8.6
CVE-2024-30128 - An open proxy vulnerability affects HCL Nomad server on Domino
HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information.
7.8
CVE-2024-8316 - Progress UI for WPF format provider unsafe deserialization vulnerability
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability.
7.8
CVE-2024-7576 - Progress UI for WPF format provider unsafe deserialization vulnerability
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability.
7.8
CVE-2024-7575 - Improper neutralization special element in hyperlinks
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.
6.5
CVE-2024-6512 -
Authorization bypass in theΒ PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism.
7.8
CVE-2024-7679 - Improper neutralization special element in hyperlinks
In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.
5.1
CVE-2024-45613 - CKEditor 5 has Cross-site Scripting vulnerability in the clipboard package
CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting (XSS) vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code exβ¦
6.4
CVE-2024-8546 - ElementsKit Elementor addons <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting viβ¦
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video widget in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticatβ¦
9.3
CVE-2024-4657 - Strored XSS in Talent Software's BAP Automation
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software BAP Automation allows Stored XSS.This issue affects BAP Automation: before 30840.
7.5
CVE-2024-6594 - WatchGuard Firebox Single Sign-On Client Denial-of-Service
Improper Handling of Exceptional Conditions vulnerability in the WatchGuard Single Sign-On Client on Windows causes the client to crash while handling malformed commands. An attacker with network access to the client could create a denial of service condition for the Single Sign-On service by repeaβ¦