7.9
CVE-2024-8038 -
Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.
6.5
CVE-2024-8037 -
Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a β¦
6.5
CVE-2024-35294 - Schneider Elektronik Series 700 prone to missing authentication for traffic capture function
An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials.
8.7
CVE-2024-7558 -
JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user accesβ¦
9.1
CVE-2024-35293 - Schneider Elektronik Series 700 prone to missing authentication for critical reset function
An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS.
6.4
CVE-2024-8505 - WordPress Infinite Scroll - Ajax Load More <= 7.1.2 - Authenticated (Contributor+) Stored Cross-Sitβ¦
The WordPress Infinite Scroll β Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βbutton_labelβ parameter in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackerβ¦
6.4
CVE-2024-8282 - Ibtana β WordPress Website Builder <= 1.2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scriβ¦
The Ibtana β WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βalignβ attribute within the 'wp:ive/ive-productscarousel' Gutenberg block in all versions up to, and including, 1.2.4.4 due to insufficient input sanitization and output escaping. This β¦
0.0
CVE-2024-44017 - WordPress MH Board plugin <= 1.3.2.1 - Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MinHyeong Lim MH Board mh-board allows PHP Local File Inclusion.This issue affects MH Board: from n/a through <= 1.3.2.1.
0.0
CVE-2024-44030 - WordPress Checkout Mestres WP plugin <= 8.6 - Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mestres do WP Checkout Mestres WP checkout-mestres-wp allows Absolute Path Traversal.This issue affects Checkout Mestres WP: from n/a through <= 8.6.
6.1
CVE-2024-9218 - Magazine Blocks β Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocβ¦
The Magazine Blocks β Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3β¦