6.5
CVE-2024-32024 - Kohya_ss vulenrable to path injection in `common_gui.py` `add_pre_postfix` function (`GHSL-2024-023β¦
Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a path injection in the `common_gui.py` `add_pre_postfix` function. This vulnerability is fixed in 23.1.5.
6.5
CVE-2024-32023 - Kohya_ss vulnerable to path injection in `common_gui.py` `find_and_replace` function (`GHSL-2024-02β¦
Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a path injection in the `common_gui.py` `find_and_replace` function. This vulnerability is fixed in 23.1.5.
5.3
CVE-2024-31451 - Limited file write in routes.py (GHSL-2023-250)
DocsGPT is a GPT-powered chat for documentation. DocsGPT is vulnerable to unauthenticated limited file write in routes.py. This vulnerability is fixed in 0.8.1.
6.4
CVE-2024-30256 - Open WebUI vulnerable to server-side request forgery in utils.py
Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117.
6.4
CVE-2024-3672 - BA Book Everything <= 1.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'all-items' shortcode in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes such as 'classes'. This makes it possiblβ¦
4.3
CVE-2024-3243 - Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Aβ¦
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_email() function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access anβ¦
4.3
CVE-2024-3869 - Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Cβ¦
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommerce_json_search_coupons' function . This makes it possible for attackers with subscriber level access to view coupon codes.
7.2
CVE-2024-3067 - WooCommerce Google Feed Manager <= 2.4.2 - Authenticated (Admin+) SQL Injection to Reflected Cross-β¦
The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possiblβ¦
6.5
CVE-2024-3367 - Argument injection to runmqsc
Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc
6.4
CVE-2024-1357 - Shortcodes and extra features for Phlox theme <= 2.15.7 - Authenticated (Contributor+) Stored Crossβ¦
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_timeline shortcode in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping on user supplied attributes such as thuβ¦