2025-08-30 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2023-41471 | n/a - n/a | Cross Site Scripting vulnerability in copyparty v.1.9.1 allows a local attacker to execute arbitrary code via a crafted payload to the WEEKEND-PLANS function. | CNA n/a CVSS3.1: 7.8 - HIGH | 0 1 | Exploitation: pocAutomatable: noTechnical Impact: total | undefined | github |
| CVE-2020-24363 | n/a - n/a | TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. | CNA n/a CVSS3.1: 8.8 - HIGH | 0 1 2 | Exploitation: noneAutomatable: noTechnical Impact: total | undefined | github |
| CVE-2024-44271 | Apple - macOS | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may be able to record the screen without an indicator. | CNA n/a CVSS3.1: 3.3 - LOW | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | undefined | github |
| CVE-2024-13342 | pluggabl - Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools | The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘add_files_to_order’ function in all versions up to, and including, 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files with double extensions on the affected site’s server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present. | CVSS3.1: 8.1 - HIGH | 0 1 2 | Exploitation: noneAutomatable: noTechnical Impact: total | Booster for WooCommerce <= 7.2.4 - Unauthenticated Double Extension Arbitrary File Upload | github |
This post is licensed under CC BY 4.0 by the author.