CVSS: 6.1EPSS: %CPEs: 1EXPL: 0CVE-2024-13668 – WordPress Activity-o-meter <= 1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-13668
04 Feb 2025 — The WordPress Activity-o-meter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48706
https://notcve.org/view.php?id=CVE-2024-48706
22 Oct 2024 — Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a) managemessage.php file and (b) managetask.php file respectively. • https://github.com/anoncoder01/Collabtive_StoredXSS/blob/master/vulnerabilities/XSS2.md •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48707
https://notcve.org/view.php?id=CVE-2024-48707
22 Oct 2024 — Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under (a) action=add or action=edit within managemilestone.php file and (b) action=addpro within admin.php file. • https://github.com/anoncoder01/Collabtive_StoredXSS/blob/master/vulnerabilities/XSS3.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48708
https://notcve.org/view.php?id=CVE-2024-48708
22 Oct 2024 — Collabtive 3.1 is vulnerable to Cross-Site Scripting (XSS) via the name parameter in (a) file tasklist.php under action = add/edit and in (b) file admin.php under action = adduser/edituser. • https://github.com/anoncoder01/Collabtive_StoredXSS/blob/master/vulnerabilities/XSS4.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6654 – Denial of Service vulnerability in ESET products for macOS
https://notcve.org/view.php?id=CVE-2024-6654
27 Sep 2024 — Products for macOS enables a user logged on to the system to perform a denial-of-service attack, which could be misused to disable the protection of the ESET security product and cause general system slow-down. Los productos para macOS permiten que un usuario conectado al sistema realice un ataque de denegación de servicio, que podría usarse indebidamente para deshabilitar la protección del producto de seguridad de ESET y provocar una ralentización general del sistema. Products for macOS enables a user logg... • https://support.eset.com/en/ca8725-local-privilege-escalation-vulnerability-in-eset-products-for-macos-fixed • CWE-377: Insecure Temporary File •
CVSS: 8.5EPSS: 0%CPEs: 13EXPL: 0CVE-2024-7400 – Local privilege escalation in ESET products for Windows
https://notcve.org/view.php?id=CVE-2024-7400
27 Sep 2024 — The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so. • https://support.eset.com/en/ca8726-local-privilege-escalation-fixed-for-vulnerability-during-detected-file-removal-in-eset-products-for-windows • CWE-1386: Insecure Operation on Windows Junction / Mount Point •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-3779 – Denial of Service in ESET products for Windows
https://notcve.org/view.php?id=CVE-2024-3779
16 Jul 2024 — Denial of service vulnerability present shortly after product installation or upgrade, potentially allowed an attacker to render ESET’s security product inoperable, provided non-default preconditions were met. • https://support.eset.com/en/ca8688 • CWE-276: Incorrect Default Permissions •
CVSS: 7.3EPSS: 0%CPEs: 13EXPL: 0CVE-2024-2003 – Local Privilege Escalation in Quarantine of ESET products for Windows
https://notcve.org/view.php?id=CVE-2024-2003
21 Jun 2024 — Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from quarantine. This vulnerability allows local attackers to escalate privileges on affected installations of ESET Smart Security Premium. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the ESET Service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage thi... • https://support.eset.com/ca8674 • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5961 – Reflected XSS in 2ClickPortal
https://notcve.org/view.php?id=CVE-2024-5961
14 Jun 2024 — Improper neutralization of input during web page generation vulnerability in 2ClickPortal software allows reflected cross-site scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects 2ClickPortal software versions from 7.2.31 through 7.6.4. La neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web en el software 2ClickPortal permite cross-site scripting (XSS) reflejado. Un at... • https://github.com/kac89/CVE-2024-5961 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34473
https://notcve.org/view.php?id=CVE-2024-34473
04 May 2024 — An issue was discovered in appmgr in O-RAN Near-RT RIC I-Release. An attacker could register an unintended RMR message type during xApp registration to disrupt other service components. Se descubrió un problema en appmgr en O-RAN Near-RT RIC I-Release. Un atacante podría registrar un tipo de mensaje RMR no deseado durante el registro de xApp para interrumpir otros componentes del servicio. • https://jira.o-ran-sc.org/browse/RIC-1055 •