custom/tenable/img/favicons/browserconfig.xml"/><meta name="theme-color" content="#ffffff"/><link rel="canonical" href="https://www.tenable.com/cve/newest"/><link rel="alternate" hrefLang="x-default" href="https://www.tenable.com/cve/newest"/><link rel="alternate" hrefLang="en" href="https://www.tenable.com/cve/newest"/><meta name="next-head-count" content="19"/><script type="text/javascript">window.NREUM||(NREUM={});NREUM.info = {"agent":"","beacon":"bam.nr-data.net","errorBeacon":"bam.nr-data.net","licenseKey":"5febff3e0e","applicationID":"96358297","agentToken":null,"applicationTime":24.905459,"transactionName":"MVBabEEHChVXU0IIXggab11RIBYHW1VBDkMNYEpRHCgBHkJaRU52I2EXF1AQAUlYVUEEQhI=","queueTime":0,"ttGuid":"22b68557b60781ca"}; (window.NREUM||(NREUM={})).init={ajax:{deny_list:["bam.nr-data.net"]}};(window.NREUM||(NREUM={})).loader_config={licenseKey:"5febff3e0e",applicationID:"96358297"};;/*! For license information please see nr-loader-rum-1.274.0.min.js.LICENSE.txt */ (()=>{var e,t,r={8122:(e,t,r)=>{"use strict";r.d(t,{a:()=>i});var n=r(944);function i(e,t){try{if(!e||"object"!=typeof e)return(0,n.R)(3);if(!t||"object"!=typeof t)return(0,n.R)(4);const r=Object.create(Object.getPrototypeOf(t),Object.getOwnPropertyDescriptors(t)),o=0===Object.keys(r).length?e:r;for(let a in o)if(void 0!==e[a])try{if(null===e[a]){r[a]=null;continue}Array.isArray(e[a])&&Array.isArray(t[a])?r[a]=Array.from(new Set([...e[a],...t[a]])):"object"==typeof e[a]&&"object"==typeof t[a]?r[a]=i(e[a],t[a]):r[a]=e[a]}catch(e){(0,n.R)(1,e)}return r}catch(e){(0,n.R)(2,e)}}},2555:(e,t,r)=>{"use strict";r.d(t,{Vp:()=>c,fn:()=>s,x1:()=>u});var n=r(384),i=r(8122);const o={beacon:n.NT.beacon,errorBeacon:n.NT.errorBeacon,licenseKey:void 0,applicationID:void 0,sa:void 0,queueTime:void 0,applicationTime:void 0,ttGuid:void 0,user:void 0,account:void 0,product:void 0,extra:void 0,jsAttributes:{},userAttributes:void 0,atts:void 0,transactionName:void 0,tNamePlain:void 0},a={};function s(e){try{const t=c(e);return!!t.licenseKey&&!!t.errorBeacon&&!!t.applicationID}catch(e){return!1}}function c(e){if(!e)throw new Error("All info objects require an agent identifier!");if(!a[e])throw new Error("Info for ".concat(e," was never set"));return a[e]}function u(e,t){if(!e)throw new Error("All info objects require an agent identifier!");a[e]=(0,i.a)(t,o);const r=(0,n.nY)(e);r&&(r.info=a[e])}},9417:(e,t,r)=>{"use strict";r.d(t,{D0:()=>g,gD:()=>h,xN:()=>p});var n=r(993);const i=e=>{if(!e||"string"!=typeof e)return!1;try{document.createDocumentFragment().querySelector(e)}catch{return!1}return!0};var o=r(2614),a=r(944),s=r(384),c=r(8122);const u="[data-nr-mask]",d=()=>{const e={mask_selector:"*",block_selector:"[data-nr-block]",mask_input_options:{color:!1,date:!1,"datetime-local":!1,email:!1,month:!1,number:!1,range:!1,search:!1,tel:!1,text:!1,time:!1,url:!1,week:!1,textarea:!1,select:!1,password:!0}};return{ajax:{deny_list:void 0,block_internal:!0,enabled:!0,harvestTimeSeconds:10,autoStart:!0},distributed_tracing:{enabled:void 0,exclude_newrelic_header:void 0,cors_use_newrelic_header:void 0,cors_use_tracecontext_headers:void 0,allowed_origins:void 0},feature_flags:[],generic_events:{enabled:!0,harvestTimeSeconds:30,autoStart:!0},harvest:{tooManyRequestsDelay:60},jserrors:{enabled:!0,harvestTimeSeconds:10,autoStart:!0},logging:{enabled:!0,harvestTimeSeconds:10,autoStart:!0,level:n.p_.INFO},metrics:{enabled:!0,autoStart:!0},obfuscate:void 0,page_action:{enabled:!0},page_view_event:{enabled:!0,autoStart:!0},page_view_timing:{enabled:!0,harvestTimeSeconds:30,autoStart:!0},performance:{capture_marks:!1,capture_measures:!1},privacy:{cookies_enabled:!0},proxy:{assets:void 0,beacon:void 0},session:{expiresMs:o.wk,inactiveMs:o.BB},session_replay:{autoStart:!0,enabled:!1,harvestTimeSeconds:60,preload:!1,sampling_rate:10,error_sampling_rate:100,collect_fonts:!1,inline_images:!1,fix_stylesheets:!0,mask_all_inputs:!0,get mask_text_selector(){return e.mask_selector},set mask_text_selector(t){i(t)?e.mask_selector="".concat(t,",").concat(u):""===t||null===t?e.mask_selector=u:(0,a.R)(5,t)},get block_class(){return"nr-block"},get ignore_class(){return"nr-ignore"},get mask_text_class(){return"nr-mask"},get block_selector(){return e.block_selector},set block_selector(t){i(t)?e.block_selector+=",".concat(t):""!==t&&(0,a.R)(6,t)},get mask_input_options(){return e.mask_input_options},set mask_input_options(t){t&&"object"==typeof t?e.mask_input_options={...t,password:!0}:(0,a.R)(7,t)}},session_trace:{enabled:!0,harvestTimeSeconds:10,autoStart:!0},soft_navigations:{enabled:!0,harvestTimeSeconds:10,autoStart:!0},spa:{enabled:!0,harvestTimeSeconds:10,autoStart:!0},ssl:void 0,user_actions:{enabled:!0}}},l={},f="All configuration objects require an agent identifier!";function g(e){if(!e)throw new Error(f);if(!l[e])throw new Error("Configuration for ".concat(e," was never set"));return l[e]}function p(e,t){if(!e)throw new Error(f);l[e]=(0,c.a)(t,d());const r=(0,s.nY)(e);r&&(r.init=l[e])}function h(e,t){if(!e)throw new Error(f);var r=g(e);if(r){for(var n=t.split("."),i=0;i<n.length-1;i++)if("object"!=typeof(r=r[n[i]]))return;r=r[n[n.length-1]]}return r}},3371:(e,t,r)=>{"use strict";r.d(t,{V:()=>f,f:()=>l});var n=r(8122),i=r(384),o=r(6154),a=r(9324);let s=0;const c={buildEnv:a.F3,distMethod:a.Xs,version:a.xv,originTime:o.WN},u={customTransaction:void 0,disabled:!1,isolatedBacklog:!1,loaderType:void 0,maxBytes:3e4,onerror:void 0,ptid:void 0,releaseIds:{},appMetadata:{},session:void 0,denyList:void 0,timeKeeper:void 0,obfuscator:void 0},d={};function l(e){if(!e)throw new Error("All runtime objects require an agent identifier!");if(!d[e])throw new Error("Runtime for ".concat(e," was never set"));return d[e]}function f(e,t){if(!e)throw new Error("All runtime objects require an agent identifier!");d[e]={...(0,n.a)(t,u),...c},Object.hasOwnProperty.call(d[e],"harvestCount")||Object.defineProperty(d[e],"harvestCount",{get:()=>++s});const r=(0,i.nY)(e);r&&(r.runtime=d[e])}},9324:(e,t,r)=>{"use strict";r.d(t,{F3:()=>i,Xs:()=>o,xv:()=>n});const n="1.274.0",i="PROD",o="CDN"},6154:(e,t,r)=>{"use strict";r.d(t,{OF:()=>c,RI:()=>i,WN:()=>d,bv:()=>o,gm:()=>a,mw:()=>s,sb:()=>u});var n=r(1863);const i="undefined"!=typeof window&&!!window.document,o="undefined"!=typeof WorkerGlobalScope&&("undefined"!=typeof self&&self instanceof WorkerGlobalScope&&self.navigator instanceof WorkerNavigator||"undefined"!=typeof globalThis&&globalThis instanceof WorkerGlobalScope&&globalThis.navigator instanceof WorkerNavigator),a=i?window:"undefined"!=typeof WorkerGlobalScope&&("undefined"!=typeof self&&self instanceof WorkerGlobalScope&&self||"undefined"!=typeof globalThis&&globalThis instanceof WorkerGlobalScope&&globalThis),s=Boolean("hidden"===a?.document?.visibilityState),c=/iPad|iPhone|iPod/.test(a.navigator?.userAgent),u=c&&"undefined"==typeof SharedWorker,d=((()=>{const e=a.navigator?.userAgent?.match(/Firefox[/\s](\d+\.\d+)/);Array.isArray(e)&&e.length>=2&&e[1]})(),Date.now()-(0,n.t)())},1687:(e,t,r)=>{"use strict";r.d(t,{Ak:()=>c,Ze:()=>l,x3:()=>u});var n=r(7836),i=r(3606),o=r(860),a=r(2646);const s={};function c(e,t){const r={staged:!1,priority:o.P3[t]||0};d(e),s[e].get(t)||s[e].set(t,r)}function u(e,t){e&&s[e]&&(s[e].get(t)&&s[e].delete(t),g(e,t,!1),s[e].size&&f(e))}function d(e){if(!e)throw new Error("agentIdentifier required");s[e]||(s[e]=new Map)}function l(e="",t="feature",r=!1){if(d(e),!e||!s[e].get(t)||r)return g(e,t);s[e].get(t).staged=!0,f(e)}function f(e){const t=Array.from(s[e]);t.every((([e,t])=>t.staged))&&(t.sort(((e,t)=>e[1].priority-t[1].priority)),t.forEach((([t])=>{s[e].delete(t),g(e,t)})))}function g(e,t,r=!0){const o=e?n.ee.get(e):n.ee,s=i.i.handlers;if(!o.aborted&&o.backlog&&s){if(r){const e=o.backlog[t],r=s[t];if(r){for(let t=0;e&&t<e.length;++t)p(e[t],r);Object.entries(r).forEach((([e,t])=>{Object.values(t||{}).forEach((t=>{t[0]?.on&&t[0]?.context()instanceof a.y&&t[0].on(e,t[1])}))}))}}o.isolatedBacklog||delete s[t],o.backlog[t]=null,o.emit("drain-"+t,[])}}function p(e,t){var r=e[1];Object.values(t[r]||{}).forEach((t=>{var r=e[0];if(t[0]===r){var n=t[1],i=e[3],o=e[2];n.apply(i,o)}}))}},7836:(e,t,r)=>{"use strict";r.d(t,{P:()=>c,ee:()=>u});var n=r(384),i=r(8990),o=r(3371),a=r(2646),s=r(5607);const c="nr@context:".concat(s.W),u=function e(t,r){var n={},s={},d={},l=!1;try{l=16===r.length&&(0,o.f)(r).isolatedBacklog}catch(e){}var f={on:p,addEventListener:p,removeEventListener:function(e,t){var r=n[e];if(!r)return;for(var i=0;i<r.length;i++)r[i]===t&&r.splice(i,1)},emit:function(e,r,n,i,o){!1!==o&&(o=!0);if(u.aborted&&!i)return;t&&o&&t.emit(e,r,n);for(var a=g(n),c=h(e),d=c.length,l=0;l<d;l++)c[l].apply(a,r);var p=m()[s[e]];p&&p.push([f,e,r,a]);return a},get:v,listeners:h,context:g,buffer:function(e,t){const r=m();if(t=t||"feature",f.aborted)return;Object.entries(e||{}).forEach((([e,n])=>{s[n]=t,t in r||(r[t]=[])}))},abort:function(){f._aborted=!0,Object.keys(f.backlog).forEach((e=>{delete f.backlog[e]}))},isBuffering:function(e){return!!m()[s[e]]},debugId:r,backlog:l?{}:t&&"object"==typeof t.backlog?t.backlog:{},isolatedBacklog:l};return Object.defineProperty(f,"aborted",{get:()=>{let e=f._aborted||!1;return e||(t&&(e=t.aborted),e)}}),f;function g(e){return e&&e instanceof a.y?e:e?(0,i.I)(e,c,(()=>new a.y(c))):new a.y(c)}function p(e,t){n[e]=h(e).concat(t)}function h(e){return n[e]||[]}function v(t){return d[t]=d[t]||e(f,t)}function m(){return f.backlog}}(void 0,"globalEE"),d=(0,n.Zm)();d.ee||(d.ee=u)},2646:(e,t,r)=>{"use strict";r.d(t,{y:()=>n});class n{constructor(e){this.contextId=e}}},9908:(e,t,r)=>{"use strict";r.d(t,{d:()=>n,p:()=>i});var n=r(7836).ee.get("handle");function i(e,t,r,i,o){o?(o.buffer([e],i),o.emit(e,t,r)):(n.buffer([e],i),n.emit(e,t,r))}},3606:(e,t,r)=>{"use strict";r.d(t,{i:()=>o});var n=r(9908);o.on=a;var i=o.handlers={};function o(e,t,r,o){a(o||n.d,i,e,t,r)}function a(e,t,r,i,o){o||(o="feature"),e||(e=n.d);var a=t[o]=t[o]||{};(a[r]=a[r]||[]).push([e,i])}},3878:(e,t,r)=>{"use strict";function n(e,t){return{capture:e,passive:!1,signal:t}}function i(e,t,r=!1,i){window.addEventListener(e,t,n(r,i))}function o(e,t,r=!1,i){document.addEventListener(e,t,n(r,i))}r.d(t,{DD:()=>o,jT:()=>n,sp:()=>i})},5607:(e,t,r)=>{"use strict";r.d(t,{W:()=>n});const n=(0,r(9566).bz)()},9566:(e,t,r)=>{"use strict";r.d(t,{LA:()=>s,bz:()=>a});var n=r(6154);const i="xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx";function o(e,t){return e?15&e[t]:16*Math.random()|0}function a(){const e=n.gm?.crypto||n.gm?.msCrypto;let t,r=0;return e&&e.getRandomValues&&(t=e.getRandomValues(new Uint8Array(30))),i.split("").map((e=>"x"===e?o(t,r++).toString(16):"y"===e?(3&o()|8).toString(16):e)).join("")}function s(e){const t=n.gm?.crypto||n.gm?.msCrypto;let r,i=0;t&&t.getRandomValues&&(r=t.getRandomValues(new Uint8Array(e)));const a=[];for(var s=0;s<e;s++)a.push(o(r,i++).toString(16));return a.join("")}},2614:(e,t,r)=>{"use strict";r.d(t,{BB:()=>a,H3:()=>n,g:()=>u,iL:()=>c,tS:()=>s,uh:()=>i,wk:()=>o});const n="NRBA",i="SESSION",o=144e5,a=18e5,s={STARTED:"session-started",PAUSE:"session-pause",RESET:"session-reset",RESUME:"session-resume",UPDATE:"session-update"},c={SAME_TAB:"same-tab",CROSS_TAB:"cross-tab"},u={OFF:0,FULL:1,ERROR:2}},1863:(e,t,r)=>{"use strict";function n(){return Math.floor(performance.now())}r.d(t,{t:()=>n})},944:(e,t,r)=>{"use strict";function n(e,t){"function"==typeof console.debug&&console.debug("New Relic Warning: https://github.com/newrelic/newrelic-browser-agent/blob/main/docs/warning-codes.md#".concat(e),t)}r.d(t,{R:()=>n})},5284:(e,t,r)=>{"use strict";r.d(t,{t:()=>c,B:()=>s});var n=r(7836),i=r(6154);const o="newrelic";const a=new Set,s={};function c(e,t){const r=n.ee.get(t);s[t]??={},e&&"object"==typeof e&&(a.has(t)||(r.emit("rumresp",[e]),s[t]=e,a.add(t),function(e={}){try{i.gm.dispatchEvent(new CustomEvent(o,{detail:e}))}catch(e){}}({loaded:!0})))}},8990:(e,t,r)=>{"use strict";r.d(t,{I:()=>i});var n=Object.prototype.hasOwnProperty;function i(e,t,r){if(n.call(e,t))return e[t];var i=r();if(Object.defineProperty&&Object.keys)try{return Object.defineProperty(e,t,{value:i,writable:!0,enumerable:!1}),i}catch(e){}return e[t]=i,i}},6389:(e,t,r)=>{"use strict";function n(e,t=500,r={}){const n=r?.leading||!1;let i;return(...r)=>{n&&void 0===i&&(e.apply(this,r),i=setTimeout((()=>{i=clearTimeout(i)}),t)),n||(clearTimeout(i),i=setTimeout((()=>{e.apply(this,r)}),t))}}function i(e){let t=!1;return(...r)=>{t||(t=!0,e.apply(this,r))}}r.d(t,{J:()=>i,s:()=>n})},5289:(e,t,r)=>{"use strict";r.d(t,{GG:()=>o,sB:()=>a});var n=r(3878);function i(){return"undefined"==typeof document||"complete"===document.readyState}function o(e,t){if(i())return e();(0,n.sp)("load",e,t)}function a(e){if(i())return e();(0,n.DD)("DOMContentLoaded",e)}},384:(e,t,r)=>{"use strict";r.d(t,{NT:()=>o,US:()=>d,Zm:()=>a,bQ:()=>c,dV:()=>s,nY:()=>u,pV:()=>l});var n=r(6154),i=r(1863);const o={beacon:"bam.nr-data.net",errorBeacon:"bam.nr-data.net"};function a(){return n.gm.NREUM||(n.gm.NREUM={}),void 0===n.gm.newrelic&&(n.gm.newrelic=n.gm.NREUM),n.gm.NREUM}function s(){let e=a();return e.o||(e.o={ST:n.gm.setTimeout,SI:n.gm.setImmediate,CT:n.gm.clearTimeout,XHR:n.gm.XMLHttpRequest,REQ:n.gm.Request,EV:n.gm.Event,PR:n.gm.Promise,MO:n.gm.MutationObserver,FETCH:n.gm.fetch,WS:n.gm.WebSocket}),e}function c(e,t){let r=a();r.initializedAgents??={},t.initializedAt={ms:(0,i.t)(),date:new Date},r.initializedAgents[e]=t}function u(e){let t=a();return t.initializedAgents?.[e]}function d(e,t){a()[e]=t}function l(){return function(){let e=a();const t=e.info||{};e.info={beacon:o.beacon,errorBeacon:o.errorBeacon,...t}}(),function(){let e=a();const t=e.init||{};e.init={...t}}(),s(),function(){let e=a();const t=e.loader_config||{};e.loader_config={...t}}(),a()}},2843:(e,t,r)=>{"use strict";r.d(t,{u:()=>i});var n=r(3878);function i(e,t=!1,r,i){(0,n.DD)("visibilitychange",(function(){if(t)return void("hidden"===document.visibilityState&&e());e(document.visibilityState)}),r,i)}},3434:(e,t,r)=>{"use strict";r.d(t,{YM:()=>c});var n=r(7836),i=r(5607);const o="nr@original:".concat(i.W);var a=Object.prototype.hasOwnProperty,s=!1;function c(e,t){return e||(e=n.ee),r.inPlace=function(e,t,n,i,o){n||(n="");const a="-"===n.charAt(0);for(let s=0;s<t.length;s++){const c=t[s],u=e[c];d(u)||(e[c]=r(u,a?c+n:n,i,c,o))}},r.flag=o,r;function r(t,r,n,s,c){return d(t)?t:(r||(r=""),nrWrapper[o]=t,function(e,t,r){if(Object.defineProperty&&Object.keys)try{return Object.keys(e).forEach((function(r){Object.defineProperty(t,r,{get:function(){return e[r]},set:function(t){return e[r]=t,t}})})),t}catch(e){u([e],r)}for(var n in e)a.call(e,n)&&(t[n]=e[n])}(t,nrWrapper,e),nrWrapper);function nrWrapper(){var o,a,d,l;try{a=this,o=[...arguments],d="function"==typeof n?n(o,a):n||{}}catch(t){u([t,"",[o,a,s],d],e)}i(r+"start",[o,a,s],d,c);try{return l=t.apply(a,o)}catch(e){throw i(r+"err",[o,a,e],d,c),e}finally{i(r+"end",[o,a,l],d,c)}}}function i(r,n,i,o){if(!s||t){var a=s;s=!0;try{e.emit(r,n,i,t,o)}catch(t){u([t,r,n,i],e)}s=a}}}function u(e,t){t||(t=n.ee);try{t.emit("internal-error",e)}catch(e){}}function d(e){return!(e&&"function"==typeof e&&e.apply&&!e[o])}},993:(e,t,r)=>{"use strict";r.d(t,{ET:()=>o,p_:()=>i});var n=r(860);const i={ERROR:"ERROR",WARN:"WARN",INFO:"INFO",DEBUG:"DEBUG",TRACE:"TRACE"},o="log";n.K7.logging},3969:(e,t,r)=>{"use strict";r.d(t,{TZ:()=>n,XG:()=>s,rs:()=>i,xV:()=>a,z_:()=>o});const n=r(860).K7.metrics,i="sm",o="cm",a="storeSupportabilityMetrics",s="storeEventMetrics"},6630:(e,t,r)=>{"use strict";r.d(t,{T:()=>n});const n=r(860).K7.pageViewEvent},782:(e,t,r)=>{"use strict";r.d(t,{T:()=>n});const n=r(860).K7.pageViewTiming},6344:(e,t,r)=>{"use strict";r.d(t,{G4:()=>i});var n=r(2614);r(860).K7.sessionReplay;const i={RECORD:"recordReplay",PAUSE:"pauseReplay",REPLAY_RUNNING:"replayRunning",ERROR_DURING_REPLAY:"errorDuringReplay"};n.g.ERROR,n.g.FULL,n.g.OFF},4234:(e,t,r)=>{"use strict";r.d(t,{W:()=>o});var n=r(7836),i=r(1687);class o{constructor(e,t){this.agentIdentifier=e,this.ee=n.ee.get(e),this.featureName=t,this.blocked=!1}deregisterDrain(){(0,i.x3)(this.agentIdentifier,this.featureName)}}},7603:(e,t,r)=>{"use strict";r.d(t,{j:()=>P});var n=r(860),i=r(2555),o=r(3371),a=r(9908),s=r(7836),c=r(1687),u=r(5289),d=r(6154),l=r(944),f=r(3969),g=r(384),p=r(6344);const h=["setErrorHandler","finished","addToTrace","addRelease","addPageAction","setCurrentRouteName","setPageViewName","setCustomAttribute","interaction","noticeError","setUserId","setApplicationVersion","start",p.G4.RECORD,p.G4.PAUSE,"log","wrapLogger"],v=["setErrorHandler","finished","addToTrace","addRelease"];var m=r(1863),b=r(2614),y=r(993);var w=r(2646),A=r(3434);function R(e,t,r,n){if("object"!=typeof t||!t||"string"!=typeof r||!r||"function"!=typeof t[r])return(0,l.R)(29);const i=function(e){return(e||s.ee).get("logger")}(e),o=(0,A.YM)(i),a=new w.y(s.P);return a.level=n.level,a.customAttributes=n.customAttributes,o.inPlace(t,[r],"wrap-logger-",a),i}function E(){const e=(0,g.pV)();h.forEach((t=>{e[t]=(...r)=>function(t,...r){let n=[];return Object.values(e.initializedAgents).forEach((e=>{e&&e.api?e.exposed&&e.api[t]&&n.push(e.api[t](...r)):(0,l.R)(38,t)})),n.length>1?n:n[0]}(t,...r)}))}const x={};function _(e,t,g=!1){t||(0,c.Ak)(e,"api");const h={};var w=s.ee.get(e),A=w.get("tracer");x[e]=b.g.OFF,w.on(p.G4.REPLAY_RUNNING,(t=>{x[e]=t}));var E="api-",_=E+"ixn-";function N(t,r,n,o){const a=(0,i.Vp)(e);return null===r?delete a.jsAttributes[t]:(0,i.x1)(e,{...a,jsAttributes:{...a.jsAttributes,[t]:r}}),j(E,n,!0,o||null===r?"session":void 0)(t,r)}function T(){}h.log=function(e,{customAttributes:t={},level:r=y.p_.INFO}={}){(0,a.p)(f.xV,["API/log/called"],void 0,n.K7.metrics,w),function(e,t,r={},i=y.p_.INFO){(0,a.p)(f.xV,["API/logging/".concat(i.toLowerCase(),"/called")],void 0,n.K7.metrics,e),(0,a.p)(y.ET,[(0,m.t)(),t,r,i],void 0,n.K7.logging,e)}(w,e,t,r)},h.wrapLogger=(e,t,{customAttributes:r={},level:i=y.p_.INFO}={})=>{(0,a.p)(f.xV,["API/wrapLogger/called"],void 0,n.K7.metrics,w),R(w,e,t,{customAttributes:r,level:i})},v.forEach((e=>{h[e]=j(E,e,!0,"api")})),h.addPageAction=j(E,"addPageAction",!0,n.K7.genericEvents),h.setPageViewName=function(t,r){if("string"==typeof t)return"/"!==t.charAt(0)&&(t="/"+t),(0,o.f)(e).customTransaction=(r||"http://custom.transaction")+t,j(E,"setPageViewName",!0)()},h.setCustomAttribute=function(e,t,r=!1){if("string"==typeof e){if(["string","number","boolean"].includes(typeof t)||null===t)return N(e,t,"setCustomAttribute",r);(0,l.R)(40,typeof t)}else(0,l.R)(39,typeof e)},h.setUserId=function(e){if("string"==typeof e||null===e)return N("enduser.id",e,"setUserId",!0);(0,l.R)(41,typeof e)},h.setApplicationVersion=function(e){if("string"==typeof e||null===e)return N("application.version",e,"setApplicationVersion",!1);(0,l.R)(42,typeof e)},h.start=()=>{try{(0,a.p)(f.xV,["API/start/called"],void 0,n.K7.metrics,w),w.emit("manual-start-all")}catch(e){(0,l.R)(23,e)}},h[p.G4.RECORD]=function(){(0,a.p)(f.xV,["API/recordReplay/called"],void 0,n.K7.metrics,w),(0,a.p)(p.G4.RECORD,[],void 0,n.K7.sessionReplay,w)},h[p.G4.PAUSE]=function(){(0,a.p)(f.xV,["API/pauseReplay/called"],void 0,n.K7.metrics,w),(0,a.p)(p.G4.PAUSE,[],void 0,n.K7.sessionReplay,w)},h.interaction=function(e){return(new T).get("object"==typeof e?e:{})};const S=T.prototype={createTracer:function(e,t){var r={},i=this,o="function"==typeof t;return(0,a.p)(f.xV,["API/createTracer/called"],void 0,n.K7.metrics,w),g||(0,a.p)(_+"tracer",[(0,m.t)(),e,r],i,n.K7.spa,w),function(){if(A.emit((o?"":"no-")+"fn-start",[(0,m.t)(),i,o],r),o)try{return t.apply(this,arguments)}catch(e){const t="string"==typeof e?new Error(e):e;throw A.emit("fn-err",[arguments,this,t],r),t}finally{A.emit("fn-end",[(0,m.t)()],r)}}}};function j(e,t,r,i){return function(){return(0,a.p)(f.xV,["API/"+t+"/called"],void 0,n.K7.metrics,w),i&&(0,a.p)(e+t,[(0,m.t)(),...arguments],r?null:this,i,w),r?void 0:this}}function k(){r.e(296).then(r.bind(r,8778)).then((({setAPI:t})=>{t(e),(0,c.Ze)(e,"api")})).catch((e=>{(0,l.R)(27,e),w.abort()}))}return["actionText","setName","setAttribute","save","ignore","onEnd","getContext","end","get"].forEach((e=>{S[e]=j(_,e,void 0,g?n.K7.softNav:n.K7.spa)})),h.setCurrentRouteName=g?j(_,"routeName",void 0,n.K7.softNav):j(E,"routeName",!0,n.K7.spa),h.noticeError=function(t,r){"string"==typeof t&&(t=new Error(t)),(0,a.p)(f.xV,["API/noticeError/called"],void 0,n.K7.metrics,w),(0,a.p)("err",[t,(0,m.t)(),!1,r,!!x[e]],void 0,n.K7.jserrors,w)},d.RI?(0,u.GG)((()=>k()),!0):k(),h}var N=r(9417),T=r(8122);const S={accountID:void 0,trustKey:void 0,agentID:void 0,licenseKey:void 0,applicationID:void 0,xpid:void 0},j={};var k=r(5284);const I=e=>{const t=e.startsWith("http");e+="/",r.p=t?e:"https://"+e};let O=!1;function P(e,t={},r,n){let{init:a,info:c,loader_config:u,runtime:l={},exposed:f=!0}=t;l.loaderType=r;const p=(0,g.pV)();c||(a=p.init,c=p.info,u=p.loader_config),(0,N.xN)(e.agentIdentifier,a||{}),function(e,t){if(!e)throw new Error("All loader-config objects require an agent identifier!");j[e]=(0,T.a)(t,S);const r=(0,g.nY)(e);r&&(r.loader_config=j[e])}(e.agentIdentifier,u||{}),c.jsAttributes??={},d.bv&&(c.jsAttributes.isWorker=!0),(0,i.x1)(e.agentIdentifier,c);const h=(0,N.D0)(e.agentIdentifier),v=[c.beacon,c.errorBeacon];O||(h.proxy.assets&&(I(h.proxy.assets),v.push(h.proxy.assets)),h.proxy.beacon&&v.push(h.proxy.beacon),E(),(0,g.US)("activatedFeatures",k.B),e.runSoftNavOverSpa&&=!0===h.soft_navigations.enabled&&h.feature_flags.includes("soft_nav")),l.denyList=[...h.ajax.deny_list||[],...h.ajax.block_internal?v:[]],l.ptid=e.agentIdentifier,(0,o.V)(e.agentIdentifier,l),e.ee=s.ee.get(e.agentIdentifier),void 0===e.api&&(e.api=_(e.agentIdentifier,n,e.runSoftNavOverSpa)),void 0===e.exposed&&(e.exposed=f),O=!0}},8374:(e,t,r)=>{r.nc=(()=>{try{return document?.currentScript?.nonce}catch(e){}return""})()},860:(e,t,r)=>{"use strict";r.d(t,{$J:()=>o,K7:()=>n,P3:()=>i});const n={ajax:"ajax",genericEvents:"generic_events",jserrors:"jserrors",logging:"logging",metrics:"metrics",pageAction:"page_action",pageViewEvent:"page_view_event",pageViewTiming:"page_view_timing",sessionReplay:"session_replay",sessionTrace:"session_trace",softNav:"soft_navigations",spa:"spa"},i={[n.pageViewEvent]:1,[n.pageViewTiming]:2,[n.metrics]:3,[n.jserrors]:4,[n.spa]:5,[n.ajax]:6,[n.sessionTrace]:7,[n.softNav]:8,[n.sessionReplay]:9,[n.logging]:10,[n.genericEvents]:11},o={[n.pageViewTiming]:"events",[n.ajax]:"events",[n.spa]:"events",[n.softNav]:"events",[n.metrics]:"jserrors",[n.jserrors]:"jserrors",[n.sessionTrace]:"browser/blobs",[n.sessionReplay]:"browser/blobs",[n.logging]:"browser/logs",[n.genericEvents]:"ins"}}},n={};function i(e){var t=n[e];if(void 0!==t)return t.exports;var o=n[e]={exports:{}};return r[e](o,o.exports,i),o.exports}i.m=r,i.d=(e,t)=>{for(var r in t)i.o(t,r)&&!i.o(e,r)&&Object.defineProperty(e,r,{enumerable:!0,get:t[r]})},i.f={},i.e=e=>Promise.all(Object.keys(i.f).reduce(((t,r)=>(i.f[r](e,t),t)),[])),i.u=e=>"nr-rum-1.274.0.min.js",i.o=(e,t)=>Object.prototype.hasOwnProperty.call(e,t),e={},t="NRBA-1.274.0.PROD:",i.l=(r,n,o,a)=>{if(e[r])e[r].push(n);else{var s,c;if(void 0!==o)for(var u=document.getElementsByTagName("script"),d=0;d<u.length;d++){var l=u[d];if(l.getAttribute("src")==r||l.getAttribute("data-webpack")==t+o){s=l;break}}if(!s){c=!0;var f={296:"sha512-gkYkZDAwQ9PwaDXs2YM+rNIdRej1Ac1mupWobRJ8eahQcXz6/sunGZCKklrzi5kWxhOGRZr2tn0rEKuLTXzfAA=="};(s=document.createElement("script")).charset="utf-8",s.timeout=120,i.nc&&s.setAttribute("nonce",i.nc),s.setAttribute("data-webpack",t+o),s.src=r,0!==s.src.indexOf(window.location.origin+"/")&&(s.crossOrigin="anonymous"),f[a]&&(s.integrity=f[a])}e[r]=[n];var g=(t,n)=>{s.onerror=s.onload=null,clearTimeout(p);var i=e[r];if(delete e[r],s.parentNode&&s.parentNode.removeChild(s),i&&i.forEach((e=>e(n))),t)return t(n)},p=setTimeout(g.bind(null,void 0,{type:"timeout",target:s}),12e4);s.onerror=g.bind(null,s.onerror),s.onload=g.bind(null,s.onload),c&&document.head.appendChild(s)}},i.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},i.p="https://js-agent.newrelic.com/",(()=>{var e={840:0,374:0};i.f.j=(t,r)=>{var n=i.o(e,t)?e[t]:void 0;if(0!