Latest CVE Feed
-
6.5
MEDIUMCVE-2022-4532
The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging ... Read more
Affected Products :- Published: Aug. 17, 2024
- Modified: Aug. 19, 2024
-
8.5
HIGHCVE-2024-6456
AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted ... Read more
Affected Products : historian- Published: Aug. 15, 2024
- Modified: Aug. 19, 2024
-
7.5
HIGHCVE-2024-43367
Boa is an embeddable and experimental Javascript engine written in Rust. Starting in version 0.16 and prior to version 0.19.0, a wrong assumption made when handling ECMAScript's `AsyncGenerator` operations can cause an uncaught exception on certain script... Read more
Affected Products :- Published: Aug. 15, 2024
- Modified: Aug. 19, 2024
-
4.7
MEDIUMCVE-2023-1604
The Short URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.8. This is due to missing or incorrect nonce validation on the configuration_page function. This makes it possible for unauthenticated att... Read more
Affected Products : short_url- Published: Aug. 17, 2024
- Modified: Aug. 19, 2024
-
8.6
HIGHCVE-2024-43357
ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript (JavaScript) specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as... Read more
Affected Products :- Published: Aug. 15, 2024
- Modified: Aug. 19, 2024
-
6.5
MEDIUMCVE-2024-42476
In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the `state` parameter to prevent cross-site request forgery (CSRF) attacks where a resource owner might have their session associated with pro... Read more
Affected Products :- Published: Aug. 15, 2024
- Modified: Aug. 19, 2024
-
6.5
MEDIUMCVE-2024-42475
In the OAuth library for nim prior to version 0.11, the `state` values generated by the `generateState` function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the us... Read more
Affected Products :- Published: Aug. 15, 2024
- Modified: Aug. 19, 2024
-
6.1
MEDIUMCVE-2023-4604
The Slideshow, Image Slider by 2J plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘post’ parameter in versions up to, and including, 1.3.54 due to insufficient input sanitization and output escaping. This makes it possible for... Read more
Affected Products : 2j_slideshow- Published: Aug. 17, 2024
- Modified: Aug. 19, 2024
-
5.3
MEDIUMCVE-2023-4730
The LadiApp plugn for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init_endpoint() function hooked via 'init' in versions up to, and including, 4.3. This makes it possible for unauthenticated attack... Read more
Affected Products : ladipage- Published: Aug. 17, 2024
- Modified: Aug. 19, 2024
-
6.4
MEDIUMCVE-2024-7147
The JetBlocks for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple placeholder parameters in all versions up to, and including, 1.3.12 due to insufficient input sanitization and output escaping. This makes it possib... Read more
Affected Products : jetblocks_for_elementor- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
6.4
MEDIUMCVE-2024-7136
The JetSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacke... Read more
Affected Products :- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
4.2
MEDIUMCVE-2024-7501
The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.7. This is due to missing or incorrect nonce validation on the download_theme() function. This... Read more
Affected Products :- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
5.4
MEDIUMCVE-2024-42486
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI c... Read more
Affected Products : cilium- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
7.8
HIGHCVE-2024-2175
An insecure permissions vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges.... Read more
Affected Products :- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
5.9
MEDIUMCVE-2024-6098
When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response leading to unrestricted or unregulated resource alloc... Read more
- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
10.0
CRITICALCVE-2024-6500
The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'parse_request' function in all versions up to, and including, 1.4.0 (for InPost for W... Read more
Affected Products :- Published: Aug. 17, 2024
- Modified: Aug. 19, 2024
-
5.3
MEDIUMCVE-2024-35686
Missing Authorization vulnerability in Automattic Sensei LMS, Automattic Sensei Pro (WC Paid Courses).This issue affects Sensei LMS: from n/a through 4.23.1; Sensei Pro (WC Paid Courses): from n/a through 4.23.1.1.23.1.... Read more
Affected Products : sensei_lms- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
7.1
HIGHCVE-2024-43306
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP-Lister Lite for eBay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.6.0.... Read more
Affected Products :- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
6.5
MEDIUMCVE-2024-43284
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Stored XSS.This issue affects WP Travel Gutenberg Blocks: from n/a through 3.5.1.... Read more
Affected Products :- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
7.1
HIGHCVE-2024-43244
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS.This issue affects Houzez: from n/a through 3.2.4.... Read more
Affected Products :- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024