8.6
CVE-2024-36117 - Path traversal while serving Reposilite javadoc expanded files
Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version 3.5β¦
7.5
CVE-2024-36116 - Path traversal in Reposilite javadoc file expansion
Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite provides support for JavaDocs files, which are archives that contain documentation for artifacts. Specifically, JavadocEndpoints.kt controller allows to expand the javβ¦
7.1
CVE-2024-36115 - Stored Cross site scripting in Reposilite artifacts
Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. As a Maven repository manager, Reposilite provides the ability to view the artifacts content in the browser, as well as perform administrative tasks via API. The problem lies in β¦
8.1
CVE-2024-32030 - Remote code execution via JNDI resolution in JMX metrics collection in Kafka UI
Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka UI API allows users to connect to different Kafka brokers by specifying their network address and port. As a separate feature, it also provides the ability to monitor the performance of Kafka brokers by connecting to their JMX porβ¦
7.1
CVE-2024-34444 - WordPress Slider Revolution plugin < 6.7.0 - Unauthenticated Broken Access Control vulnerability
Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before 6.7.0.
5.9
CVE-2024-34443 - WordPress Slider Revolution plugin < 6.7.11 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemePunch OHG Slider Revolution allows Stored XSS.This issue affects Slider Revolution: from n/a before 6.7.11.
8.8
CVE-2024-22263 - Arbitrary File Write Vulnerability in Spring Cloud Data Flow
Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api caβ¦
5.4
CVE-2023-25697 - WordPress GamiPress plugin <= 2.5.6 - CSRF Leading to Settings Change Vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in GamiPress.This issue affects GamiPress: from n/a through 2.5.6.
6.5
CVE-2022-45832 - WordPress Attorney theme <= 3 - Unauth. Arbitrary Content Deletion vulnerability
Missing Authorization vulnerability in Hennessey Digital Attorney.This issue affects Attorney: from n/a through 3.
9.1
CVE-2023-39312 - WordPress Avada theme <= 7.11.1 - Auth. Unrestricted Zip Extraction vulnerability
Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1.