==n)if(n)r.push(n[2]);else{var o=new Promise(((r,i)=>n=e[t]=[r,i]));r.push(n[2]=o);var a=i.p+i.u(t),s=new Error;i.l(a,(r=>{if(i.o(e,t)&&(0!==(n=e[t])&&(e[t]=void 0),n)){var o=r&&("load"===r.type?"missing":r.type),a=r&&r.target&&r.target.src;s.message="Loading chunk "+t+" failed.\n("+o+": "+a+")",s.name="ChunkLoadError",s.type=o,s.request=a,n[1](s)}}),"chunk-"+t,t)}};var t=(t,r)=>{var n,o,[a,s,c]=r,u=0;if(a.some((t=>0!==e[t]))){for(n in s)i.o(s,n)&&(i.m[n]=s[n]);if(c)c(i)}for(t&&t(r);u<a.length;u++)o=a[u],i.o(e,o)&&e[o]&&e[o][0](),e[o]=0},r=self["webpackChunk:NRBA-1.274.0.PROD"]=self["webpackChunk:NRBA-1.274.0.PROD"]||[];r.forEach(t.bind(null,0)),r.push=t.bind(null,r.push.bind(r))})(),(()=>{"use strict";i(8374);var e=i(944),t=i(6344),r=i(9566);class n{agentIdentifier;constructor(e=(0,r.LA)(16)){this.agentIdentifier=e}#e(t,...r){if("function"==typeof this.api?.[t])return this.api[t](...r);(0,e.R)(35,t)}addPageAction(e,t){return this.#e("addPageAction",e,t)}setPageViewName(e,t){return this.#e("setPageViewName",e,t)}setCustomAttribute(e,t,r){return this.#e("setCustomAttribute",e,t,r)}noticeError(e,t){return this.#e("noticeError",e,t)}setUserId(e){return this.#e("setUserId",e)}setApplicationVersion(e){return this.#e("setApplicationVersion",e)}setErrorHandler(e){return this.#e("setErrorHandler",e)}addRelease(e,t){return this.#e("addRelease",e,t)}log(e,t){return this.#e("log",e,t)}}class o extends n{#e(t,...r){if("function"==typeof this.api?.[t])return this.api[t](...r);(0,e.R)(35,t)}start(){return this.#e("start")}finished(e){return this.#e("finished",e)}recordReplay(){return this.#e(t.G4.RECORD)}pauseReplay(){return this.#e(t.G4.PAUSE)}addToTrace(e){return this.#e("addToTrace",e)}setCurrentRouteName(e){return this.#e("setCurrentRouteName",e)}interaction(){return this.#e("interaction")}wrapLogger(e,t,r){return this.#e("wrapLogger",e,t,r)}}var a=i(860),s=i(9417);const c=Object.values(a.K7);function u(e){const t={};return c.forEach((r=>{t[r]=function(e,t){return!0===(0,s.gD)(t,"".concat(e,".enabled"))}(r,e)})),t}var d=i(7603);var l=i(1687),f=i(4234),g=i(5289),p=i(6154),h=i(384);const v=e=>p.RI&&!0===(0,s.gD)(e,"privacy.cookies_enabled");function m(e){return!!(0,h.dV)().o.MO&&v(e)&&!0===(0,s.gD)(e,"session_trace.enabled")}var b=i(6389);class y extends f.W{constructor(e,t,r=!0){super(e.agentIdentifier,t),this.auto=r,this.abortHandler=void 0,this.featAggregate=void 0,this.onAggregateImported=void 0,!1===e.init[this.featureName].autoStart&&(this.auto=!1),this.auto?(0,l.Ak)(e.agentIdentifier,t):this.ee.on("manual-start-all",(0,b.J)((()=>{(0,l.Ak)(e.agentIdentifier,this.featureName),this.auto=!0,this.importAggregator(e)})))}importAggregator(t,r={}){if(this.featAggregate||!this.auto)return;let n;this.onAggregateImported=new Promise((e=>{n=e}));const o=async()=>{let o;try{if(v(this.agentIdentifier)){const{setupAgentSession:e}=await i.e(296).then(i.bind(i,3861));o=e(t)}}catch(t){(0,e.R)(20,t),this.ee.emit("internal-error",[t]),this.featureName===a.K7.sessionReplay&&this.abortHandler?.()}try{if(t.sharedAggregator)await t.sharedAggregator;else{t.sharedAggregator=i.e(296).then(i.bind(i,9337));const{EventAggregator:e}=await t.sharedAggregator;t.sharedAggregator=new e}if(!this.#t(this.featureName,o))return(0,l.Ze)(this.agentIdentifier,this.featureName),void n(!1);const{lazyFeatureLoader:e}=await i.e(296).then(i.bind(i,6103)),{Aggregate:a}=await e(this.featureName,"aggregate");this.featAggregate=new a(t,r),n(!0)}catch(t){(0,e.R)(34,t),this.abortHandler?.(),(0,l.Ze)(this.agentIdentifier,this.featureName,!0),n(!1),this.ee&&this.ee.abort()}};p.RI?(0,g.GG)((()=>o()),!0):o()}#t(e,t){switch(e){case a.K7.sessionReplay:return m(this.agentIdentifier)&&!!t;case a.K7.sessionTrace:return!!t;default:return!0}}}var w=i(6630);class A extends y{static featureName=w.T;constructor(e,t=!0){super(e,w.T,t),this.importAggregator(e)}}var R=i(9908),E=i(2843),x=i(3878),_=i(782),N=i(1863);class T extends y{static featureName=_.T;constructor(e,t=!0){super(e,_.T,t),p.RI&&((0,E.u)((()=>(0,R.p)("docHidden",[(0,N.t)()],void 0,_.T,this.ee)),!0),(0,x.sp)("pagehide",(()=>(0,R.p)("winPagehide",[(0,N.t)()],void 0,_.T,this.ee))),this.importAggregator(e))}}var S=i(3969);class j extends y{static featureName=S.TZ;constructor(e,t=!0){super(e,S.TZ,t),this.importAggregator(e)}}new class extends o{constructor(t,r){super(r),p.gm?(this.features={},(0,h.bQ)(this.agentIdentifier,this),this.desiredFeatures=new Set(t.features||[]),this.desiredFeatures.add(A),this.runSoftNavOverSpa=[...this.desiredFeatures].some((e=>e.featureName===a.K7.softNav)),(0,d.j)(this,t,t.loaderType||"agent"),this.run()):(0,e.R)(21)}get config(){return{info:this.info,init:this.init,loader_config:this.loader_config,runtime:this.runtime}}run(){try{const t=u(this.agentIdentifier),r=[...this.desiredFeatures];r.sort(((e,t)=>a.P3[e.featureName]-a.P3[t.featureName])),r.forEach((r=>{if(!t[r.featureName]&&r.featureName!==a.K7.pageViewEvent)return;if(this.runSoftNavOverSpa&&r.featureName===a.K7.spa)return;if(!this.runSoftNavOverSpa&&r.featureName===a.K7.softNav)return;const n=function(e){switch(e){case a.K7.ajax:return[a.K7.jserrors];case a.K7.sessionTrace:return[a.K7.ajax,a.K7.pageViewEvent];case a.K7.sessionReplay:return[a.K7.sessionTrace];case a.K7.pageViewTiming:return[a.K7.pageViewEvent];default:return[]}}(r.featureName).filter((e=>!(e in this.features)));n.length>0&&(0,e.R)(36,{targetFeature:r.featureName,missingDependencies:n}),this.features[r.featureName]=new r(this)}))}catch(t){(0,e.R)(22,t);for(const e in this.features)this.features[e].abortHandler?.();const r=(0,h.Zm)();delete r.initializedAgents[this.agentIdentifier]?.api,delete r.initializedAgents[this.agentIdentifier]?.features,delete this.sharedAggregator;return r.ee.get(this.agentIdentifier).abort(),!1}}}({features:[A,T,j],loaderType:"lite"})})()})();</script><link data-next-font="size-adjust" rel="preconnect" href="/" crossorigin="anonymous"/><link nonce="nonce-OGEyZGMwMmItNDdiYy00ZGI1LTljYjktOTMxNzk1NzY1ZDIz" rel="preload" href="/_next/static/css/ffa80ed36c27c549.css" as="style"/><link nonce="nonce-OGEyZGMwMmItNDdiYy00ZGI1LTljYjktOTMxNzk1NzY1ZDIz" rel="stylesheet" href="/_next/static/css/ffa80ed36c27c549.css" data-n-g=""/><noscript data-n-css="nonce-OGEyZGMwMmItNDdiYy00ZGI1LTljYjktOTMxNzk1NzY1ZDIz"></noscript><script defer="" nonce="nonce-OGEyZGMwMmItNDdiYy00ZGI1LTljYjktOTMxNzk1NzY1ZDIz" nomodule="" src="/_next/static/chunks/polyfills-78c92fac7aa8fdd8.js"></script><script src="/_next/static/chunks/webpack-a707e99c69361791.js" nonce="nonce-OGEyZGMwMmItNDdiYy00ZGI1LTljYjktOTMxNzk1NzY1ZDIz" defer=""></script><script src="/_next/static/chunks/framework-b0ec748c7a4c483a.js" nonce="nonce-OGEyZGMwMmItNDdiYy00ZGI1LTljYjktOTMxNzk1NzY1ZDIz" defer=""></script><script src="/_next/static/chunks/main-dbb03be72fb978ea.js" nonce="nonce-OGEyZGMwMmItNDdiYy00ZGI1LTljYjktOTMxNzk1NzY1ZDIz" defer=""></script><script src="/_next/static/chunks/pages/_app-db8f48fde056b518.js" nonce="nonce-OGEyZGMwMmItNDdiYy00ZGI1LTljYjktOTMxNzk1NzY1ZDIz" defer=""></script><script src="/_next/static/chunks/pages/cve/newest-964fa647e3d4d899.js" nonce="nonce-OGEyZGMwMmItNDdiYy00ZGI1LTljYjktOTMxNzk1NzY1ZDIz" defer=""></script><script src="/_next/static/l4vcnKDxIXiOkUtvMoFnX/_buildManifest.js" nonce="nonce-OGEyZGMwMmItNDdiYy00ZGI1LTljYjktOTMxNzk1NzY1ZDIz" defer=""></script><script src="/_next/static/l4vcnKDxIXiOkUtvMoFnX/_ssgManifest.js" nonce="nonce-OGEyZGMwMmItNDdiYy00ZGI1LTljYjktOTMxNzk1NzY1ZDIz" defer=""></script></head><body data-base-url="https://www.tenable.com" data-ga4-tracking-id=""><div id="__next"><div class="app__wrapper"><header class="banner"><div class="nav-wrapper"><ul class="list-inline nav-brand"><li class="list-inline-item"><a href="https://www.tenable.com"><img class="logo" src="https://www.tenable.com/themes/custom/tenable/img/logo.png" alt="Tenable"/></a></li><li class="list-inline-item"><a class="app-name" href="https://www.tenable.com/cve">CVEs</a></li></ul><ul class="nav-dropdown nav"><li class="d-none d-md-block dropdown nav-item"><a aria-haspopup="true" href="#" class="dropdown-toggle nav-link" aria-expanded="false">Settings</a><div tabindex="-1" role="menu" aria-hidden="true" class="dropdown-menu dropdown-menu-right"><h6 tabindex="-1" class="dropdown-header">Links</h6><a href="https://cloud.tenable.com" role="menuitem" class="dropdown-item">Tenable Cloud <i class="fas fa-external-link-alt external-link"></i></a><a href="https://community.tenable.com/login" role="menuitem" class="dropdown-item">Tenable Community & Support <i class="fas fa-external-link-alt external-link"></i></a><a href="https://university.tenable.com/lms/index.php?r=site/sso&sso_type=saml" role="menuitem" class="dropdown-item">Tenable University <i class="fas fa-external-link-alt external-link"></i></a><div tabindex="-1" class="dropdown-divider"></div><span tabindex="-1" class="dropdown-item-text"><div class="d-flex justify-content-between toggle-btn-group flex-column"><div class="label mb-2">Severity <i class="fas fa-info-circle" id="preferredSeverity"></i></div><div role="group" class="btn-group-sm btn-group"><button type="button" class="toggle-btn btn btn-outline-primary">CVSS v2</button><button type="button" class="toggle-btn btn btn-outline-primary">CVSS v3</button><button type="button" class="toggle-btn btn btn-outline-primary active">CVSS v4</button></div></div></span><div tabindex="-1" class="dropdown-divider"></div><span tabindex="-1" class="dropdown-item-text"><div class="d-flex justify-content-between toggle-btn-group flex-row"><div class="label">Theme</div><div role="group" class="ml-3 btn-group-sm btn-group"><button type="button" class="toggle-btn btn btn-outline-primary active">Light</button><button type="button" class="toggle-btn btn btn-outline-primary">Dark</button><button type="button" class="toggle-btn btn btn-outline-primary">Auto</button></div></div></span><div tabindex="-1" class="dropdown-divider"></div><button type="button" tabindex="0" role="menuitem" class="dropdown-item-link dropdown-item">Help</button></div></li></ul><div class="d-block d-md-none"><button type="button" aria-label="Toggle Overlay" class="btn btn-link nav-toggle"><i class="fas fa-bars fa-2x"></i></button></div></div></header><div class="mobile-nav closed"><ul class="flex-column nav"><li class="mobile-header nav-item"><a href="https://www.tenable.com" class="float-left nav-link"><img class="logo" src="https://www.tenable.com/themes/custom/tenable/img/logo-teal.png" alt="Tenable"/></a><a class="float-right mr-2 nav-link"><i class="fas fa-times fa-lg"></i></a></li><li class="nav-item"><a class="nav-link">Plugins<i class="float-right mt-1 fas fa-chevron-right"></i></a></li><div class="collapse"><div class="mobile-collapse"><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/plugins">Overview</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/plugins/pipeline">Plugins Pipeline</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/plugins/newest">Newest</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/plugins/updated">Updated</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/plugins/search">Search</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/plugins/nessus/families?type=nessus">Nessus Families</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/plugins/was/families?type=was">WAS Families</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/plugins/nnm/families?type=nnm">NNM Families</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/plugins/lce/families?type=lce">LCE Families</a></li><li class="no-capitalize nav-item"><a class="nav-link " href="https://www.tenable.com/plugins/ot/families?type=ot">Tenable OT Security Families</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/plugins/families/about">About Plugin Families</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/plugins/release-notes">Release Notes</a></li></div></div><li class="nav-item"><a class="nav-link">Audits<i class="float-right mt-1 fas fa-chevron-right"></i></a></li><div class="collapse"><div