5.3
CVE-2024-43924 - WordPress Responsive Lightbox & Gallery plugin <= 2.4.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7.
8.1
CVE-2024-9947 - ProfilePress - Pro <= 4.11.1 - Authentication Bypass via WordPress.com OAuth provider
The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existinβ¦
4.3
CVE-2024-9583 - RSS Aggregator β RSS Import, News Feeds, Feed to Post, and Autoblogging <= 4.23.12 - Missing Authorβ¦
The RSS Aggregator β RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprss_ajax_send_premium_support function in all versions up to, and including, 4.23.12. This makes it possibleβ¦
6.5
CVE-2024-9829 - Download Plugin <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) User Metadata and Cβ¦
The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers,β¦
7.2
CVE-2024-9927 - WooCommerce Order Proposal <= 2.0.5 - Authenticated (Shop Manager+) Privilege Escalation via Order β¦
The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. This is due to the improper implementation of allow_payment_without_login function. This makes it possible for authenticated attackers, with Shop Mβ¦
5.3
CVE-2024-31880 - IBM Db2 denial of service
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.
7.5
CVE-2024-10295 - Gateway: apicast basic auth bypass via malformed base64 headerssending non-base64 'basic' auth withβ¦
A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue canβ¦
7
CVE-2024-50066 - mm/mremap: fix move_normal_pmd/retract_page_tables race
In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix move_normal_pmd/retract_page_tables race In mremap(), move_page_tables() looks at the type of the PMD entry and the specified address range to figure out by which method the next chunk of page table entries should β¦
8.8
CVE-2024-40431 -
A lack of input validation in Realtek SD card reader driver before 10.0.26100.21374 through the implementation of the IOCTL_SCSI_PASS_THROUGH control of the SD card reader driver allows an attacker to write to predictable kernel memory locations, even as a low-privileged user.
5.9
CVE-2024-50382 -
Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V.