CVE-2024-39565 : JUNIPER NETWORKS JUNOS OS UP TO 23.4R1-S1J-WEB XPATH INJECTION

Description An Improper Neutralization of Data within XPath Expressions (‘XPath Injection’) vulnerability in J-Web shipped with Juniper Networks Junos OS

Description The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including,

Description EVerest is an EV charging software stack. An integer overflow in the “v2g_incoming_v2gtp” function in the v2g_server.cpp implementation can

Description Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover

Description Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member

Description Vulnerability in Jaspersoft JasperReport Servers.This issue affects JasperReport Servers: from 8.0.4 through 9.0.0. References https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-july-9-2024-jasperreports-server-cve-2024-3325-r4/ For More Information CVERecord

Description ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This

Description The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to authentication bypass in all

Description A vulnerability was found in Tenda AX1806 1.0.0.1. Affected by this issue is the function formSetRebootTimer of the file

Description Incorrect permissions on the Checkmk Windows Agent’s data directory in Checkmk < 2.3.0p8, < 2.2.0p29, < 2.1.0p45, and

Description Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project

Description An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read, delete and change data. References https://cert.vde.com/en/advisories/VDE-2024-038

Description In the Linux kernel, the following vulnerability has been resolved: crypto: qat – Fix ADF_DEV_RESET_SYNC memory leak Using completion_done

Description The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to Full Path Disclosure in

Description An issue in ifood Order Manager v3.35.5 ‘Gestor de Peddios.exe’ allows attackers to execute arbitrary code via a DLL

Description Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. A low privileged attacker could

Description All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to

Description All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling

Description All versions of the package @discordjs/opus are vulnerable to Denial of Service (DoS) due to providing an input object

Description IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the

Description In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of

Description In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill

Description ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key. References https://zkteco.eu/downloads/zkbio-cvsecurity-installation-files https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2024-36526.md For More Information CVERecord

Description SQL injection vulnerability in login.php in Itsourcecode Online Discussion Forum Project in PHP with Source Code 1.0 allows remote