6.5
CVE-2024-8237 - Inefficient Algorithmic Complexity in GitLab
A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. An attacker could cause a denial of service with a crafted cargo.toml file.
4.2
CVE-2024-11668 - Insufficient Session Expiration in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results.
8.1
CVE-2024-32965 - ssrf vulnerability in lobe-chat
Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. The jwt token header X-Lobe-Chat-Aβ¦
7.4
CVE-2024-8676 - Cri-o: checkpoint restore can be triggered from different namespaces
A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the validations run on the pβ¦
6.1
CVE-2024-10878 - Sugar Calendar (Lite) <= 3.3.0 - Reflected Cross-Site Scripting
The Sugar Calendar β Simple Event Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3.0. This makes it possible for unauthenticated attackβ¦
6.9
CVE-2024-11407 - Denial of Service through Data corruption in gRPC-C++
There exists a denial of service through Data corruption in gRPC-C++ -Β gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the netwβ¦
6.5
CVE-2024-36463 -
The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects.
2.2
CVE-2024-22117 - Value of sysmap_element_url can be de-synchronized causing the map element to crash when new URLs iβ¦
When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelemβ¦
6.4
CVE-2024-8236 - Elementor Website Builder β More than Just a Page Builder <= 3.25.7 - Authenticated (Contributor+) β¦
The Elementor Website Builder β More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βurlβ parameter of the Icon widget in all versions up to, and including, 3.25.7 due to insufficient input sanitization and output escaping. This makes it possible β¦
7.2
CVE-2024-9461 - Total Upkeep <= 1.16.6 - Authenticated (Administrator+) Remote Code Execution via Backup Settings
The Total Upkeep β WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the cron_interval parameter. This is due to missing input validation and sanitization. This makes it possible foβ¦