5.4
CVE-2024-40746 - Extension - hikashop.com - Stored cross site scripting vulnerability in Hikashop component for Joomβ¦
A stored cross-site scripting (XSS) vulnerability in HikaShop Joomla Component < 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the `description` parameter of any product. The `description `parameter is not sanitised iβ¦
7.7
CVE-2024-49366 - Nginx UI's json field can construct a directory traversal payload, causing arbitrary files to be wrβ¦
Nginx UI is a web user interface for the Nginx web server. Nginx UI v2.0.0-beta.35 and earlier gets the value from the json field without verification, and can construct a value value in the form of `../../`. Arbitrary files can be written to the server, which may result in loss of permissions. Verβ¦
8.7
CVE-2024-48930 - secp256k1-node vulnerable to private key extraction over ECDH
secp256k1-node is a Node.js binding for an Optimized C library for EC operations on curve secp256k1. In `elliptic`-based version, `loadUncompressedPublicKey` has a check that the public key is on the curve. Prior to versions 5.0.1, 4.0.4, and 3.8.1, however, `loadCompressedPublicKey` is missing thaβ¦
8.7
CVE-2024-45309 - OneDev vulnerable to arbitrary file reading for unauthenticated user
OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9.
6.5
CVE-2024-8305 - MongoDB Server secondaries may crash due to forced index constraints
prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions β¦
0.0
CVE-2024-10212 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
4.3
CVE-2024-49273 - WordPress ProfileGrid plugin <= 5.9.3 - Cross Site Request Forgery (CSRF) vulnerability
Missing Authorization vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities.This issue affects ProfileGrid : from n/a through <= 5.9.3.
4.3
CVE-2024-49293 - WordPress WP VR plugin <= 8.5.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in RexTheme WP VR wpvr allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through <= 8.5.4.
4.3
CVE-2024-49321 - WordPress Simple Custom Post Order plugin <= 2.5.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in colorlibplugins Simple Custom Post Order simple-custom-post-order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through <= 2.5.7.
6.5
CVE-2024-43945 - WordPress LatePoint plugin <= 4.9.91 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Latepoint LatePoint allows Cross Site Request Forgery.This issue affects LatePoint: from n/a through 4.9.91.