CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54237 – WordPress Ni CRM Lead plugin <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-54237
13 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anzia Ni CRM Lead allows Reflected XSS.This issue affects Ni CRM Lead: from n/a through 1.3.0. The Ni CRM Lead plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can success... • https://patchstack.com/database/wordpress/plugin/ni-crm-lead/vulnerability/wordpress-ni-crm-lead-plugin-1-3-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10496 – Out of bounds read in BuildFontMap in fontmgr.cpp in NI LabVIEW
https://notcve.org/view.php?id=CVE-2024-10496
10 Dec 2024 — An out of bounds read due to improper input validation in BuildFontMap in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-vulnerabilities-in-ni-labview-.html • CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10495 – Out of bounds read when loading the font table in fontmgr.cpp in NI LabVIEW
https://notcve.org/view.php?id=CVE-2024-10495
10 Dec 2024 — An out of bounds read due to improper input validation when loading the font table in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-vulnerabilities-in-ni-labview-.html • CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10494 – Out of bounds read in HeapObjMapImpl.cpp in NI LabVIEW
https://notcve.org/view.php?id=CVE-2024-10494
10 Dec 2024 — An out of bounds read due to improper input validation in HeapObjMapImpl.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-read-vulnerabilities-in-ni-labview-.html • CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54231 – WordPress Ni WooCommerce Order Export plugin <= 3.1.6 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-54231
05 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anzia Ni WooCommerce Order Export allows Reflected XSS.This issue affects Ni WooCommerce Order Export: from n/a through 3.1.6. The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip... • https://patchstack.com/database/wordpress/plugin/ni-woocommerce-order-export/vulnerability/wordpress-ni-woocommerce-order-export-plugin-3-1-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54236 – WordPress Ni WooCommerce Bulk Product Editor plugin <= 1.4.5 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-54236
05 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anzia Ni WooCommerce Bulk Product Editor allows Reflected XSS.This issue affects Ni WooCommerce Bulk Product Editor: from n/a through 1.4.5. The Ni WooCommerce Bulk Product Editor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to i... • https://patchstack.com/database/wordpress/plugin/ni-woocommerce-product-editor/vulnerability/wordpress-ni-woocommerce-bulk-product-editor-plugin-1-4-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54258 – WordPress Ni CRM Lead plugin <= 1.3.0 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-54258
05 Dec 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anzia Ni CRM Lead allows SQL Injection.This issue affects Ni CRM Lead: from n/a through 1.3.0. The Ni CRM Lead plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access ... • https://patchstack.com/database/wordpress/plugin/ni-crm-lead/vulnerability/wordpress-ni-crm-lead-plugin-1-3-0-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53783 – WordPress Ni WooCommerce Cost Of Goods plugin <= 3.2.8 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-53783
28 Nov 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Anzia Ni WooCommerce Cost Of Goods allows SQL Injection.This issue affects Ni WooCommerce Cost Of Goods: from n/a through 3.2.8. The Ni WooCommerce Cost Of Goods plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authent... • https://patchstack.com/database/wordpress/plugin/ni-woocommerce-cost-of-goods/vulnerability/wordpress-ni-woocommerce-cost-of-goods-plugin-3-2-8-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4081 – Memory Corruption Due to Improper Length Check in NI LabVIEW
https://notcve.org/view.php?id=CVE-2024-4081
23 Jul 2024 — A memory corruption issue due to an improper length check in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects NI LabVIEW 2024 Q1 and prior versions. Un problema de corrupción de memoria debido a una verificación de longitud inadecuada en NI LabVIEW puede revelar información o resultar en la ejecución de código arbitrario. La explotación exitosa requiere que un atac... • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-issues-due-to-improper-length-checks-in-labview.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4080 – Memory Corruption Due to Improper Length Checks in LabVIEW tdcore.dll
https://notcve.org/view.php?id=CVE-2024-4080
23 Jul 2024 — A memory corruption issue due to an improper length check in LabVIEW tdcore.dll may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. Un problema de corrupción de memoria debido a una verificación de longitud incorrecta en LabVIEW tdcore.dll puede revelar información o resultar en la ejecución de código arbitrario. La explotación exitosa requier... • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-issues-due-to-improper-length-checks-in-labview.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •