4.3
CVE-2024-3893 - Classified Listing β Classified ads & Business Directory Plugin <= 3.0.10.3 - Missing Authorizationβ¦
The Classified Listing β Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtcl_fb_gallery_image_delete AJAX action in all versions up to, and including, 3.0.10.3. This makes it possible for authenticaβ¦
6.4
CVE-2024-3988 - Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementβ¦
The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Fancy Text Widget in all versions up to, and including, 3.5.2 due to insufβ¦
6.4
CVE-2024-3929 - Content Views β Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shorβ¦
The Content Views β Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Widget Post Overlay block in all versions up to, and including, 3.7.0 due to insufficient input sanitization and oβ¦
7.6
CVE-2024-4173 - SANnav versions exposes Kafka in the wan interface.
A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav.
6.8
CVE-2024-2907 - AGCA β Custom Dashboard & Login Page < 7.2.2 - Admin+ Stored XSS via Image URL
The AGCA WordPress plugin before 7.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
8.6
CVE-2024-4161 - Syslog traffic sent in clear-text
In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. This could allow an unauthenticated, remote attacker to capture sensitive information.
4.3
CVE-2024-4159 - Protection mechanisms
Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information.
5.3
CVE-2024-33664 - python-jose: allows attackers to cause a denial of service
python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319.
3.5
CVE-2024-32236 -
An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index.php component.
9.1
CVE-2024-33661 -
Portainer before 2.20.0 allows redirects when the target is not index.yaml.