8.1
CVE-2024-47881 - OpenRefine's SQLite integration allows filesystem access, remote code execution (RCE)
OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the `database` extension, the "enable_load_extension" property can be set for the SQLite integration, enabling an attacker to load (local or remote) extension DLLs and so β¦
8.1
CVE-2024-47880 - OpenRefine has a reflected cross-site scripting vulnerability from POST request in ExportRowsCommand
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the `export-rows` command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page thβ¦
8.1
CVE-2024-10327 -
A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the userβs selection. When a user long-presses the notification banner and selecβ¦
7.6
CVE-2024-47879 - OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request fβ¦
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the `preview-expression` command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can contβ¦
9.8
CVE-2024-7763 - WhatsUp Gold getReport Missing Authentication Authentication Bypass Vulnerability
In WhatsUp Gold versions released before 2024.0.0,Β an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials.
8.1
CVE-2024-47878 - Reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt)
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the `/extension/gdata/authorized` endpoint includes the `state` GET parameter verbatim in a `<script>` tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL contaβ¦
5.5
CVE-2024-47173 - Aimeos GraphQL API admin interface denial of service vulnerability in SaaS and marketplace setups
Aimeos is an e-commerce framework. All SaaS and marketplace setups using the Aimeos GraphQL API admin interface version from 2024.04 up to 2024.07.1 are affected by a potential denial of service attack. Version 2024.07.2 fixes the issue.
7.1
CVE-2024-46998 - baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Edit Email Form Settings Feature. Version 5.1.2 fixes the issue.
6.3
CVE-2024-46996 - baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Blog posts feature. Version 5.1.2 fixes this issue.
6.1
CVE-2024-46995 - baserCMS has Cross-site Scripting Vulnerability in HTTP 400 Bad Request
baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in HTTP 400 Bad Request. Version 5.1.2 fixes this issue.