7.3
CVE-2024-31220 - Sunshine vulnerable to remote unauthenticated arbitrary file read
Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.16.0 and prior to version 0.18.0, an attacker may be able to remotely read arbitrary files without authentication due to a path traversal vulnerability. Users who exposed the Sunshine configuration web user interface ouβ¦
9.8
CVE-2024-31218 - Missing Authentication for Critical Function in Webhood backend
Webhood is a self-hosted URL scanner used analyzing phishing and malicious sites. Webhood's backend container images in versions 0.9.0 and earlier are subject to Missing Authentication for Critical Function vulnerability. This vulnerability allows an unauthenticated attacker to send a HTTP request β¦
3.5
CVE-2024-31213 - InstantCMS Open Redirect vulnerability
InstantCMS is a free and open source content management system. An open redirect was found in the ICMS2 application version 2.16.2 when being redirected after modifying one's own user profile. An attacker could trick a victim into visiting their web application, thinking they are still present on tβ¦
4.6
CVE-2024-2380 - XSS in graph rendering
Stored XSS in graph rendering in Checkmk <2.3.0b4.
6.4
CVE-2024-2499 - Squelch Tabs and Accordions Shortcodes <= 0.4.3 - Authenticated (Contributor+) Stored Cross-Site Scβ¦
The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'accordions' shortcode in all versions up to, and including, 0.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possβ¦
5.3
CVE-2023-5692 - WordPress Core <= 6.4.3 - Sensitive Information Exposure via redirect_guess_404_permalink
WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publicly_queryable' post status has been set to 'false'.
8.8
CVE-2023-6523 - IDOR in ExtremePacs's Extreme XDS
Authorization Bypass Through User-Controlled Key vulnerability in ExtremePacs Extreme XDS allows Authentication Abuse.This issue affects Extreme XDS: before 3914.
7.2
CVE-2023-6522 - Information Disclosure in ExtremePacs's Extreme XDS
Incorrect Use of Privileged APIs vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3914.
6.5
CVE-2024-2447 -
Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.5.2 fail to authenticate the source of certain types of post actions, allowing an authenticated attacker to create posts as other users via a crafted post action.
4.7
CVE-2024-29221 - Invite ID available to team admins even without the "Add Members" permission
Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the `/api/v4/users/me/teams` endpointΒ allowingΒ a team admin to get the invite ID of their team, thus allowing them to invite users, eβ¦