7.1
CVE-2024-47651 - Parameter Pollution Vulnerability
This vulnerability exists in Shilpi Client Dashboard due to improper handling of multiple parameters in the API endpoint. An authenticated remote attacker could exploit this vulnerability by including multiple βuseridβ parameters in the API request body leading to unauthorized access of sensitive iβ¦
8.2
CVE-2024-6400 - Cleartext Storage of Username and Password in Finrota's Netahsilat
Cleartext Storage of Sensitive Information, Exposure of Sensitive Information Through Data Queries vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data, Authentication Bypass, IMAP/SMTP Command Injection, Collect Data from Common Resource Locations. This issue solved in versiβ¦
6.4
CVE-2024-9271 - Re:WP <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject β¦
6.4
CVE-2024-9071 - Easy Demo Importer β A Modern One-Click Demo Import Solution <= 1.1.2 - Authenticated (Author+) Stoβ¦
The Easy Demo Importer β A Modern One-Click Demo Import Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated atβ¦
6.1
CVE-2024-9435 - ShiftController Employee Shift Scheduling <= 4.9.66 - Reflected Cross-Site Scripting
The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL keys in all versions up to, and including, 4.9.66 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbβ¦
4.4
CVE-2024-9306 - WP Booking Calendar <= 10.6 - Authenticated (Admin+) Stored Cross-Site Scripting
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 10.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissionβ¦
6.3
CVE-2024-6444 - Bluetooth: ots: missing buffer length check
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
6.3
CVE-2024-6443 - zephyr: out-of-bound read in utf8_trunc
In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty.
6.3
CVE-2024-6442 - Bluetooth: ASCS Unchecked tailroom of the response buffer
In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow.
6.4
CVE-2024-9242 - Memberful β Membership Plugin <= 1.73.7 - Authenticated (contributor+) Stored Cross-Site Scripting
The Memberful β Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'memberful_buy_subscription_link' and 'memberful_podcasts_link' shortcodes in all versions up to, and including, 1.73.7 due to insufficient input sanitization and output escaping on β¦