Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-23 CVE-2024-10288 Cross-site Scripting vulnerability in Ujangrohidin Localserver 1.0.9
Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/SubscribeToList, parameter ListName.
network
low complexity
ujangrohidin CWE-79
6.1
2024-10-23 CVE-2024-10289 Cross-site Scripting vulnerability in Ujangrohidin Localserver 1.0.9
Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ManageSubscription, parameter MSubListName.
network
low complexity
ujangrohidin CWE-79
6.1
2024-10-23 CVE-2023-50310 Insufficiently Protected Credentials vulnerability in IBM Cics Transaction Gateway 9.2/9.3
IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
network
low complexity
ibm CWE-522
7.5
2024-10-23 CVE-2024-8500 Cross-site Scripting vulnerability in Getshortcodes Shortcodes Ultimate
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 7.2.2 due to insufficient input sanitization and output escaping.
network
low complexity
getshortcodes CWE-79
5.4
2024-10-23 CVE-2024-10045 Cross-Site Request Forgery (CSRF) vulnerability in Wpbeginner Transients Manager
The Transients Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6.
network
low complexity
wpbeginner CWE-352
4.3
2024-10-23 CVE-2024-43924 Missing Authorization vulnerability in Dfactory Responsive Lightbox
Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7.
network
low complexity
dfactory CWE-862
critical
9.8
2024-10-23 CVE-2024-9530 Unspecified vulnerability in Qodeinteractive QI Addons for Elementor
The Qi Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.0 via private templates.
network
low complexity
qodeinteractive
4.3
2024-10-23 CVE-2024-9583 Missing Authorization vulnerability in Rebelcode RSS Aggregator
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprss_ajax_send_premium_support function in all versions up to, and including, 4.23.12.
network
low complexity
rebelcode CWE-862
5.4
2024-10-23 CVE-2024-9947 Improper Authentication vulnerability in Properfraction Profilepress
The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1.
network
low complexity
properfraction CWE-287
critical
9.8
2024-10-23 CVE-2024-50066 Race Condition vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix move_normal_pmd/retract_page_tables race In mremap(), move_page_tables() looks at the type of the PMD entry and the specified address range to figure out by which method the next chunk of page table entries should be moved. At that point, the mmap_lock is held in write mode, but no rmap locks are held yet.
local
high complexity
linux CWE-362
7.0