6.3
CVE-2024-3719 - Campcodes House Rental Management System ajax.php sql injection
A vulnerability, which was classified as critical, was found in Campcodes House Rental Management System 1.0. This affects an unknown part of the file ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosedโฆ
4.3
CVE-2024-3662 - WPZOOM Social Feed Widget & Block <= 2.1.13 - Missing Authorization to Authenticated (Subscriber+) โฆ
The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpzoom_instagram_clear_data() function in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level accโฆ
4.4
CVE-2023-6494 - WPC Smart Quick View for WooCommerce <= 4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scโฆ
The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administratoโฆ
5.4
CVE-2024-2583 - Shortcodes Ultimate < 7.0.5 - Contributor+ Stored XSS
The WP Shortcodes Plugin โ Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks.
6.4
CVE-2024-3027 - Smart Slider 3 <= 3.5.1.22 - Missing Authorization to Limited File Upload
The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the upload function in all versions up to, and including, 3.5.1.22. This makes it possible for authenticated attackers, with contributor-level access and above, to upload โฆ
6.4
CVE-2024-1957 - GiveWP โ Donation Plugin and Fundraising Platform <= 3.6.1 -- Authenticated(Contributor+) Stored Crโฆ
The GiveWP โ Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'give_form' shortcode in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makโฆ
5.5
CVE-2024-26817 - amdkfd: use calloc instead of kzalloc to avoid integer overflow
In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing the multiplication which might overflow.
8.6
CVE-2024-32487 - less: OS command injection
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESโฆ
4.1
CVE-2024-32028 - Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore
OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of `OpenTelemetry.Instrumentation.Http` and `OpenTelemetry.Instrumentation.AspNetCore` the `url.full` writes attribute/tag on spans (`Activity`) when tracing is enabled for outgoing http requests and `OpenTelemetry.Instrumenโฆ
6.3
CVE-2024-31462 - Limited file write in Stable-diffusion-webui - GHSL-2024-010
stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_saveโฆ