6.5
CVE-2024-52394 - WordPress Print PDF Generator and Publisher plugin <= 1.1.6 - Stored Cross Site Scripting (XSS) vuβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in verkkovaraani Print PDF Generator and Publisher nopeamedia allows Stored XSS.This issue affects Print PDF Generator and Publisher: from n/a through <= 1.1.6.
7.1
CVE-2024-52417 - WordPress ReConstruction theme <= 1.4.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes ReConstruction reconstruction allows Reflected XSS.This issue affects ReConstruction: from n/a through <= 1.4.7.
7.1
CVE-2024-52418 - WordPress Gameplan theme <= 1.5.10 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CactusThemes Gameplan gameplan allows Reflected XSS.This issue affects Gameplan: from n/a through <= 1.5.10.
0.0
CVE-2024-11389 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
1.2
CVE-2024-52585 - Autolab has HTML Injection Vulnerability
Autolab is a course management service that enables auto-graded programming assignments. There is an HTML injection vulnerability in version 3.0.1 that can affect instructors and CAs on the grade submissions page. The issue is patched in version 3.0.2. One may apply the patch manually by editing liβ¦
4.9
CVE-2024-52584 - Autolab has vulnerable submission endpoints
Autolab is a course management service that enables auto-graded programming assignments. There is a vulnerability in version 3.0.1 where CAs can view or edit the grade for any submission ID, even if they are not a CA for the class that has the submission. The endpoints only check that the CAs have β¦
8.2
CVE-2024-52583 - WesHacks code includes links to Leostop tracking spyware infested files
The WesHacks GitHub repository provides the official Hackathon competition website source code for the Muweilah Wesgreen Hackathon. The page `schedule.html` before 17 November 2024 or commit 93dfb83 contains links to `Leostop`, a site that hosts a malicious injected JavaScript file that occurs whenβ¦
7.1
CVE-2024-52506 - Graylog can leak other users' reports via concurrent PDF report rendering
Graylog is a free and open log management platform. The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboard widgets displaying individual log messages or metrics aggregated from fields of multiple log messages. This functionality, as included in β¦
6.3
CVE-2024-52304 - aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installed β¦
8.7
CVE-2024-52303 - aiohttp memory leak when middleware is enabled when requesting a resource with a non-allowed method
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each MatchInβ¦