5.3
CVE-2024-11587 - idcCMS classProvCity.php GetCityOptionJs cross site scripting
A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been β¦
4.8
CVE-2024-7016 - Stored XSS in Smarttek Informatics' Smart Doctor
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Smarttek Informatics Smart Doctor's allows Stored XSS required admin privileges.This issue affects Smart Doctor: through 21.11.2024. NOTE: The vendor was contacted early about this disclosβ¦
4.3
CVE-2024-9542 - Sky Addons for Elementor <= 2.6.1 - Authenticated (Contributor+) Sensitive Information Exposure viaβ¦
The Sky Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the render function in modules/content-switcher/widgets/content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level β¦
4.3
CVE-2024-10316 - Stratum β Elementor Widgets <= 1.4.4 - Authenticated (Contributor+) Sensitive Information Exposure β¦
The Stratum β Elementor Widgets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.4 in includes/templates/content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitβ¦
5.3
CVE-2024-6538 - Openshift-console: openshift console: server-side request forgery
A flaw was found in OpenShift Console. A Server Side Request Forgery (SSRF) attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to clβ¦
6.9
CVE-2024-11320 - Command Injection leading to RCE via LDAP Misconfiguration
Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through <=777.4
6.1
CVE-2024-10792 - Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels <= 3.5.5 - Reflected Cross-Site Scrβ¦
The Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post_id' parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unaβ¦
7.8
CVE-2024-11596 - Buffer Over-read in Wireshark
ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
7.8
CVE-2024-11595 - Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
6.9
CVE-2024-52067 - Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log
Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causingβ¦