7.8
CVE-2024-47414 - Animate | Use After Free (CWE-416)
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
CVE-2024-47418 - Animate | Use After Free (CWE-416)
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
CVE-2024-47411 - Animate | Access of Uninitialized Pointer (CWE-824)
Animate versions 23.0.7, 24.0.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
CVE-2024-47412 - Animate | Use After Free (CWE-416)
Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
CVE-2024-45146 - Dimension | Use After Free (CWE-416)
Dimension versions 4.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
CVE-2024-45150 - Dimension | Out-of-bounds Write (CWE-787)
Dimension versions 4.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
CVE-2024-20787 - Substance3D - Painter | Out-of-bounds Read (CWE-125)
Substance3D - Painter versions 10.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a vβ¦
6.4
CVE-2024-9451 - Embed PDF Viewer <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via height andβ¦
The Embed PDF Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' and 'width' parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributorβ¦
2.9
CVE-2024-39586 -
Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. An adjacent high privileged attacker could potentially exploit this vulnerability, leading to information disclosure.
6.4
CVE-2024-9449 - Auto iFrame <= 1.7 - Authenticated (Author+) Stored Cross-Site Scripting via tag Parameter
The Auto iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to β¦