8.7
CVE-2024-8215 - Payload Injection Attack via Management REST interface
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Payara Platform Payara Server (Admin Console modules) allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 beforeβ¦
6.8
CVE-2024-45330 -
A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests.
3.1
CVE-2024-33506 -
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager 7.4.2 and below, 7.2.5 and below, 7.0.12 and below allows a remote authenticated attacker assigned to an Administrative Domain (ADOM) to access device summary of unauthorized ADOMs via crafted HTTPβ¦
0.0
CVE-2024-9625 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
4.3
CVE-2024-8431 - Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.21 - Missing Authorization to Authenticatβ¦
The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson() function in all versions up to, and including, 3.2.21. This makes it possible for authenticated attackers, with subsβ¦
6.4
CVE-2024-8482 - Royal Elementor Addons and Templates <= 1.3.986 - Authenticated (Contributor+) Stored Cross-Site Scβ¦
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βurlβ parameter in all versions up to, and including, 1.3.982 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contrβ¦
6.1
CVE-2024-9207 - BuddyPress Docs <= 2.2.3 - Reflected Cross-Site Scripting
The BuddyPress Docs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in paβ¦
4.4
CVE-2024-8488 - Survey Maker β Customer Satisfaction Questionnaire, Chat Survey, Calculation Form, Payment Forms <=β¦
The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and aβ¦
9.8
CVE-2024-8884 -
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause exposure of credentials when attacker has access to application on network over http
7.3
CVE-2024-9005 -
CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server.