Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-24 CVE-2024-6826 Allocation of Resources Without Limits or Throttling vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1.
network
low complexity
gitlab CWE-770
6.5
2024-10-24 CVE-2024-8312 Cross-site Scripting vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1.
network
low complexity
gitlab CWE-79
5.4
2024-10-24 CVE-2024-10050 The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfe_template shortcode.
network
low complexity
CWE-200
4.3
2024-10-24 CVE-2024-8717 The PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pdf_source' parameter in all versions up to, and including, 2.3.32 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
2024-10-24 CVE-2024-8667 The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized post publication due to a missing capability check on the activateCampaign() function in all versions up to, and including, 2.10.0.
network
low complexity
CWE-862
4.3
2024-10-24 CVE-2024-9531 The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mvx_sent_deactivation_request' function in all versions up to, and including, 4.2.4.
network
low complexity
CWE-285
4.3
2024-10-24 CVE-2024-9943 The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.4.
network
low complexity
CWE-352
6.3
2024-10-24 CVE-2024-9864 The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket names in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
2024-10-24 CVE-2024-9374 The Terms descriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.6.
network
low complexity
6.1
2024-10-23 CVE-2023-50355 Information Exposure Through an Error Message vulnerability in Hcltech Sametime 11.6/12.0/12.0.2
HCL Sametime is impacted by the error messages containing sensitive information.
network
low complexity
hcltech CWE-209
5.3