5.3
CVE-2024-10655 - Tongda OA 2017 new.php sql injection
A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file /pda/reportshop/new.php. The manipulation of the argument repid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed β¦
9.8
CVE-2024-7456 - SQL Injection in lunary-ai/lunary
A SQL injection vulnerability exists in the `/api/v1/external-users` route of lunary-ai/lunary version v1.4.2. The `order by` clause of the SQL query uses `sql.unsafe` without prior sanitization, allowing for SQL injection. The `orderByClause` variable is constructed without server-side validation β¦
6.9
CVE-2024-10654 - TOTOLINK LR350 formLoginAuth.htm authorization
A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launcβ¦
6.4
CVE-2024-10367 - Otter Blocks β Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 3.0.4 - Authenticated (β¦
The Otter Blocks β Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possibleβ¦
7.2
CVE-2024-10653 - CHANGING Information Technology IDExpert - OS Command Injection
IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrative privileges to inject and execute OS commands on the server.
6.1
CVE-2024-10652 - CHANGING Information Technology IDExpert - Reflected XSS
IDExpert from CHANGING Information Technology does not properly validate a parameter for a specific functionality, allowing unauthenticated remote attackers to inject JavsScript code and perform Reflected Cross-site scripting attacks.
4.9
CVE-2024-10651 - CHANGING Information Technology IDExpert - Arbitrary File Read through Path Traversal
IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrator privileges to exploit this vulnerability to read arbitrary system files.
6.4
CVE-2024-10232 - AtomChat <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via atomchat Shortcode
The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atomchat shortcode in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible foβ¦
6.4
CVE-2024-9655 - Gutenberg Blocks with AI by Kadence WP β Page Builder Features <= 3.3.1 - Authenticated (Contributoβ¦
The Gutenberg Blocks with AI by Kadence WP β Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon widget in all versions up to, and including, 6.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This β¦
5.4
CVE-2024-7424 - Multiple Page Generator Plugin β MPG <= 4.0.1 - Missing Authorization
The Multiple Page Generator Plugin β MPG plugin for WordPress is vulnerable to unauthorized modification of and access to data due to a missing capability check on several functions in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with Subscriber-leveβ¦