class="mobile-collapse"><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/audits">Overview</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/audits/newest">Newest</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/audits/updated">Updated</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/audits/search">Search Audit Files</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/audits/items/search">Search Items</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/audits/references">References</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/audits/authorities">Authorities</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/audits/documentation">Documentation</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/downloads/download-all-compliance-audit-files">Download All Audit Files</a></li></div></div><li class="nav-item"><a class="nav-link">Indicators<i class="float-right mt-1 fas fa-chevron-right"></i></a></li><div class="collapse"><div class="mobile-collapse"><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/indicators">Overview</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/indicators/search">Search</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/indicators/ioa">Indicators of Attack</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/indicators/ioe">Indicators of Exposure</a></li></div></div><li class="nav-item"><a class="nav-link">CVEs<i class="float-right mt-1 fas fa-chevron-right"></i></a></li><div class="collapse"><div class="mobile-collapse"><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/cve">Overview</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/cve/newest">Newest</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/cve/updated">Updated</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/cve/search">Search</a></li></div></div><li class="nav-item"><a class="nav-link">Attack Path Techniques<i class="float-right mt-1 fas fa-chevron-right"></i></a></li><div class="collapse"><div class="mobile-collapse"><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/attack-path-techniques">Overview</a></li><li class="nav-item"><a class="nav-link " href="https://www.tenable.com/attack-path-techniques/search">Search</a></li></div></div><ul id="links-nav" class="flex-column mt-5 nav"><li class="nav-item"><a class="nav-link">Links<i class="float-right mt-1 fas fa-chevron-right"></i></a></li><div class="collapse"><div class="mobile-collapse"><li class="nav-item"><a href="https://cloud.tenable.com" class="nav-link">Tenable Cloud</a></li><li class="nav-item"><a href="https://community.tenable.com/login" class="nav-link">Tenable Community & Support</a></li><li class="nav-item"><a href="https://university.tenable.com/lms/index.php?r=site/sso&sso_type=saml" class="nav-link">Tenable University</a></li></div></div><li class="nav-item"><a class="nav-link">Settings<i class="float-right mt-1 fas fa-chevron-right"></i></a></li><div class="collapse"><div class="mobile-collapse py-3"><li class="nav-item"><div class="d-flex justify-content-between toggle-btn-group flex-column"><div class="label mb-2">Severity</div><div role="group" class="btn-group-sm btn-group"><button type="button" class="toggle-btn btn btn-outline-primary">CVSS v2</button><button type="button" class="toggle-btn btn btn-outline-primary">CVSS v3</button><button type="button" class="toggle-btn btn btn-outline-primary active">CVSS v4</button></div></div></li><li class="nav-item"><div class="d-flex justify-content-between toggle-btn-group flex-row"><div class="label">Theme</div><div role="group" class="ml-3 btn-group-sm btn-group"><button type="button" class="toggle-btn btn btn-outline-primary active">Light</button><button type="button" class="toggle-btn btn btn-outline-primary">Dark</button><button type="button" class="toggle-btn btn btn-outline-primary">Auto</button></div></div></li></div></div></ul></ul></div><div class="app__container"><div class="app__content"><div class="card callout callout-alert callout-bg-danger mb-4"><div class="card-body"><h5 class="mb-2 text-white">Your browser is no longer supported</h5><p class="text-white">Please update or use another browser for this application to function correctly.</p></div></div><div class="row"><div class="col-3 col-xl-2 d-none d-md-block"><h6 class="side-nav-heading">Detections</h6><ul class="side-nav bg-white sticky-top nav flex-column"><li class="nav-item"><a type="button" class="nav-link">Plugins<i class="float-right mt-1 fas fa-chevron-right"></i></a></li><div class="side-nav-collapse collapse"><li class="false nav-item"><a href="/plugins" class="nav-link"><span>Overview</span></a></li><li class="false nav-item"><a href="/plugins/pipeline" class="nav-link"><span>Plugins Pipeline</span></a></li><li class="false nav-item"><a href="/plugins/release-notes" class="nav-link"><span>Release Notes</span></a></li><li class="false nav-item"><a href="/plugins/newest" class="nav-link"><span>Newest</span></a></li><li class="false nav-item"><a href="/plugins/updated" class="nav-link"><span>Updated</span></a></li><li class="false nav-item"><a href="/plugins/search" class="nav-link"><span>Search</span></a></li><li class="false nav-item"><a href="/plugins/nessus/families" class="nav-link"><span>Nessus Families</span></a></li><li class="false nav-item"><a href="/plugins/was/families" class="nav-link"><span>WAS Families</span></a></li><li class="false nav-item"><a href="/plugins/nnm/families" class="nav-link"><span>NNM Families</span></a></li><li class="false nav-item"><a href="/plugins/lce/families" class="nav-link"><span>LCE Families</span></a></li><li class="false nav-item"><a href="/plugins/ot/families" class="nav-link"><span>Tenable OT Security Families</span></a></li><li class="false nav-item"><a href="/plugins/families/about" class="nav-link"><span>About Plugin Families</span></a></li></div><li class="nav-item"><a type="button" class="nav-link">Audits<i class="float-right mt-1 fas fa-chevron-right"></i></a></li><div class="side-nav-collapse collapse"><li class="false nav-item"><a href="/audits" class="nav-link"><span>Overview</span></a></li><li class="false nav-item"><a href="/audits/newest" class="nav-link"><span>Newest</span></a></li><li class="false nav-item"><a href="/audits/updated" class="nav-link"><span>Updated</span></a></li><li class="false nav-item"><a href="/audits/search" class="nav-link"><span>Search Audit Files</span></a></li><li class="false nav-item"><a href="/audits/items/search" class="nav-link"><span>Search Items</span></a></li><li class="false nav-item"><a href="/audits/references" class="nav-link"><span>References</span></a></li><li class="false nav-item"><a href="/audits/authorities" class="nav-link"><span>Authorities</span></a></li><li class="false nav-item"><a href="/audits/documentation" class="nav-link"><span>Documentation</span></a></li><li class="nav-item"><a class="nav-link" href="https://www.tenable.com/downloads/download-all-compliance-audit-files">Download All Audit Files</a></li></div><li class="nav-item"><a type="button" class="nav-link">Indicators<i class="float-right mt-1 fas fa-chevron-right"></i></a></li><div class="side-nav-collapse collapse"><li class="false nav-item"><a href="/indicators" class="nav-link"><span>Overview</span></a></li><li class="false nav-item"><a href="/indicators/search" class="nav-link"><span>Search</span></a></li><li class="false nav-item"><a href="/indicators/ioa" class="nav-link"><span>Indicators of Attack</span></a></li><li class="false nav-item"><a href="/indicators/ioe" class="nav-link"><span>Indicators of Exposure</span></a></li></div></ul><h6 class="side-nav-heading">Analytics</h6><ul class="side-nav bg-white sticky-top nav flex-column"><li class="nav-item"><a type="button" class="nav-link">CVEs<i class="float-right mt-1 fas fa-chevron-down"></i></a></li><div class="side-nav-collapse collapse show"><li class="false nav-item"><a href="/cve" class="nav-link"><span>Overview</span></a></li><li class="active nav-item"><a href="/cve/newest" class="nav-link"><span>Newest</span></a></li><li class="false nav-item"><a href="/cve/updated" class="nav-link"><span>Updated</span></a></li><li class="false nav-item"><a href="/cve/search" class="nav-link"><span>Search</span></a></li></div><li class="nav-item"><a type="button" class="nav-link">Attack Path Techniques<i class="float-right mt-1 fas fa-chevron-right"></i></a></li><div class="side-nav-collapse collapse"><li class="false nav-item"><a href="/attack-path-techniques" class="nav-link"><span>Overview</span></a></li><li class="false nav-item"><a href="/attack-path-techniques/search" class="nav-link"><span>Search</span></a></li></div></ul></div><div class="col-12 col-md-9 col-xl-10"><nav class="d-none d-md-block" aria-label="breadcrumb"><ol class="breadcrumb"><li class="breadcrumb-item"><a href="https://www.tenable.com/cve">CVEs</a></li><li class="active breadcrumb-item" aria-current="page">Newest</li></ol></nav><nav class="d-md-none" aria-label="breadcrumb"><ol class="breadcrumb"><li class="breadcrumb-item"><a href="https://www.tenable.com/cve"><i class="fas fa-chevron-left"></i> CVEs</a></li></ol></nav><h1 class="mb-3 h2">Newest CVEs</h1><div class="card"><div class="p-3 card-body"><nav class="" aria-label="pagination"><ul class="justify-content-between pagination pagination"><li class="page-item disabled"><a class="page-link page-previous" href="https://www.tenable.com/cve/newest?page=0">‹‹ Previous<span class="sr-only"> Previous</span></a></li><li class="page-item disabled"><a class="page-link page-text">Page 1 of 5447 <span class="d-none d-sm-inline">• 272341 Total</span></a></li><li class="page-item"><a class="page-link page-next" href="https://www.tenable.com/cve/newest?page=2"><span class="sr-only">Next</span>Next ››</a></li></ul></nav><div class="overflow-auto"><div class="table-responsive"><table class="results-table table"><thead><tr><th>ID</th><th>Description</th><th>Severity</th></tr></thead><tbody><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-53855">CVE-2024-53855</a></td><td>Centurion ERP (Enterprise Rescource Planning) is a simple application developed to provide open source IT management with a large emphasis on the IT Service Management (ITSM) modules. A user who is authenticated and has view permissions for a ticket, can view the tickets of another organization they are not apart of. Users with following permissions are applicable: 1. `view_ticket_change` permission can view change tickets from organizations they are not apart of. 2. `view_ticket_incident` permission can view incident tickets from organizations they are not apart of. 3. `view_ticket_request` permission can view request tickets from organizations they are not apart of. 4. `view_ticket_problem` permission can view problem tickets from organizations they are not apart of. The access to view the tickets from different organizations is only applicable when browsing the API endpoints for the tickets in question. The Centurion UI is not affected. Project Tasks, although a "ticket type" are also **Not** affected. This issue has been addressed in release version 1.3.1 and users are advised to upgrade. Users unable to upgrade may remove the ticket view permissions from users which would alleviate this vulnerability, if this is deemed not-viable, Upgrading is recommended.</td><td><h6 class="my-1"><span class="badge badge-low">low</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-53264">CVE-2024-53264</a></td><td>bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the "next" parameter. The loading endpoint accepts and uses an unvalidated "next" parameter for redirects. Ex. visiting: `/loading?next=https://google.com` while authenticated will cause the page will redirect to google.com. This vulnerability could be used in phishing attacks by redirecting users from a legitimate application URL to malicious sites. This issue has been addressed in version 1.5.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.