6.1
CVE-2024-8790 - Social Share With Floating Bar <= 1.0.3 - Reflected Cross-Site Scripting
The Social Share With Floating Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web sβ¦
6.4
CVE-2024-8916 - Suki Sites Import <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The Suki Sites Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and aboveβ¦
6.4
CVE-2024-9848 - Product Customizer Light <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Filβ¦
The Product Customizer Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access anβ¦
9.8
CVE-2024-10119 - SECOM WRTM326 - OS Command Injection
The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An unauthenticated remote attacker could execute arbitrary system commands by sending crafted requests.
9.8
CVE-2024-10118 - SECOM WRTR-304GN-304TW-UPSC - OS Command Injection
SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
9.4
CVE-2024-9264 - Grafana SQL Expressions allow for remote code execution
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higβ¦
4.7
CVE-2024-10041 - Pam: libpam: libpam vulnerable to read hashed password
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaβ¦
9.8
CVE-2024-45944 -
In J2eeFAST <=2.7, the backend function has unsafe filtering, which allows an attacker to trigger certain sensitive functions resulting in arbitrary code execution.
0.0
CVE-2024-10115 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-9884. Reason: This candidate is a reservation duplicate of CVE-2024-9884. Notes: All CVE users should reference CVE-2024-9884 instead of this candidate. All references and descriptions in this candidate have been removed to preventβ¦
5.9
CVE-2024-49023 - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability