7.8
CVE-2024-11003 -
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps.
5.3
CVE-2024-10224 - module-scandeps: local privilege escalation via unsanitized input
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().
10
CVE-2024-42450 -
The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a common password across all instances of Versa Director. By default, Versa Director configures Postgres tβ¦
5.4
CVE-2022-47424 - WordPress ARMember plugin <= 4.0.5 - Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1.
4.3
CVE-2024-43338 - WordPress Crowdsignal Polls & Ratings plugin <= 3.1.3 - Cross Site Request Forgery (CSRF) vulnerabiβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Automattic Crowdsignal Dashboard β Polls, Surveys & more polldaddy allows Cross Site Request Forgery.This issue affects Crowdsignal Dashboard β Polls, Surveys & more: from n/a through <= 3.1.3.
4.3
CVE-2024-51686 - WordPress Manage User Columns plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Deepak Khokhar Manage User Columns manage-user-columns allows Cross Site Request Forgery.This issue affects Manage User Columns: from n/a through <= 1.0.5.
7.1
CVE-2024-52388 - WordPress Hebrew Date plugin <= 2.1.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in mikeage Hebrew Date hebrewdates allows Stored XSS.This issue affects Hebrew Date: from n/a through <= 2.1.0.
9.6
CVE-2024-52401 - WordPress Hacklog DownloadManager plugin <=2.1.4 - CSRF to Arbitrary File Upload vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hacklog DownloadManager hacklog-downloadmanager allows Upload a Web Shell to a Web Server.This issue affects Hacklog DownloadManager: from n/a through <= 2.1.4.
9.6
CVE-2024-52402 - WordPress Exclusive Content Password Protect plugin <= 1.1.0 - CSRF to Arbitrary File Upload vulnerβ¦
Cross-Site Request Forgery (CSRF) vulnerability in gunghoinc Exclusive Content Password Protect exclusive-content-password-protect allows Upload a Web Shell to a Web Server.This issue affects Exclusive Content Password Protect: from n/a through <= 1.1.0.
4.3
CVE-2024-52420 - WordPress Disable Admin Notices individually plugin <= 1.4.0 - Cross Site Request Forgery (CSRF) vuβ¦
Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Disable Admin Notices individually disable-admin-notices allows Cross Site Request Forgery.This issue affects Disable Admin Notices individually: from n/a through <= 1.4.0.