</td><td><h6 class="my-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-47181">CVE-2024-47181</a></td><td>Contiki-NG is an open-source, cross-platform operating system for IoT devices. An unaligned memory access can be triggered in the two RPL implementations of the Contiki-NG operating system. The problem can occur when either one of these RPL implementations is enabled and connected to an RPL instance. If an IPv6 packet containing an odd number of padded bytes before the RPL option, it can cause the rpl_ext_header_hbh_update function to read a 16-bit integer from an odd address. The impact of this unaligned read is architecture-dependent, but can potentially cause the system to crash. The problem has not been patched as of release 4.9, but will be included in the next release. One can apply the changes in Contiki-NG pull request #2962 to patch the system or wait for the next release.</td><td><h6 class="my-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-41126">CVE-2024-41126</a></td><td>Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG configuration. The vulnerability exists in the os/net/app-layer/snmp/snmp-message.c module, where the snmp_message_decode function fails to check the boundary of the message buffer when reading a byte from it immediately after decoding an object identifier (OID). The problem has been patched in Contiki-NG pull request 2937. It will be included in the next release of Contiki-NG. Users are advised to either apply the patch manually or to wait for the next release. A workaround is to disable the SNMP module in the Contiki-NG build configuration.</td><td><h6 class="my-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-41125">CVE-2024-41125</a></td><td>Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG configuration. The vulnerability exists in the os/net/app-layer/snmp/snmp-ber.c module, where the function snmp_ber_decode_string_len_buffer decodes the string length from a received SNMP packet. In one place, one byte is read from the buffer, without checking that the buffer has another byte available, leading to a possible out-of-bounds read. The problem has been patched in Contiki-NG pull request #2936. It will be included in the next release of Contiki-NG. Users are advised to apply the patch manually or to wait for the next release. A workaround is to disable the SNMP module in the Contiki-NG build configuration.</td><td><h6 class="my-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2023-29001">CVE-2023-29001</a></td><td>Contiki-NG is an open-source, cross-platform operating system for IoT devices. The Contiki-NG operating system processes source routing headers (SRH) in its two alternative RPL protocol implementations. The IPv6 implementation uses the results of this processing to determine whether an incoming packet should be forwarded to another host. Because of missing validation of the resulting next-hop address, an uncontrolled recursion may occur in the tcpip_ipv6_output function in the os/net/ipv6/tcpip.c module when receiving a packet with a next-hop address that is a local address. Attackers that have the possibility to send IPv6 packets to the Contiki-NG host can therefore trigger deeply nested recursive calls, which can cause a stack overflow. The vulnerability has not been patched in the current release of Contiki-NG, but is expected to be patched in the next release. The problem can be fixed by applying the patch in Contiki-NG pull request #2264. Users are advised to either apply the patch manually or to wait for the next release. There are no known workarounds for this vulnerability.</td><td><h6 class="my-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-9369">CVE-2024-9369</a></td><td>Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)</td><td><h6 class="my-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-7025">CVE-2024-7025</a></td><td>Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)</td><td><h6 class="my-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-53254">CVE-2024-53254</a></td><td>Rejected reason: This CVE is a duplicate of another CVE.</td><td><h6 class="my-1"><span class="badge badge-secondary">No Score</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-11160">CVE-2024-11160</a></td><td>Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.</td><td><h6 class="my-1"><span class="badge badge-secondary">No Score</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-54004">CVE-2024-54004</a></td><td>Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system.</td><td><h6 class="my-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-54003">CVE-2024-54003</a></td><td>Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission.</td><td><h6 class="my-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-51228">CVE-2024-51228</a></td><td>An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote attacker to execute arbitrary code via the /boafrm/formSysCmd component.</td><td><h6 class="my-1"><span class="badge badge-critical">critical</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-37816">CVE-2024-37816</a></td><td>Quectel EC25-EUX EC25EUXGAR08A05M1G was discovered to contain a stack overflow.</td><td><h6 class="my-1"><span class="badge badge-critical">critical</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-31976">CVE-2024-31976</a></td><td>EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker to execute arbitrary OS commands via the Controller connectivity parameter.</td><td><h6 class="my-1"><span class="badge badge-critical">critical</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-21703">CVE-2024-21703</a></td><td>This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitive information about the Confluence Data Center configuration which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to the latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release greater than or equal to 7.19.18 * Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.5 * Confluence Data Center and Server 8.7: Upgrade to a release greater than or equal to 8.7.2 * Confluence Data Center and Server 8.8: Upgrade to a release greater than or equal to 8.8.0 See the release notes (https://confluence.atlassian.com/conf88/confluence-release-notes-1354501008.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ). This vulnerability was reported via our Atlassian Bug Bounty Program by Chris Elliot.</td><td><h6 class="my-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-11860">CVE-2024-11860</a></td><td>A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects an unknown part of the file /rental/ajax.php?action=delete_tenant of the component POST Request Handler. The manipulation of the argument id leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.</td><td><h6 class="my-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-53920">CVE-2024-53920</a></td><td>In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)</td><td><h6 class="my-1"><span class="badge badge-critical">critical</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-52951">CVE-2024-52951</a></td><td>Stored Cross-Site Scripting in the Access Request History in Omada Identity before version 15 update 1 allows an authenticated attacker to execute arbitrary code in the browser of a victim via a specially crafted link or by viewing a manipulated Access Request History</td><td><h6 class="my-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-46055">CVE-2024-46055</a></td><td>OpenVidReview 1.0 is vulnerable to Cross Site Scripting (XSS) in review names.</td><td><h6 class="my-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-46054">CVE-2024-46054</a></td><td>OpenVidReview 1.0 is vulnerable to Incorrect Access Control. The /upload route is accessible without authentication, allowing any user to upload files.</td><td><h6 class="my-1"><span class="badge badge-critical">critical</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-11862">CVE-2024-11862</a></td><td>Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption key obsolete via a timing attacks</td><td><h6 class="my-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-53635">CVE-2024-53635</a></td><td>A Reflected Cross Site Scripting (XSS) vulnerability was found in /covid-tms/patient-search-report.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata POST request parameter.</td><td><h6 class="my-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-53604">CVE-2024-53604</a></td><td>A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the mobnumber POST request parameter.</td><td><h6 class="my-1"><span class="badge badge-critical">critical</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-53603">CVE-2024-53603</a></td><td>A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter.</td><td><h6 class="my-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-36464">CVE-2024-36464</a></td><td>When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords.</td><td><h6 class="my-1"><span class="badge badge-low">low</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-42333">CVE-2024-42333</a></td><td>The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c</td><td><h6 class="my-1"><span class="badge badge-low">low</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-42332">CVE-2024-42332</a></td><td>The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host.</td><td><h6 class="my-1"><span class="badge badge-low">low</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-42331">CVE-2024-42331</a></td><td>In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browser_push_error method in the src/libs/zbxembed/browser_error.c file. A use-after-free bug can occur at this stage if the wd->browser heap pointer is freed by garbage collection.</td><td><h6 class="my-1"><span class="badge badge-low">low</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-42330">CVE-2024-42330</a></td><td>The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects.</td><td><h6 class="my-1"><span class="badge badge-critical">critical</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-42329">CVE-2024-42329</a></td><td>The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails. But this function can fail for various reasons without an error description and then the wd->error will be NULL and trying to read from it will result in a crash.</td><td><h6 class="my-1"><span class="badge badge-low">low</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-42328">CVE-2024-42328</a></td><td>When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_write_cb when receiving data. If the server's response is an empty document, then wd->data in the code below will remain NULL and an attempt to read from it will result in a crash.</td><td><h6 class="my-1"><span class="badge badge-low">low</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-42327">CVE-2024-42327</a></td><td>A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.</td><td><h6 class="my-1"><span class="badge badge-critical">critical</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-42326">CVE-2024-42326</a></td><td>There was discovered a use after free bug in browser.c in the es_browser_get_variant function</td><td><h6 class="my-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-36468">CVE-2024-36468</a></td><td>The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_handle_engineid function within the Zabbix server/proxy code. This issue occurs when copying data from session->securityEngineID to local_record.engineid without proper bounds checking.</td><td><h6 class="my-1"><span class="badge badge-low">low</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-11009">CVE-2024-11009</a></td><td>The Internal Linking for SEO traffic & Ranking – Auto internal links (100% automatic) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘post_id’ parameter in all versions up to, and including, 1.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.</td><td><h6 class="my-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-11025">CVE-2024-11025</a></td><td>An authenticated attacker with low privileges may use a SQL Injection vulnerability in the affected products administration panel to gain read and write access to a specific log file of the device.