5.9
CVE-2024-3913 - Phoenix Contact: Start sequence allows attack during the boot process
An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup.
4.4
CVE-2023-31356 - kernel: hw:amd: Incomplete system memory cleanup in SEV firmware corrupt guest private memory
Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity.
5.3
CVE-2023-20584 - kernel: hw:amd:IOMMU improperly handles certain special address leading to a loss of guest integrity
IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity.
6.5
CVE-2024-43165 - WordPress WPSection plugin <= 1.3.8 - Contributor+ Limited Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rashid87 WPSection allows PHP Local File Inclusion.This issue affects WPSection: from n/a through 1.3.8.
10
CVE-2024-43160 - WordPress BerqWP plugin <= 1.7.6 - Unauthenticated Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in BerqWP allows Code Injection.This issue affects BerqWP: from n/a through 1.7.6.
9.8
CVE-2024-43153 - WordPress Woffice theme <= 5.4.10 - Unauthenticated Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in WofficeIO Woffice woffice.This issue affects Woffice: from n/a through <= 5.4.10.
9.8
CVE-2024-43141 - WordPress Participants Database plugin <= 2.5.9.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Roland Barker, xnau webdesign Participants Database allows Object Injection.This issue affects Participants Database: from n/a through 2.5.9.2.
7.5
CVE-2024-43140 - WordPress Ultimate Bootstrap Elements for Elementor plugin <= 1.4.4 - Local File Inclusion vulneraβ¦
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows PHP Local File Inclusion.This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.4.
6.5
CVE-2024-43138 - WordPress Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 4.2.1 - Local File Incβ¦
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MagePeople Team Event Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Event Manager for WooCommerce: from n/a through 4.2.1.
9.1
CVE-2024-37287 - Kibana arbitrary code execution via prototype pollution
A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution.