5.4
CVE-2024-4379 - Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site β¦
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Global Tooltip widget in all versions up to, and including, 4.10.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for β¦
6.4
CVE-2024-4376 - Premium Addons for Elementor <= 4.10.31 - Authenticated (Contributor+) Stored Cross-Site Scripting β¦
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widget in all versions up to, and including, 4.10.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authβ¦
4.3
CVE-2024-4205 - Premium Addons for Elementor <= 4.10.31 - Missing Authorization to Information Disclosure
The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content() function in all versions up to, and including, 4.10.31. This makes it possible for authenticated attackers, with subscriber-level accessβ¦
7.2
CVE-2024-2793 - Visual Website Collaboration, Feedback & Project Management β Atarim <= 3.30 - Unauthenticated Storβ¦
The Visual Website Collaboration, Feedback & Project Management β Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated aβ¦
6.4
CVE-2024-5418 - DethemeKit For Elementor <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via slβ¦
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slitems' attribute within the plugin's De Product Tab & Slide widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attribβ¦
8.8
CVE-2024-5345 - Responsive Owl Carousel for Elementor <= 1.2.0 - Local File Inclusion
The Responsive Owl Carousel for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.0 via the layout parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary fiβ¦
9.8
CVE-2024-32850 -
Improper neutralization of special elements used in a command ('Command Injection') exists in SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and earlier and SkyBridge BASIC MB-A130 firmware Ver. 1.5.5 and earlier. If the remote monitoring and control function is enabled on the product, an attacker wβ¦
9.1
CVE-2024-37018 -
The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery packets.
8.1
CVE-2024-5564 - Libndp: buffer overflow in route information length field
A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.
7.5
CVE-2024-36843 -
libmodbus v3.1.6 was discovered to contain a heap overflow via the modbus_mapping_free() function.