4.3
CVE-2024-35727 - WordPress Extra Product Options for WooCommerce plugin <= 3.0.6 - Broken Access Control vulnerabiliβ¦
Missing Authorization vulnerability in actpro Extra Product Options for WooCommerce.This issue affects Extra Product Options for WooCommerce: from n/a through 3.0.6.
5.3
CVE-2024-35729 - WordPress Tickera plugin <= 3.5.2.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through <= 3.5.2.6.
5.3
CVE-2024-35735 - WordPress WP Time Slots Booking Form plugin <= 1.2.11 - Broken Access Control vulnerability
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.11.
4.3
CVE-2024-35741 - WordPress Awesome Support plugin <= 6.1.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7.
5.3
CVE-2024-35742 - WordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0.
8.1
CVE-2024-4328 - CSRF in clear_personality_files_list in parisneo/lollms-webui
A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick usβ¦
5.3
CVE-2024-37168 - @grpc/grpc-js can allocate memory for incoming messages well above configured limits
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the `grpc.max_receive_message_length` channel option: If an inβ¦
9.8
CVE-2024-37393 -
Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserveβ¦
6.1
CVE-2022-45176 -
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting (XSS) can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application (through its vShare functionality section) doesn't properly check parameters, sent in HTTP requests as iβ¦
5.8
CVE-2023-39176 - Kernel: ksmbd: transform header out-of-bounds read information disclosure vulnerability
A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitiβ¦