4.3
CVE-2024-1682 - Unclaimed S3 Bucket Reference in psf/requests Documentation
An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an audio file link within the .rst documentation file. This bucket has been claimed by an external party. The use of this unclaimed S3 bucket could lead to data integrity issues, data leakage, availability problems, loss of trustworthinessโฆ
8.8
CVE-2024-52396 - WordPress WOLF plugin <= 1.0.8.3 - CSV Limited Path Traversal vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RealMag777 WOLF bulk-editor allows Path Traversal.This issue affects WOLF: from n/a through <= 1.0.8.3.
0.0
CVE-2024-52371 - WordPress Global Gateway e4 plugin <= 2.0 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DonnellC Global Gateway e4 | Payeezy Gateway | globe-gateway-e4.This issue affects Global Gateway e4 | Payeezy Gateway |: from n/a through <= 2.0.
7.2
CVE-2024-52393 - WordPress Podlove Podcast Publisher plugin <= 4.1.15 - Admin+ Remote Code Execution (RCE) vulnerabiโฆ
Deserialization of Untrusted Data vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress.This issue affects Podlove Podcast Publisher: from n/a through <= 4.1.15.
6.9
CVE-2024-52524 - ReDoS in Giskard Scan text perturbation
Giskard is an evaluation and testing framework for AI systems. A Remote Code Execution (ReDoS) vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could trigger exponentialโฆ
9.1
CVE-2024-37285 - Kibana arbitrary code execution via YAML deserialization
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges https://www.elastic.co/guide/en/eโฆ
7
CVE-2024-6068 - Input Validation Vulnerability exists in Arenaยฎ Input Analyzer
A memory corruption vulnerability exists in the affected products when parsing DFT files. Local threat actors can exploit this issue to disclose information and to execute arbitrary code. To exploit this vulnerability a legitimate user must open a malicious DFT file.
6.8
CVE-2024-10921 - Improper neutralization of null bytes may lead to buffer over-reads in MongoDB Server
An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0 versions prior to 5.0.30 , MongoDB Server v6.0 versions prior to 6.0โฆ
5.1
CVE-2024-11214 - SourceCodester Best Employee Management System profile.php unrestricted upload
A vulnerability has been found in SourceCodester Best Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely.โฆ
5.1
CVE-2024-11213 - SourceCodester Best Employee Management System edit_role.php sql injection
A vulnerability, which was classified as critical, was found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /admin/edit_role.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit โฆ