</td><td><h6 class="my-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-10521">CVE-2024-10521</a></td><td>The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on the process_bulk_action function. This makes it possible for unauthenticated attackers to delete forms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.</td><td><h6 class="my-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-52323">CVE-2024-52323</a></td><td>Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account.</td><td><h6 class="my-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-11667">CVE-2024-11667</a></td><td>A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.</td><td><h6 class="my-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-36467">CVE-2024-36467</a></td><td>An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access.</td><td><h6 class="my-1"><span class="badge badge-high">high</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-10895">CVE-2024-10895</a></td><td>The Counter Up – Animated Number Counter & Milestone Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lgx-counter' shortcode in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td><td><h6 class="my-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-10580">CVE-2024-10580</a></td><td>The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized form submissions due to a missing capability check on the submit_form() function in all versions up to, and including, 7.8.5. This makes it possible for unauthenticated attackers to submit unpublished forms.</td><td><h6 class="my-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-10175">CVE-2024-10175</a></td><td>The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wdo_pricing_tables shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td><td><h6 class="my-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-52959">CVE-2024-52959</a></td><td>A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file.</td><td><h6 class="my-1"><span class="badge badge-critical">critical</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-52958">CVE-2024-52958</a></td><td>A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function.</td><td><h6 class="my-1"><span class="badge badge-critical">critical</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-11219">CVE-2024-11219</a></td><td>The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.0.6 via the get_image function. This makes it possible for unauthenticated attackers to view arbitrary images on the server, which can contain sensitive information.</td><td><h6 class="my-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-11083">CVE-2024-11083</a></td><td>The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.</td><td><h6 class="my-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-5921">CVE-2024-5921</a></td><td>An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint. GlobalProtect App for Android is under evaluation. Please subscribe to our RSS feed https://security.paloaltonetworks.com/rss.xml to be alerted to new updates to this and other advisories.</td><td><h6 class="my-1"><span class="badge badge-medium">medium</span></h6></td></tr><tr><td class="cve-id"><a href="https://www.tenable.com/cve/CVE-2024-53676">CVE-2024-53676</a></td><td>A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution.</td><td><h6 class="my-1"><span class="badge badge-critical">critical</span></h6></td></tr></tbody></table></div></div><nav class="" aria-label="pagination"><ul class="justify-content-between pagination pagination"><li class="page-item disabled"><a class="page-link page-previous" href="https://www.tenable.com/cve/newest?page=0">‹‹ Previous<span class="sr-only"> Previous</span></a></li><li class="page-item disabled"><a class="page-link page-text">Page 1 of 5447 <span class="d-none d-sm-inline">• 272341 Total</span></a></li><li class="page-item"><a class="page-link page-next" href="https://www.tenable.com/cve/newest?page=2"><span class="sr-only">Next</span>Next ››</a></li></ul></nav></div></div></div></div></div></div><footer class="footer"><div class="container"><ul class="footer-nav"><li class="footer-nav-item"><a href="https://www.tenable.com/">Tenable.com</a></li><li class="footer-nav-item"><a href="https://community.tenable.com">Community & Support</a></li><li class="footer-nav-item"><a href="https://docs.tenable.com">Documentation</a></li><li class="footer-nav-item"><a href="https://university.tenable.com">Education</a></li></ul><ul class="footer-nav footer-nav-secondary"><li class="footer-nav-item">© 2024 Tenable®, Inc. All Rights Reserved</li><li class="footer-nav-item"><a href="https://www.tenable.com/privacy-policy">Privacy Policy</a></li><li class="footer-nav-item"><a href="https://www.tenable.com/legal">Legal</a></li><li class="footer-nav-item"><a href="https://www.tenable.com/section-508-voluntary-product-accessibility">508 Compliance</a></li></ul></div></footer><div class="Toastify"></div></div></div><script id="__NEXT_DATA__" type="application/json" nonce="nonce-OGEyZGMwMmItNDdiYy00ZGI1LTljYjktOTMxNzk1NzY1ZDIz">{"props":{"pageProps":{"cves":[{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-53855","_score":null,"_source":{"cvss2_severity":"Low","description":"Centurion ERP (Enterprise Rescource Planning) is a simple application developed to provide open source IT management with a large emphasis on the IT Service Management (ITSM) modules. A user who is authenticated and has view permissions for a ticket, can view the tickets of another organization they are not apart of. Users with following permissions are applicable: 1. `view_ticket_change` permission can view change tickets from organizations they are not apart of. 2. `view_ticket_incident` permission can view incident tickets from organizations they are not apart of. 3. `view_ticket_request` permission can view request tickets from organizations they are not apart of. 4. `view_ticket_problem` permission can view problem tickets from organizations they are not apart of. The access to view the tickets from different organizations is only applicable when browsing the API endpoints for the tickets in question. The Centurion UI is not affected. Project Tasks, although a \"ticket type\" are also **Not** affected. This issue has been addressed in release version 1.3.1 and users are advised to upgrade. Users unable to upgrade may remove the ticket view permissions from users which would alleviate this vulnerability, if this is deemed not-viable, Upgrading is recommended.","publication_date":"2024-11-27T19:15:33","cvss3_severity":"Low","cvss4_severity":null,"public_display":"CVE-2024-53855","cvssV2Severity":"Low","cvssV3Severity":"Low","cvssV4Severity":null,"severity":"Low"},"sort":[1732734933000,"CVE-2024-53855"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-53264","_score":null,"_source":{"cvss2_severity":"Medium","description":"bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the \"next\" parameter. The loading endpoint accepts and uses an unvalidated \"next\" parameter for redirects. Ex. visiting: `/loading?next=https://google.com` while authenticated will cause the page will redirect to google.com. This vulnerability could be used in phishing attacks by redirecting users from a legitimate application URL to malicious sites. This issue has been addressed in version 1.5.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.","publication_date":"2024-11-27T19:15:33","cvss3_severity":"Medium","cvss4_severity":"Medium","public_display":"CVE-2024-53264","cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":"Medium","severity":"Medium"},"sort":[1732734933000,"CVE-2024-53264"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-47181","_score":null,"_source":{"cvss2_severity":"High","description":"Contiki-NG is an open-source, cross-platform operating system for IoT devices. An unaligned memory access can be triggered in the two RPL implementations of the Contiki-NG operating system. The problem can occur when either one of these RPL implementations is enabled and connected to an RPL instance. If an IPv6 packet containing an odd number of padded bytes before the RPL option, it can cause the rpl_ext_header_hbh_update function to read a 16-bit integer from an odd address. The impact of this unaligned read is architecture-dependent, but can potentially cause the system to crash. The problem has not been patched as of release 4.9, but will be included in the next release. One can apply the changes in Contiki-NG pull request #2962 to patch the system or wait for the next release.","publication_date":"2024-11-27T19:15:33","cvss3_severity":"High","cvss4_severity":null,"public_display":"CVE-2024-47181","cvssV2Severity":"High","cvssV3Severity":"High","cvssV4Severity":null,"severity":"High"},"sort":[1732734933000,"CVE-2024-47181"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-41126","_score":null,"_source":{"cvss2_severity":"Medium","description":"Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG configuration. The vulnerability exists in the os/net/app-layer/snmp/snmp-message.c module, where the snmp_message_decode function fails to check the boundary of the message buffer when reading a byte from it immediately after decoding an object identifier (OID). The problem has been patched in Contiki-NG pull request 2937. It will be included in the next release of Contiki-NG. Users are advised to either apply the patch manually or to wait for the next release. A workaround is to disable the SNMP module in the Contiki-NG build configuration.","publication_date":"2024-11-27T19:15:33","cvss3_severity":"High","cvss4_severity":null,"public_display":"CVE-2024-41126","cvssV2Severity":"Medium","cvssV3Severity":"High","cvssV4Severity":null,"severity":"High"},"sort":[1732734933000,"CVE-2024-41126"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-41125","_score":null,"_source":{"cvss2_severity":"Medium","description":"Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG configuration. The vulnerability exists in the os/net/app-layer/snmp/snmp-ber.c module, where the function snmp_ber_decode_string_len_buffer decodes the string length from a received SNMP packet. In one place, one byte is read from the buffer, without checking that the buffer has another byte available, leading to a possible out-of-bounds read. The problem has been patched in Contiki-NG pull request #2936. It will be included in the next release of Contiki-NG. Users are advised to apply the patch manually or to wait for the next release. A workaround is to disable the SNMP module in the Contiki-NG build configuration.","publication_date":"2024-11-27T19:15:32","cvss3_severity":"High","cvss4_severity":null,"public_display":"CVE-2024-41125","cvssV2Severity":"Medium","cvssV3Severity":"High","cvssV4Severity":null,"severity":"High"},"sort":[1732734932000,"CVE-2024-41125"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2023-29001","_score":null,"_source":{"cvss2_severity":"Medium","description":"Contiki-NG is an open-source, cross-platform operating system for IoT devices. The Contiki-NG operating system processes source routing headers (SRH) in its two alternative RPL protocol implementations. The IPv6 implementation uses the results of this processing to determine whether an incoming packet should be forwarded to another host. Because of missing validation of the resulting next-hop address, an uncontrolled recursion may occur in the tcpip_ipv6_output function in the os/net/ipv6/tcpip.c module when receiving a packet with a next-hop address that is a local address. Attackers that have the possibility to send IPv6 packets to the Contiki-NG host can therefore trigger deeply nested recursive calls, which can cause a stack overflow. The vulnerability has not been patched in the current release of Contiki-NG, but is expected to be patched in the next release. The problem can be fixed by applying the patch in Contiki-NG pull request #2264. Users are advised to either apply the patch manually or to wait for the next release. There are no known