6.3
CVE-2024-54132 - GitHub CLI allows downloading malicious GitHub Actions workflow artifact to result in path traversaβ¦
The GitHub CLI is GitHubβs official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerability stems from a β¦
8.8
CVE-2024-11643 - Accessibility by AllAccessible <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbiβ¦
The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'AllAccessible_save_settings' function in all versions up to, and including, 1.3.4. This makes it possible for auβ¦
8.3
CVE-2024-54134 - @solana/web3.js modified package published to npm, containing malware that exfiltrates private key β¦
A publish-access account was compromised for `@solana/web3.js`, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots, β¦
5.4
CVE-2024-40745 - Extension - tassos.gr - Reflected Cross site scripting vulnerability in Convert Forms component forβ¦
Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8.
9.8
CVE-2024-40744 - Extension - tassos.gr - Unrestricted file upload in Convert Forms component for Joomla < 4.4.8
Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8.
0.0
CVE-2024-12161 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
2.3
CVE-2024-12056 - Client Secret not checked with OAuth Password grant type
The Client secret is not checked when using the OAuth Password grant type. By exploiting this vulnerability, an attacker could connect to a web server using a client application not explicitly authorized as part of the OAuth deployment. Exploitation requires valid credentials and does not permit tβ¦
8.8
CVE-2024-51465 - IBM App Connect Enterprise Certified Container command execution
IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3Β could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
5.3
CVE-2024-7488 - Business Logic Error in RestApp Inc.'s Online Ordering System
Integer Overflow or Wraparound, Improper Validation of Specified Quantity in Input vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks. This issue affects Online Ordering System: 8.2.1. NOTE: Vulnerability fixed in version 8.2.2 and does not exist before 8.2.1.
0.0
CVE-2024-12154 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.