7.5

CVSS3.1

CVE-2024-3475 - Sticky Buttons < 3.2.4 - Button Deletion via CSRF

The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks

πŸ“… Published: May 2, 2024, 6 a.m. πŸ”„ Last Modified: May 8, 2025, 5:52 p.m.

8.8

CVSS3.1

CVE-2024-3474 - Wow Skype Buttons < 4.0.4 - Button Deletion via CSRF

The Wow Skype Buttons WordPress plugin before 4.0.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks

πŸ“… Published: May 2, 2024, 6 a.m. πŸ”„ Last Modified: March 25, 2025, 2:15 p.m.

5.9

CVSS3.1

CVE-2024-3472 - Modal Window < 5.3.10 - Modal Deletion via CSRF

The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack

πŸ“… Published: May 2, 2024, 6 a.m. πŸ”„ Last Modified: May 8, 2025, 6:45 p.m.

3.4

CVSS3.1

CVE-2024-3471 - Button Generator < 3.0 - Button Deletion via CSRF

The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack

πŸ“… Published: May 2, 2024, 6 a.m. πŸ”„ Last Modified: May 8, 2025, 6:45 p.m.

4.5

CVSS3.1

CVE-2024-2405 - Float menu < 6.0.1 - Menu Deletion via CSRF

The Float menu WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack.

πŸ“… Published: May 2, 2024, 6 a.m. πŸ”„ Last Modified: May 8, 2025, 6:43 p.m.

8.8

CVSS3.1

CVE-2024-33871 - ghostscript: OPVP device arbitrary code execution via custom Driver library

An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dy…

πŸ“… Published: May 2, 2024, midnight πŸ”„ Last Modified: April 16, 2025, 7:14 p.m.

6.9

CVSS3.1

CVE-2024-32359 -

An RBAC authorization risk in Carina v0.13.0 and earlier allows local attackers to execute arbitrary code through designed commands to obtain the secrets of the entire cluster and further take over the cluster.

πŸ“… Published: May 2, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.2

CVSS3.1

CVE-2024-31965 -

A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker with administrative privilege to conduct a path traversal attack due to insufficient input validatio…

πŸ“… Published: May 2, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.7

CVSS3.1

CVE-2024-29309 -

An issue in Alfresco Content Services v.23.3.0.7 allows a remote attacker to execute arbitrary code via the Transfer Service.

πŸ“… Published: May 2, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.9

CVSS3.1

CVE-2024-33394 -

An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.

πŸ“… Published: May 2, 2024, midnight πŸ”„ Last Modified: July 7, 2025, 3:40 p.m.
Total resulsts: 349182
Page 10092 of 34,919
Β« previous page Β» next page
Filters