6.1
CVE-2024-52597 - 2FAuth vulnerable to stored cross-site scripting via SVG upload and direct access render
2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Versions prior to 5.4.1 are vulnerable to stored cross-site scripting due to improper headers in direct access to uploaded SVGs. The application allows uploading images in several places. One oโฆ
4.3
CVE-2024-11154 - PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.15 - Mโฆ
The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.15 via the 'actAjaxRevisionDiffs' function. This makes it possible for authenticated attackers, wiโฆ
8.8
CVE-2024-10913 - Clone <= 2.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialized_replace'
The Clone plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.6 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain iโฆ
10
CVE-2024-9479 -
Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2.
10
CVE-2024-9478 -
Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2.
7.5
CVE-2024-11495 - Buffer overflow in OllyDbg
Buffer overflow vulnerability in OllyDbg, version 1.10, which could allow a local attacker to execute arbitrary code due to lack of proper bounds checking.
8.8
CVE-2024-52437 - WordPress Banner System plugin <= 1.0.0 - Privilege Escalation vulnerability
Missing Authentication for Critical Function vulnerability in Saul Morales Pacheco Banner System banner-system allows Privilege Escalation.This issue affects Banner System: from n/a through <= 1.0.0.
6.9
CVE-2024-11406 - Stored XSS in django CMS Attributes Fields
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django CMS Attributes Fields allows Stored XSS.This issue affects django CMS Attributes Fields: before 4.0.
8.8
CVE-2024-52438 - WordPress de:branding plugin <= 1.0.2 - Privilege Escalation vulnerability
Missing Authentication for Critical Function vulnerability in deco.agency de:branding debranding allows Privilege Escalation.This issue affects de:branding: from n/a through <= 1.0.2.
9.8
CVE-2024-52442 - WordPress UserPlus plugin <= 2.0 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in userplus UserPlus userplus allows Privilege Escalation.This issue affects UserPlus: from n/a through <= 2.0.