8.8
CVE-2024-3516 -
Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
8.1
CVE-2024-3157 -
Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High)
6.8
CVE-2024-31464 - XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted
XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.19, 15.5.4, and 15.9-rc-1, it is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it's β¦
5.3
CVE-2024-31242 - WordPress Bricksforge plugin <= 2.0.17 - Unauthenticated Arbitrary Email Sending vulnerability
Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17.
5.3
CVE-2024-31230 - WordPress ShortPixel Adaptive Images plugin <= 3.8.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.8.2.
4.3
CVE-2024-31943 - WordPress USPS Shipping for WooCommerce plugin <= 1.9.2 - Cross Site Request Forgery (CSRF) vulneraβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipping for WooCommerce β Live Rates.This issue affects USPS Shipping for WooCommerce β Live Rates: from n/a through 1.9.2.
4.3
CVE-2024-31944 - WordPress WooCommerce UPS Shipping plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerce UPS Shipping β Live Rates and Access Points.This issue affects WooCommerce UPS Shipping β Live Rates and Access Points: from n/a through 2.2.4.
9.1
CVE-2024-31461 - Plane Server-Side Request Forgery (SSRF) Vulnerability
Plane, an open-source project management tool, has a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 0.17-dev. This issue may allow an attacker to send arbitrary requests from the server hosting the application, potentially leading to unauthorized access to internal systems. Tβ¦
9.7
CVE-2024-31214 - Traccar's unrestricted file upload vulnerability in device image upload could lead to remote code eβ¦
Traccar is an open source GPS tracking system. Traccar versions 5.1 through 5.12 allow arbitrary files to be uploaded through the device image upload API. Attackers have full control over the file contents, full control over the directory where the file is stored, full control over the file extensiβ¦
5.4
CVE-2024-3570 - Stored XSS leading to Admin Account Takeover in mintplex-labs/anything-llm
A stored Cross-Site Scripting (XSS) vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to β¦