6.9
CVE-2024-49767 - Werkzeug possible resource exhaustion when parsing file data in forms
Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effectivβ¦
0.0
CVE-2024-10398 -
This CVE id was assigned but later discarded.
6.3
CVE-2024-49766 - Werkzeug safe_join not safe on Windows
Werkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended access to data. Appβ¦
5.4
CVE-2024-9584 - Image Map Pro <= 6.0.20 - Missing Authorization to Authenticated (Contributor+) Map Project Add/Updβ¦
The Image Map Pro plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the AJAX functions in versions up to, and including, 6.0.20. This makes it possible for authenticated attackers with contributor-level privileges or above,β¦
6.4
CVE-2024-9585 - Image Map Pro <= 6.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Image Map Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'save_project' function with an arbitrary shortcode in versions up to, and including, 6.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible forβ¦
8.7
CVE-2024-10387 - Rockwell Automation FactoryTalk ThinManager Denial-of-Service Vulnerability
CVE-2024-10387 IMPACT A Denial-of-Service vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in Denial-of-Service.
9.3
CVE-2024-10386 - Rockwell Automation FactoryTalk ThinManager Authentication Vulnerability
CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in database manipulation.
4.6
CVE-2024-8036 - Unauthorized Modifications of Firmware and Configuration
ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE. An attacker could exploit these vulnerabilities by sending a specially crafted firmware or configuration to the system node, causing the node to stop, become inaccessible, or allowing the attacker to β¦
0.0
CVE-2024-10391 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
7.5
CVE-2024-49757 - Zitadel User Registration Bypass Vulnerability
The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the registβ¦