6.5
CVE-2024-39337 -
Click Studios Passwordstate Core before 9.8 build 9858 allows Authentication Bypass.
9.8
CVE-2024-39331 - emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
7.5
CVE-2024-38319 - IBM Security SOAR code execution
IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially crafted script. IBM X-Force ID: 294830.
9.8
CVE-2024-5443 - Remote Code Execution via Path Traversal in parisneo/lollms
CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the `ExtensionBuilder().build_extension()` function. The vulnerability arises from the `/mount_extension` endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory stβ¦
6.9
CVE-2024-6253 - itsourcecode Online Food Ordering System purchase.php sql injection
A vulnerability was found in itsourcecode Online Food Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /purchase.php. The manipulation of the argument customer leads to sql injection. The attack may be launched remotely. The exploit haβ¦
5.1
CVE-2024-6252 - Zorlan SkyCaiji Task cross site scripting
A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Task Handler. The manipulation of the argument onerror leads to cross site scripting. The attack can be launched remotely. The exploβ¦
5.1
CVE-2024-6251 - playSMS New Phonebook cross site scripting
A vulnerability, which was classified as problematic, was found in playSMS 1.4.3. Affected is an unknown function of the file /index.php?app=main&inc=feature_phonebook&op=phonebook_list of the component New Phonebook Handler. The manipulation of the argument name/email leads to basic cross site scrβ¦
4.8
CVE-2024-38379 - Apache Allura: Stored authenticated XSS
Apache Allura's neighborhood settings are vulnerable to a stored XSS attack.Β Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted. This issue affects Apache Allura: from 1.4.0 through 1.17.0. Users aβ¦
7.2
CVE-2024-3593 - UberMenu <= 3.8.3 - Cross-Site Request Forgery to Settings Reset
The UberMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the ubermenu_delete_all_item_settings and ubermenu_reset_settings functions. This makes it possible for unauthenticated β¦
6.3
CVE-2024-5596 - ARMember Premium <= 6.7 - Cross-Site Request Forgery via multiple functions
The ARMember Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.7. This is due to incorrectly implemented nonce validation function on multiple functions. This makes it possible for unauthenticated attackers to modify, or delete user meta anβ¦