9.8
CVE-2024-9933 - WatchTowerHQ <= 3.10.1 - Authentication Bypass to Administrator due to Missing Empty Value Check
The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to the 'watchtower_ota_token' default value is empty, and the not empty check is missing in the 'Password_Less_Access::login' function. This makes it possible for unautβ¦
9.8
CVE-2024-9931 - Wux Blog Editor <= 3.0.0 - Authentication Bypass to Administrator
The Wux Blog Editor plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.0. This is due to missing validation on the token being supplied during the autologin through the plugin. This makes it possible for unauthenticated attackers to log in to the firstβ¦
9.1
CVE-2024-47821 - pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API
pyLoad is a free and open-source Download Manager. The folder `/.pyload/scripts` has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can beβ¦
0.0
CVE-2024-10401 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
6.9
CVE-2024-49767 - Werkzeug possible resource exhaustion when parsing file data in forms
Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effectivβ¦
0.0
CVE-2024-10398 -
This CVE id was assigned but later discarded.
6.3
CVE-2024-49766 - Werkzeug safe_join not safe on Windows
Werkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path that is not safe, potentially allowing unintended access to data. Appβ¦
5.4
CVE-2024-9584 - Image Map Pro <= 6.0.20 - Missing Authorization to Authenticated (Contributor+) Map Project Add/Updβ¦
The Image Map Pro plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the AJAX functions in versions up to, and including, 6.0.20. This makes it possible for authenticated attackers with contributor-level privileges or above,β¦
6.4
CVE-2024-9585 - Image Map Pro <= 6.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Image Map Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'save_project' function with an arbitrary shortcode in versions up to, and including, 6.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible forβ¦
8.7
CVE-2024-10387 - Rockwell Automation FactoryTalk ThinManager Denial-of-Service Vulnerability
CVE-2024-10387 IMPACT A Denial-of-Service vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in Denial-of-Service.