8.8
CVE-2024-27181 - Apache Linkis Basic management services: Privilege Escalation Attack vulnerability
In Apache Linkis <= 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue.
0.0
CVE-2024-7403 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
7.1
CVE-2024-38776 - WordPress WP GoToWebinar plugin <= 15.7 - CSRF to XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson WP GoToWebinar allows Cross-Site Scripting (XSS).This issue affects WP GoToWebinar: from n/a through 15.7.
7.8
CVE-2024-39392 - Adobe Indesign 2024 EPS File Parsing Heap Memory Corruption Remote Code Execution Vulnerability
InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
CVE-2024-39396 - Adobe Indesign 2024 PCX File Parsing Out Of Bound Read
InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in thaβ¦
8.8
CVE-2024-3238 - WordPress Menu Plugin β Superfly Responsive Menu <= 5.0.29 - Cross-Site Request Forgery to Arbitrarβ¦
The WordPress Menu Plugin β Superfly Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.29. This is due to missing or incorrect nonce validation on the ajax_handle_delete_icons() function. This makes it possible for unauthenticβ¦
5.4
CVE-2024-5595 - Essential Blocks < 4.7.0 - Contributor+ Stored XSS
The Essential Blocks WordPress plugin before 4.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
6.4
CVE-2024-3827 - Spectra Pro <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block IDs
The Spectra Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block ids in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-leβ¦
7.5
CVE-2024-7389 - Forminator <= 1.29.1 - HubSpot Developer API Key Sensitive Information Exposure
The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hubspot-wp-api.php. This makes it possible for unauthenticated attackers to extract the HubSpot integration developer API key and make unauthorβ¦
6.6
CVE-2024-38482 -
CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. A highly privileged malicious user with remote access could potentially exploit this vulnerability, leading to execute unauthorized actions and retrieve sensitive iβ¦