4.3
CVE-2024-39679 - WordPress Cooked Plugin - Cross-Site Request Forgery to Recipe Template Reset
Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users iβ¦
4.3
CVE-2024-39678 - WordPress Cooked Plugin - Cross-Site Request Forgery to Get Recipe IDs
Cooked is a recipe plugin for WordPress. The Cooked plugin is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performingβ¦
0.0
CVE-2024-6865 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
5.4
CVE-2024-32981 - Cross-site Scripting vulnerability with encoded payload in silverstripe/framework
Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected versions a bad actor with access to edit content in the CMS could add send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of β¦
4.3
CVE-2024-29885 - Reports are still accessible even when `canView()` returns false in silverstripe/reports
silverstripe/reports is an API for creating backend reports in the Silverstripe Framework. In affected versions reports can be accessed by their direct URL by any user who has access to view the reports admin section, even if the `canView()` method for that report returns `false`. This issue has beβ¦
6.4
CVE-2024-28796 -
IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 2β¦
5.3
CVE-2024-40633 - Customer data leak via adjustments API endpoint in Sylius
Sylius is an Open Source eCommerce Framework on Symfony. A security vulnerability was discovered in the `/api/v2/shop/adjustments/{id}` endpoint, which retrieves order adjustments based on incremental integer IDs. The vulnerability allows an attacker to enumerate valid adjustment IDs and retrieve oβ¦
5.3
CVE-2024-40636 - Basic Auth Credential Leakage to Logs After Fetch Registry Error in Steeltoe.Discovery.Eureka with β¦
Steeltoe is an open source project that provides a collection of libraries that helps users build production-grade cloud-native applications using externalized configuration, service discovery, distributed tracing, application management, and more. When utilizing multiple Eureka server service URLsβ¦
0.0
CVE-2024-40639 -
This CVE is a duplicate of another CVE.
7.4
CVE-2024-40641 - Unsigned code template execution through workflows in projectdiscovery/nuclei
Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. In affected versions it a way to execute code template without -code option and signature has been discovered. Some web applications inherit from Nuclei and allow users to edit and execute workflow files. In thβ¦