7.1
CVE-2024-39631 - WordPress Contest Gallery plugin <= 23.1.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 23.1.2.
5.8
CVE-2024-39643 - WordPress RegistrationMagic plugin <= 6.0.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RegistrationMagic Forms RegistrationMagic allows Stored XSS.This issue affects RegistrationMagic: from n/a through 6.0.0.1.
6.5
CVE-2024-39644 - WordPress Black Widgets For Elementor plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.5.
7.1
CVE-2024-39646 - WordPress Custom 404 Pro plugin <= 3.11.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kunal Custom 404 Pro custom-404-pro.This issue affects Custom 404 Pro: from n/a through <= 3.11.1.
7.1
CVE-2024-39647 - WordPress Message Filter for Contact Form 7 plugin <= 1.6.1.1 - Cross Site Scripting (XSS) vulnerabβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kofi Mokome Message Filter for Contact Form 7 cf7-message-filter.This issue affects Message Filter for Contact Form 7: from n/a through <= 1.6.1.1.
8.1
CVE-2024-41956 - Soft Serve allows arbitrary code execution by crafting git-lfs requests
Soft Serve is a self-hostable Git server for the command line. Prior to 0.7.5, it is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git. The issue is that Soft Serve passes all environment variables given by tβ¦
3
CVE-2024-41948 - biscuit-java vulnerable to public key confusion in third party block
biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the neβ¦
3
CVE-2024-41949 - biscuit-rust vulnerable to public key confusion in third party block
biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the neβ¦
6.9
CVE-2024-7369 - SourceCodester Simple Realtime Quiz System Login ajax.php sql injection
A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0 and classified as critical. This issue affects some unknown processing of the file /ajax.php?action=login of the component Login. The manipulation of the argument username leads to sql injection. The attack may be initiatedβ¦
6.8
CVE-2024-32862 - exacqVision CORS
Under certain circumstances the ExacqVision Web Services does not provide sufficient protection from untrusted domains.