workarounds for this vulnerability.","publication_date":"2024-11-27T19:15:31","cvss3_severity":"Critical","cvss4_severity":"High","public_display":"CVE-2023-29001","cvssV2Severity":"Medium","cvssV3Severity":"Critical","cvssV4Severity":"High","severity":"High"},"sort":[1732734931000,"CVE-2023-29001"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-9369","_score":null,"_source":{"cvss2_severity":"Medium","description":"Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)","publication_date":"2024-11-27T18:15:18","cvss3_severity":"Medium","cvss4_severity":null,"public_display":"CVE-2024-9369","cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":null,"severity":"Medium"},"sort":[1732731318000,"CVE-2024-9369"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-7025","_score":null,"_source":{"cvss2_severity":"Medium","description":"Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","publication_date":"2024-11-27T18:15:18","cvss3_severity":"High","cvss4_severity":null,"public_display":"CVE-2024-7025","cvssV2Severity":"Medium","cvssV3Severity":"High","cvssV4Severity":null,"severity":"High"},"sort":[1732731318000,"CVE-2024-7025"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-53254","_score":null,"_source":{"cvss2_severity":null,"description":"Rejected reason: This CVE is a duplicate of another CVE.","publication_date":"2024-11-27T18:15:18","cvss3_severity":null,"cvss4_severity":null,"public_display":"CVE-2024-53254","cvssV2Severity":null,"cvssV3Severity":null,"cvssV4Severity":null,"severity":null},"sort":[1732731318000,"CVE-2024-53254"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-11160","_score":null,"_source":{"cvss2_severity":null,"description":"Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.","publication_date":"2024-11-27T18:15:08","cvss3_severity":null,"cvss4_severity":null,"public_display":"CVE-2024-11160","cvssV2Severity":null,"cvssV3Severity":null,"cvssV4Severity":null,"severity":null},"sort":[1732731308000,"CVE-2024-11160"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-54004","_score":null,"_source":{"cvss2_severity":"Medium","description":"Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system.","publication_date":"2024-11-27T17:15:15","cvss3_severity":"Medium","cvss4_severity":null,"public_display":"CVE-2024-54004","cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":null,"severity":"Medium"},"sort":[1732727715000,"CVE-2024-54004"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-54003","_score":null,"_source":{"cvss2_severity":"High","description":"Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission.","publication_date":"2024-11-27T17:15:15","cvss3_severity":"High","cvss4_severity":null,"public_display":"CVE-2024-54003","cvssV2Severity":"High","cvssV3Severity":"High","cvssV4Severity":null,"severity":"High"},"sort":[1732727715000,"CVE-2024-54003"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-51228","_score":null,"_source":{"cvss2_severity":"High","description":"An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote attacker to execute arbitrary code via the /boafrm/formSysCmd component.","publication_date":"2024-11-27T17:15:12","cvss3_severity":"Critical","cvss4_severity":null,"public_display":"CVE-2024-51228","cvssV2Severity":"High","cvssV3Severity":"Critical","cvssV4Severity":null,"severity":"Critical"},"sort":[1732727712000,"CVE-2024-51228"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-37816","_score":null,"_source":{"cvss2_severity":"High","description":"Quectel EC25-EUX EC25EUXGAR08A05M1G was discovered to contain a stack overflow.","publication_date":"2024-11-27T17:15:11","cvss3_severity":"Critical","cvss4_severity":null,"public_display":"CVE-2024-37816","cvssV2Severity":"High","cvssV3Severity":"Critical","cvssV4Severity":null,"severity":"Critical"},"sort":[1732727711000,"CVE-2024-37816"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-31976","_score":null,"_source":{"cvss2_severity":"Critical","description":"EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker to execute arbitrary OS commands via the Controller connectivity parameter.","publication_date":"2024-11-27T17:15:10","cvss3_severity":"Critical","cvss4_severity":null,"public_display":"CVE-2024-31976","cvssV2Severity":"Critical","cvssV3Severity":"Critical","cvssV4Severity":null,"severity":"Critical"},"sort":[1732727710000,"CVE-2024-31976"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-21703","_score":null,"_source":{"cvss2_severity":"Medium","description":"This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitive information about the Confluence Data Center configuration which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to the latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release greater than or equal to 7.19.18 * Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.5 * Confluence Data Center and Server 8.7: Upgrade to a release greater than or equal to 8.7.2 * Confluence Data Center and Server 8.8: Upgrade to a release greater than or equal to 8.8.0 See the release notes (https://confluence.atlassian.com/conf88/confluence-release-notes-1354501008.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ). This vulnerability was reported via our Atlassian Bug Bounty Program by Chris Elliot.","publication_date":"2024-11-27T17:15:10","cvss3_severity":"Medium","cvss4_severity":null,"public_display":"CVE-2024-21703","cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":null,"severity":"Medium"},"sort":[1732727710000,"CVE-2024-21703"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-11860","_score":null,"_source":{"cvss2_severity":"Medium","description":"A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects an unknown part of the file /rental/ajax.php?action=delete_tenant of the component POST Request Handler. The manipulation of the argument id leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.","publication_date":"2024-11-27T17:15:10","cvss3_severity":"Medium","cvss4_severity":"Medium","public_display":"CVE-2024-11860","cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":"Medium","severity":"Medium"},"sort":[1732727710000,"CVE-2024-11860"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-53920","_score":null,"_source":{"cvss2_severity":"High","description":"In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.)","publication_date":"2024-11-27T15:15:26","cvss3_severity":"Critical","cvss4_severity":null,"public_display":"CVE-2024-53920","cvssV2Severity":"High","cvssV3Severity":"Critical","cvssV4Severity":null,"severity":"Critical"},"sort":[1732720526000,"CVE-2024-53920"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-52951","_score":null,"_source":{"cvss2_severity":"Low","description":"Stored Cross-Site Scripting in the Access Request History in Omada Identity before version 15 update 1 allows an authenticated attacker to execute arbitrary code in the browser of a victim via a specially crafted link or by viewing a manipulated Access Request History","publication_date":"2024-11-27T15:15:26","cvss3_severity":"Medium","cvss4_severity":null,"public_display":"CVE-2024-52951","cvssV2Severity":"Low","cvssV3Severity":"Medium","cvssV4Severity":null,"severity":"Medium"},"sort":[1732720526000,"CVE-2024-52951"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-46055","_score":null,"_source":{"cvss2_severity":"Medium","description":"OpenVidReview 1.0 is vulnerable to Cross Site Scripting (XSS) in review names.","publication_date":"2024-11-27T15:15:26","cvss3_severity":"Medium","cvss4_severity":null,"public_display":"CVE-2024-46055","cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":null,"severity":"Medium"},"sort":[1732720526000,"CVE-2024-46055"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-46054","_score":null,"_source":{"cvss2_severity":"High","description":"OpenVidReview 1.0 is vulnerable to Incorrect Access Control. The /upload route is accessible without authentication, allowing any user to upload files.","publication_date":"2024-11-27T15:15:26","cvss3_severity":"Critical","cvss4_severity":null,"public_display":"CVE-2024-46054","cvssV2Severity":"High","cvssV3Severity":"Critical","cvssV4Severity":null,"severity":"Critical"},"sort":[1732720526000,"CVE-2024-46054"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-11862","_score":null,"_source":{"cvss2_severity":"Medium","description":"Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption key obsolete via a timing attacks","publication_date":"2024-11-27T15:15:25","cvss3_severity":"Medium","cvss4_severity":"Medium","public_display":"CVE-2024-11862","cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":"Medium","severity":"Medium"},"sort":[1732720525000,"CVE-2024-11862"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-53635","_score":null,"_source":{"cvss2_severity":"Medium","description":"A Reflected Cross Site Scripting (XSS) vulnerability was found in /covid-tms/patient-search-report.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata POST request parameter.","publication_date":"2024-11-27T14:15:19","cvss3_severity":"Medium","cvss4_severity":null,"public_display":"CVE-2024-53635","cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":null,"severity":"Medium"},"sort":[1732716919000,"CVE-2024-53635"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-53604","_score":null,"_source":{"cvss2_severity":"High","description":"A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the mobnumber POST request parameter.","publication_date":"2024-11-27T14:15:19","cvss3_severity":"Critical","cvss4_severity":null,"public_display":"CVE-2024-53604","cvssV2Severity":"High","cvssV3Severity":"Critical","cvssV4Severity":null,"severity":"Critical"},"sort":[1732716919000,"CVE-2024-53604"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-53603","_score":null,"_source":{"cvss2_severity":"High","description":"A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter.","publication_date":"2024-11-27T14:15:18","cvss3_severity":"High","cvss4_severity":null,"public_display":"CVE-2024-53603","cvssV2Severity":"High","cvssV3Severity":"High","cvssV4Severity":null,"severity":"High"},"sort":[1732716918000,"CVE-2024-53603"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-36464","_score":null,"_source":{"cvss2_severity":"Low","description":"When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords.","publication_date":"2024-11-27T14:15:17","cvss3_severity":"Low","cvss4_severity":null,"public_display":"CVE-2024-36464","cvssV2Severity":"Low","cvssV3Severity":"Low","cvssV4Severity":null,"severity":"Low"},"sort":[1732716917000,"CVE-2024-36464"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-42333","_score":null,"_source":{"cvss2_severity":"Low","description":"The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c","publication_date":"2024-11-27T12:15:21","cvss3_severity":"Low","cvss4_severity":null,"public_display":"CVE-2024-42333","cvssV2Severity":"Low","cvssV3Severity":"Low","cvssV4Severity":null,"severity":"Low"},"sort":[1732709721000,"CVE-2024-42333"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-42332","_score":null,"_source":{"cvss2_severity":"Low","description":"The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host.","publication_date":"2024-11-27T12:15:21","cvss3_severity":"Low","cvss4_severity":null,"public_display":"CVE-2024-42332","cvssV2Severity":"Low","cvssV3Severity":"Low","cvssV4Severity":null,"severity":"Low"},"sort":[1732709721000,"CVE-2024-42332"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-42331","_score":null,"_source":{"cvss2_severity":"Low","description":"In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browser_push_error method in the src/libs/zbxembed/browser_error.c file. A use-after-free bug can occur at this stage if the wd-\u003ebrowser heap pointer is freed by garbage