5.5
CVE-2024-45072 - IBM WebSphere Application Server XML external entity injection
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.
4.3
CVE-2024-29155 - Denial of service on Microchip RN4870 devices
On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair request to be blocked.
6.5
CVE-2024-49265 - WordPress Booking.com Banner Creator plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SPBooking.com Booking.com Banner Creator bookingcom-banner-creator.This issue affects Booking.com Banner Creator: from n/a through <= 1.4.6.
8.9
CVE-2024-9348 - Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view
Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view.
5.9
CVE-2024-49266 - WordPress WP-Spreadplugin plugin <= 4.8.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thimo Grauerholz WP-Spreadplugin wp-spreadplugin allows Cross-Site Scripting (XSS).This issue affects WP-Spreadplugin: from n/a through <= 4.8.9.
6.5
CVE-2024-49267 - WordPress Unlimited Addon For Elementor plugin <=2.0.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nayon46 Unlimited Addon For Elementor unlimited-addon-for-elementor allows Stored XSS.This issue affects Unlimited Addon For Elementor: from n/a through <= 2.0.0.
7.1
CVE-2024-49268 - WordPress disconnected theme <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sunburntkamel disconnected allows Reflected XSS.This issue affects disconnected: from n/a through 1.3.0.
8.6
CVE-2024-45844 - BIG-IP monitors vulnerability
BIG-IP monitor functionality may allow an attacker to bypass access control restrictions, regardless of the port lockdown settings.Β Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
4.8
CVE-2024-47139 - F5 BIG-IQ Vulnerability
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IQ Configuration utility that allows an attacker with the Administrator role to run JavaScript in the context of the currently logged-in user. Β Note: Software versions which have reached End of Technical β¦
9.8
CVE-2024-9893 - Nextend Social Login Pro <= 3.1.14 - Authentication Bypass via WordPress.com OAuth provider
The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as anyβ¦