7.5
CVE-2024-53805 - WordPress WP Mailster plugin <= 1.8.16.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in brandtoss WP Mailster wp-mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through <= 1.8.16.0.
8.2
CVE-2024-10776 - SICK InspectorP61x and SICK InspectorP62x: missing authentication
Lua apps can be deployed, removed, started, reloaded or stopped without authorization via AppManager. This allows an attacker to remove legitimate apps creating a DoS attack, read and write files or load apps that use all features of the product available to a customer.
7.3
CVE-2024-10774 - SICK InspectorP61x and SICK InspectorP62x have unauthenticated CROWN APIs
Unauthenticated CROWN APIs allow access to critical functions. This leads to the accessibility of large parts of the web application without authentication.
9
CVE-2024-10773 - SICK InspectorP61x, SICK InspectorP62x and SICK TiM3xx are vulnerable for pass-the-hash attacks
The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain full access to the device.
8.8
CVE-2024-10772 - SICK InspectorP61x and SICK InspectorP62x are vulnerable for firmware modification
Since the firmware update is not validated, an attacker can install modified firmware on the device. This has a high impact on the availabilty, integrity and confidentiality up to the complete compromise of the device.
8.8
CVE-2024-10771 - SICK InspectorP61x, SICK InspectorP62x and SICK TiM3xx are vulnerable for remote code execution
Due to missing input validation during one step of the firmware update process, the product is vulnerable to remote code execution. With network access and the user level βServiceβ, an attacker can execute arbitrary system commands in the root userβs contexts.
5.6
CVE-2024-11022 - SICK InspectorP61x and SICK InspectorP62x are vulnerable for a replay attack
The authentication process to the web server uses a challenge response procedure which inludes the nonce and additional information. This challenge can be used several times for login and is therefore vulnerable for a replay attack.
6.5
CVE-2024-11729 - KiviCare β Clinic & Patient Management System (EHR) <= 3.6.4 - Authenticated (Subscriber+) SQL Injeβ¦
The KiviCare β Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'service_list[0][service_id]' parameter of the get_widget_payment_options AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parβ¦
6.5
CVE-2024-11730 - KiviCare β Clinic & Patient Management System (EHR) <= 3.6.4 - Authenticated (Doctor/Receptionist+)β¦
The KiviCare β Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'sort[]' parameter of the static_data_list AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient pβ¦
6.3
CVE-2024-10681 - ARMember β Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0β¦
The The ARMember β Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not properβ¦