6.7

CVSS3.1

CVE-2024-12570 - Privilege Context Switching Error in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's `CI_JOB_TOKEN` to obtain a GitLab session token belonging to the victim.

πŸ“… Published: Dec. 12, 2024, 11:30 a.m. πŸ”„ Last Modified: July 11, 2025, 8:21 p.m.

4

CVSS3.1

CVE-2024-12292 - Insertion of Sensitive Information into Log File in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained in GraphQL logs.

πŸ“… Published: Dec. 12, 2024, 11:30 a.m. πŸ”„ Last Modified: July 11, 2025, 8:33 p.m.

6.2

CVSS3.1

CVE-2024-54100 -

Vulnerability of improper access control in the secure input module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

πŸ“… Published: Dec. 12, 2024, 11:25 a.m. πŸ”„ Last Modified: Jan. 14, 2025, 6:32 p.m.

6.7

CVSS3.1

CVE-2024-54099 -

File replacement vulnerability on some devices Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

πŸ“… Published: Dec. 12, 2024, 11:23 a.m. πŸ”„ Last Modified: Sept. 18, 2025, 7:15 a.m.

8.5

CVSS3.1

CVE-2024-54098 -

Service logic error vulnerability in the system service module Impact: Successful exploitation of this vulnerability may affect service integrity.

πŸ“… Published: Dec. 12, 2024, 11:13 a.m. πŸ”„ Last Modified: Jan. 10, 2025, 6:32 p.m.

7.3

CVSS3.1

CVE-2024-54097 -

Security vulnerability in the HiView module Impact: Successful exploitation of this vulnerability may affect feature implementation and integrity.

πŸ“… Published: Dec. 12, 2024, 11:11 a.m. πŸ”„ Last Modified: Jan. 10, 2025, 6:34 p.m.

5.3

CVSS3.1

CVE-2024-54096 -

Vulnerability of improper access control in the MTP module Impact: Successful exploitation of this vulnerability may affect integrity and accuracy.

πŸ“… Published: Dec. 12, 2024, 11:10 a.m. πŸ”„ Last Modified: Jan. 10, 2025, 6:36 p.m.

6.1

CVSS3.1

CVE-2024-12160 - Seraphinite Bulk Discounts for WooCommerce <= 2.4.6 - Reflected Cross-Site Scripting

The Seraphinite Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to inject arb…

πŸ“… Published: Dec. 12, 2024, 8:22 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-11760 - Currency Converter Widget ⚑ PRO <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Currency Converter Widget ⚑ PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'currency-converter-widget-pro' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This m…

πŸ“… Published: Dec. 12, 2024, 8:22 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.5

CVSS3.1

CVE-2024-12333 - WoodMart <= 8.0.3 - Unauthenticated Arbitrary Shortcode Execution

The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode through the woodmart_instagram_ajax_query …

πŸ“… Published: Dec. 12, 2024, 8:22 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 7502 of 34,919
Β« previous page Β» next page
Filters