8.8
CVE-2024-6144 - Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerabili…
Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability…
8.8
CVE-2024-6143 - Actiontec WCB6200Q uh_tcp_recv_header Buffer Overflow Remote Code Execution Vulnerability
Actiontec WCB6200Q uh_tcp_recv_header Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The speci…
8.8
CVE-2024-6142 - Actiontec WCB6200Q uh_tcp_recv_content Buffer Overflow Remote Code Execution Vulnerability
Actiontec WCB6200Q uh_tcp_recv_content Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The spec…
6.4
CVE-2024-5970 - MaxGalleria <= 6.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via maxgallery_thum…
The MaxGalleria plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's maxgallery_thumb shortcode in all versions up to, and including, 6.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated …
6.3
CVE-2024-6129 - spa-cartcms Username login observable behavioral discrepancy
A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to launch the attack remote…
6.9
CVE-2024-6128 - spa-cartcms Checkout Page checkout behavioral workflow
A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input -10 leads to enforcement of behavioral workflow. The…
5.4
CVE-2024-38277 - moodle: QR login key and auto-login key for the Moodle mobile app should be generated as separate k…
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.
8.8
CVE-2024-38276 - moodle: CSRF risks due to misuse of confirm_sesskey
Incorrect CSRF token checks resulted in multiple CSRF risks.
7.5
CVE-2024-38275 - moodle: HTTP authorization header is preserved between "emulated redirects"
The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.
6.1
CVE-2024-38274 - moodle: stored XSS via calendar's event title when deleting the event
Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt.