8.1
CVE-2023-6968 - The Moneytizer <= 9.6.3 - Cross-Site Request Forgery via multiple AJAX actions
The The Moneytizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.6.3. This is due to missing or incorrect nonce validation on multiple AJAX functions. This makes it possible for unauthenticated attackers to to update and retrieve billing an…
4.4
CVE-2024-4942 - Custom Dash <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
The Custom Dash plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and a…
6.4
CVE-2024-5342 - Simple Image Popup Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via …
The Simple Image Popup Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sips_popup' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for aut…
4.3
CVE-2024-4788 - Boostify Header Footer Builder for Elementor <= 1.3.5 - Missing Authorization to Page/Post Creation
The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_bhf_post function in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with subscriber…
8.8
CVE-2024-5324 - XootiX Framework <= Various Plugin Versions - Missing Authorization to Arbitrary Options Update
Multiple plugins for WordPress utilizing the XootiX Framework are vulnerable to unauthorized modification of data due to a missing capability check on the 'import_settings' function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to c…
7.5
CVE-2023-49441 - dnsmasq: vulnerable to Integer Overflow via forward_query
dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.
4.7
CVE-2024-2965 - Denial-of-Service in LangChain SitemapLoader in langchain-ai/langchain
A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. The `parse_sitemap` method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers…
5.3
CVE-2024-37152 - Unauthenticated Access to sensitive settings in Argo CD
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. This vulnerability is fixed in 2.1…
10.0
CVE-2024-5480 - python-pytorch: Remoce Code Execution vulnerability in torch.distributed.rpc framework
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
6.5
CVE-2024-23445 - Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions
It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.html#security-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the field_security parameter, …