7.8
CVE-2024-8590 - Autodesk AutoCAD 3DM File Parsing Use-After-Free Code Execution Vulnerability
A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
7.8
CVE-2024-8589 - Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Vulnerability
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
7.8
CVE-2024-8588 - Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Vulnerability
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
7.8
CVE-2024-8587 - Autodesk AutoCAD SLDPRT File Parsing Heap-based Buffer Overflow Code Execution Vulnerability
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
8.8
CVE-2024-50455 - WordPress SEOPress plugin <= 8.1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Benjamin Denis SEOPress wp-seopress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through <= 8.1.1.
8.8
CVE-2024-50456 - WordPress SEOPress plugin <= 8.1.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Benjamin Denis SEOPress wp-seopress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through <= 8.1.1.
9.8
CVE-2024-50459 - WordPress AidWP plugin <= 3.2.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Hossni Mubarak AidWP wp-stripe-donation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AidWP: from n/a through <= 3.2.3.
4.3
CVE-2024-50466 - WordPress DarkMySite β Advanced Dark Mode Plugin for WordPress plugin <= 1.2.8 - Cross Site Requestβ¦
Cross-Site Request Forgery (CSRF) vulnerability in DarkMySite DarkMySite β Advanced Dark Mode Plugin for WordPress darkmysite allows Cross Site Request Forgery.This issue affects DarkMySite β Advanced Dark Mode Plugin for WordPress: from n/a through 1.2.8.
9.8
CVE-2024-9989 - Crypto <= 2.18 - Authentication Bypass via log_in
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.18. This is due to a limited arbitrary method call to 'crypto_connect_ajax_process::log_in' function in the 'crypto_connect_ajax_process' function. This makes it possible for unauthenticated aβ¦
8.8
CVE-2024-9990 - Crypto <= 2.15 - Cross-Site Request Forgery to Authentication Bypass
The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. This is due to missing nonce validation in the 'crypto_connect_ajax_process::check' function. This makes it possible for unauthenticated attackers to log in as any existing user on thβ¦