6.1
CVE-2024-3590 - LetterPress <= 1.2.2 - Subscriber Deletion via CSRF
The LetterPress WordPress plugin through 1.2.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete arbitrary subscribers
4.8
CVE-2024-3582 - Ungallery <= 2.2.4 - Stored XSS via CSRF
The UnGallery WordPress plugin through 2.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
4.8
CVE-2023-5971 - Save as PDF < 3.2.0 - Admin+ Stored XSS
The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite seβ¦
7.5
CVE-2024-29857 - org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Serβ¦
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of tβ¦
5.3
CVE-2024-4672 - Campcodes Complete Web-Based School Management System show_student_subject.php cross site scripting
A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/show_student_subject.php. The manipulation of the argument id leads to cross site scripting. The attack can β¦
6.5
CVE-2023-6682 - Inefficient Regular Expression Complexity in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. A problem with the processing logic for Discord Integrations Chat Messages can lead to a regular expression DoS attβ¦
6.5
CVE-2023-6688 - Inefficient Regular Expression Complexity in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.11 prior to 16.11.2. A problem with the processing logic for Google Chat Messages integration may lead to a regular expression DoS attack on the server.
6.5
CVE-2024-2454 - Allocation of Resources Without Limits or Throttling in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. The pins endpoint is susceptible to DoS through a crafted request.
6.5
CVE-2024-2651 - Inefficient Regular Expression Complexity in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. It was possible for an attacker to cause a denial of service using maliciously crafted markdown content.
4.3
CVE-2024-4539 - Allocation of Resources Without Limits or Throttling in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 where abusing the API to filter branch and tags could lead to Denial of Service.