collection.","publication_date":"2024-11-27T12:15:21","cvss3_severity":"Low","cvss4_severity":null,"public_display":"CVE-2024-42331","cvssV2Severity":"Low","cvssV3Severity":"Low","cvssV4Severity":null,"severity":"Low"},"sort":[1732709721000,"CVE-2024-42331"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-42330","_score":null,"_source":{"cvss2_severity":"High","description":"The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects.","publication_date":"2024-11-27T12:15:21","cvss3_severity":"Critical","cvss4_severity":null,"public_display":"CVE-2024-42330","cvssV2Severity":"High","cvssV3Severity":"Critical","cvssV4Severity":null,"severity":"Critical"},"sort":[1732709721000,"CVE-2024-42330"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-42329","_score":null,"_source":{"cvss2_severity":"Low","description":"The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails. But this function can fail for various reasons without an error description and then the wd-\u003eerror will be NULL and trying to read from it will result in a crash.","publication_date":"2024-11-27T12:15:20","cvss3_severity":"Low","cvss4_severity":null,"public_display":"CVE-2024-42329","cvssV2Severity":"Low","cvssV3Severity":"Low","cvssV4Severity":null,"severity":"Low"},"sort":[1732709720000,"CVE-2024-42329"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-42328","_score":null,"_source":{"cvss2_severity":"Low","description":"When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_write_cb when receiving data. If the server's response is an empty document, then wd-\u003edata in the code below will remain NULL and an attempt to read from it will result in a crash.","publication_date":"2024-11-27T12:15:20","cvss3_severity":"Low","cvss4_severity":null,"public_display":"CVE-2024-42328","cvssV2Severity":"Low","cvssV3Severity":"Low","cvssV4Severity":null,"severity":"Low"},"sort":[1732709720000,"CVE-2024-42328"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-42327","_score":null,"_source":{"cvss2_severity":"High","description":"A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.","publication_date":"2024-11-27T12:15:20","cvss3_severity":"Critical","cvss4_severity":null,"public_display":"CVE-2024-42327","cvssV2Severity":"High","cvssV3Severity":"Critical","cvssV4Severity":null,"severity":"Critical"},"sort":[1732709720000,"CVE-2024-42327"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-42326","_score":null,"_source":{"cvss2_severity":"Low","description":"There was discovered a use after free bug in browser.c in the es_browser_get_variant function","publication_date":"2024-11-27T12:15:20","cvss3_severity":"Medium","cvss4_severity":null,"public_display":"CVE-2024-42326","cvssV2Severity":"Low","cvssV3Severity":"Medium","cvssV4Severity":null,"severity":"Medium"},"sort":[1732709720000,"CVE-2024-42326"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-36468","_score":null,"_source":{"cvss2_severity":"Low","description":"The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_handle_engineid function within the Zabbix server/proxy code. This issue occurs when copying data from session-\u003esecurityEngineID to local_record.engineid without proper bounds checking.","publication_date":"2024-11-27T12:15:20","cvss3_severity":"Low","cvss4_severity":null,"public_display":"CVE-2024-36468","cvssV2Severity":"Low","cvssV3Severity":"Low","cvssV4Severity":null,"severity":"Low"},"sort":[1732709720000,"CVE-2024-36468"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-11009","_score":null,"_source":{"cvss2_severity":"Medium","description":"The Internal Linking for SEO traffic \u0026 Ranking – Auto internal links (100% automatic) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘post_id’ parameter in all versions up to, and including, 1.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","publication_date":"2024-11-27T12:15:19","cvss3_severity":"Medium","cvss4_severity":null,"public_display":"CVE-2024-11009","cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":null,"severity":"Medium"},"sort":[1732709719000,"CVE-2024-11009"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-11025","_score":null,"_source":{"cvss2_severity":"Medium","description":"An authenticated attacker with low privileges may use a SQL Injection vulnerability in the affected products administration panel to gain read and write access to a specific log file of the device.","publication_date":"2024-11-27T11:17:41","cvss3_severity":"Medium","cvss4_severity":null,"public_display":"CVE-2024-11025","cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":null,"severity":"Medium"},"sort":[1732706261000,"CVE-2024-11025"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-10521","_score":null,"_source":{"cvss2_severity":"Medium","description":"The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on the process_bulk_action function. This makes it possible for unauthenticated attackers to delete forms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","publication_date":"2024-11-27T11:15:16","cvss3_severity":"Medium","cvss4_severity":null,"public_display":"CVE-2024-10521","cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":null,"severity":"Medium"},"sort":[1732706116000,"CVE-2024-10521"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-52323","_score":null,"_source":{"cvss2_severity":"High","description":"Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account.","publication_date":"2024-11-27T10:15:05","cvss3_severity":"High","cvss4_severity":null,"public_display":"CVE-2024-52323","cvssV2Severity":"High","cvssV3Severity":"High","cvssV4Severity":null,"severity":"High"},"sort":[1732702505000,"CVE-2024-52323"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-11667","_score":null,"_source":{"cvss2_severity":"High","description":"A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.","publication_date":"2024-11-27T10:15:04","cvss3_severity":"High","cvss4_severity":null,"public_display":"CVE-2024-11667","cvssV2Severity":"High","cvssV3Severity":"High","cvssV4Severity":null,"severity":"High"},"sort":[1732702504000,"CVE-2024-11667"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-36467","_score":null,"_source":{"cvss2_severity":"High","description":"An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access.","publication_date":"2024-11-27T07:15:09","cvss3_severity":"High","cvss4_severity":null,"public_display":"CVE-2024-36467","cvssV2Severity":"High","cvssV3Severity":"High","cvssV4Severity":null,"severity":"High"},"sort":[1732691709000,"CVE-2024-36467"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-10895","_score":null,"_source":{"cvss2_severity":"Medium","description":"The Counter Up – Animated Number Counter \u0026 Milestone Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lgx-counter' shortcode in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","publication_date":"2024-11-27T07:15:08","cvss3_severity":"Medium","cvss4_severity":null,"public_display":"CVE-2024-10895","cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":null,"severity":"Medium"},"sort":[1732691708000,"CVE-2024-10895"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-10580","_score":null,"_source":{"cvss2_severity":"Medium","description":"The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized form submissions due to a missing capability check on the submit_form() function in all versions up to, and including, 7.8.5. This makes it possible for unauthenticated attackers to submit unpublished forms.","publication_date":"2024-11-27T07:15:07","cvss3_severity":"Medium","cvss4_severity":null,"public_display":"CVE-2024-10580","cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":null,"severity":"Medium"},"sort":[1732691707000,"CVE-2024-10580"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-10175","_score":null,"_source":{"cvss2_severity":"Medium","description":"The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wdo_pricing_tables shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","publication_date":"2024-11-27T07:15:07","cvss3_severity":"Medium","cvss4_severity":null,"public_display":"CVE-2024-10175","cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":null,"severity":"Medium"},"sort":[1732691707000,"CVE-2024-10175"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-52959","_score":null,"_source":{"cvss2_severity":"Medium","description":"A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file.","publication_date":"2024-11-27T06:15:19","cvss3_severity":"High","cvss4_severity":"Critical","public_display":"CVE-2024-52959","cvssV2Severity":"Medium","cvssV3Severity":"High","cvssV4Severity":"Critical","severity":"Critical"},"sort":[1732688119000,"CVE-2024-52959"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-52958","_score":null,"_source":{"cvss2_severity":"Medium","description":"A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function.","publication_date":"2024-11-27T06:15:18","cvss3_severity":"High","cvss4_severity":"Critical","public_display":"CVE-2024-52958","cvssV2Severity":"Medium","cvssV3Severity":"High","cvssV4Severity":"Critical","severity":"Critical"},"sort":[1732688118000,"CVE-2024-52958"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-11219","_score":null,"_source":{"cvss2_severity":"Medium","description":"The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor \u0026 FSE plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.0.6 via the get_image function. This makes it possible for unauthenticated attackers to view arbitrary images on the server, which can contain sensitive information.","publication_date":"2024-11-27T06:15:18","cvss3_severity":"Medium","cvss4_severity":null,"public_display":"CVE-2024-11219","cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":null,"severity":"Medium"},"sort":[1732688118000,"CVE-2024-11219"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-11083","_score":null,"_source":{"cvss2_severity":"Medium","description":"The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.","publication_date":"2024-11-27T06:15:17","cvss3_severity":"Medium","cvss4_severity":null,"public_display":"CVE-2024-11083","cvssV2Severity":"Medium","cvssV3Severity":"Medium","cvssV4Severity":null,"severity":"Medium"},"sort":[1732688117000,"CVE-2024-11083"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-5921","_score":null,"_source":{"cvss2_severity":"High","description":"An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint. GlobalProtect App for Android is under evaluation. Please subscribe to our RSS feed https://security.paloaltonetworks.com/rss.xml to be alerted to new updates to this and other advisories.","publication_date":"2024-11-27T04:15:14","cvss3_severity":"High","cvss4_severity":"Medium","public_display":"CVE-2024-5921","cvssV2Severity":"High","cvssV3Severity":"High","cvssV4Severity":"Medium","severity":"Medium"},"sort":[1732680914000,"CVE-2024-5921"]},{"_index":"1730212697359_cve","_type":"_doc","_id":"CVE-2024-53676","_score":null,"_source":{"cvss2_severity":"Critical","description":"A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution.","publication_date":"2024-11-27T01:15:05","cvss3_severity":"Critical","cvss4_severity":null,"public_display":"CVE-2024-53676","cvssV2Severity":"Critical","cvssV3Severity":"Critical","cvssV4Severity":null,"severity":"Critical"},"sort":[1732670105000,"CVE-2024-53676"]}],"total":272341,"page":1,"apiUrl":"https://www.tenable.com/cve/api/v1?sort=newest\u0026page=1"},"cookies":{},"user":null,"flash":null,"env":{"baseUrl":"https://www.tenable.com","host":"www.tenable.com","ga4TrackingId":""},"isUnsupportedBrowser":true,"__N_SSP":true},"page":"/cve/newest","query":{},"buildId":"l4vcnKDxIXiOkUtvMoFnX","isFallback":false,"isExperimentalCompile":false,"gssp":true,"appGip":true,"locale":"en","locales":["en","de","es","fr","ja","ko","zh-CN","zh-TW"],"defaultLocale":"en","domainLocales":[{"domain":"www.tenable.com","defaultLocale":"en"},{"domain":"de.tenable.com","defaultLocale":"de"},{"domain":"es-la.tenable.com","defaultLocale":"es"},{"domain":"fr.tenable.com","defaultLocale":"fr"},{"domain":"jp.tenable.com","defaultLocale":"ja"},{"domain":"kr.tenable.com","defaultLocale":"ko"},{"domain":"www.tenablecloud.cn","defaultLocale":"zh-CN"},{"domain":"zh-tw.tenable.com","defaultLocale":"zh-TW"}],"scriptLoader":[]}</script></body></html>

CINXE.COM

Newest CVEs | Tenable®