8.8
CVE-2024-40867 -
A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox.
8.8
CVE-2024-44259 -
This issue was addressed through improved state management. This issue is fixed in Safari 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, visionOS 2.1. An attacker may be able to misuse a trust relationship to download malicious content.
10
CVE-2024-50495 - WordPress Plugin Propagator plugin <= 0.1 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in nunomorgadinho Plugin Propagator wp-propagator allows Upload a Web Shell to a Web Server.This issue affects Plugin Propagator: from n/a through <= 0.1.
10
CVE-2024-50496 - WordPress AR For WordPress plugin <= 6.6 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through <= 6.6.
7.5
CVE-2024-50434 - WordPress NewsCard theme <= 1.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehorse NewsCard newscard.This issue affects NewsCard: from n/a through <= 1.3.
7.5
CVE-2024-50435 - WordPress Meta News theme <= 1.1.7 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehorse Meta News meta-news.This issue affects Meta News: from n/a through <= 1.1.7.
7.5
CVE-2024-50436 - WordPress Clean Retina theme <= 3.0.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehorse Clean Retina clean-retina.This issue affects Clean Retina: from n/a through <= 3.0.6.
7.5
CVE-2024-50453 - WordPress The Pack Elementor addons plugin <= 2.0.9 - Local File Inclusion vulnerability
Relative Path Traversal vulnerability in webangon The Pack Elementor addons the-pack-addon allows PHP Local File Inclusion.This issue affects The Pack Elementor addons: from n/a through <= 2.0.9.
7.5
CVE-2024-50457 - WordPress Qode Essential Addons plugin <= 1.6.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Qode Essential Addons qode-essential-addons.This issue affects Qode Essential Addons: from n/a through <= 1.6.3.
3.1
CVE-2024-49755 - Duende IdentityServer has insufficient validation of DPoP cnf claim in Local APIs
Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. IdentityServer's local API authentication handler performs insufficient validation of the cnf claim in DPoP access tokens. This allows an attacker to use leaked DPoP access tokens at local api endpoints even withouβ¦