5.3
CVE-2024-6574 - Laposta <= 1.12 - Unauthenticated Full Path Disclosure
The Laposta plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.12. This is due to the plugin not preventing direct access to several test files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, whiβ¦
7.2
CVE-2024-5902 - UserFeedback Lite <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting via Name Parameter
The User Feedback β Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name parameter in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it poβ¦
0.0
CVE-2024-6721 -
** REJECT ** DO NOT USE THIS CVE RECORD. Consult IDs: CVE-2024-5324. Reason: This record is a reservation duplicate of CVE-2024-5324. Notes: All CVE users should referenceΒ CVE-2024-5324 instead of this record. All references and descriptions in this record have been removed to prevent accidental uβ¦
3.1
CVE-2023-41093 - Loss of confidentiality due to potential race condition in Bluetooth controller Connection_Handle rβ¦
Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0.
5.4
CVE-2024-40690 - IBM InfoSphere Server cross-site scripting
IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 29772β¦
6.5
CVE-2024-37405 -
Livechat messages can be leaked by combining two NoSQL injections affecting livechat:loginByToken (pre-authentication) and livechat:loadHistory.
7.2
CVE-2024-39917 - xrdp allows an ininite number of login attempts
xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, thisβ¦
9.1
CVE-2024-38736 - WordPress Realtyna Organic IDX plugin <= 4.14.13 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Realtyna Realtyna Organic IDX plugin allows Code Injection.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.13.
0.0
CVE-2024-38735 - WordPress Event post plugin <= 5.9.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Bastien Ho Event post event-post.This issue affects Event post: from n/a through <= 5.9.5.
9.1
CVE-2024-38734 - WordPress Import Spreadsheets from Microsoft Excel plugin <= 10.1.4 - Arbitrary File Upload vulneraβ¦
Unrestricted Upload of File with Dangerous Type vulnerability in SpreadsheetConverter Import Spreadsheets from Microsoft Excel allows Code Injection.This issue affects Import Spreadsheets from Microsoft Excel: from n/a through 10.1.4.