Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-23 | CVE-2024-10288 | Cross-site Scripting vulnerability in Ujangrohidin Localserver 1.0.9 Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/SubscribeToList, parameter ListName. | 6.1 |
2024-10-23 | CVE-2024-10289 | Cross-site Scripting vulnerability in Ujangrohidin Localserver 1.0.9 Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ManageSubscription, parameter MSubListName. | 6.1 |
2024-10-23 | CVE-2023-50310 | Insufficiently Protected Credentials vulnerability in IBM Cics Transaction Gateway 9.2/9.3 IBM CICS Transaction Gateway for Multiplatforms 9.2 and 9.3 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. | 7.5 |
2024-10-23 | CVE-2024-8500 | Cross-site Scripting vulnerability in Getshortcodes Shortcodes Ultimate The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 7.2.2 due to insufficient input sanitization and output escaping. | 5.4 |
2024-10-23 | CVE-2024-10045 | Cross-Site Request Forgery (CSRF) vulnerability in Wpbeginner Transients Manager The Transients Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. | 4.3 |
2024-10-23 | CVE-2024-43924 | Missing Authorization vulnerability in Dfactory Responsive Lightbox Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7. | 9.8 |
2024-10-23 | CVE-2024-9530 | Unspecified vulnerability in Qodeinteractive QI Addons for Elementor The Qi Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.0 via private templates. | 4.3 |
2024-10-23 | CVE-2024-9583 | Missing Authorization vulnerability in Rebelcode RSS Aggregator The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprss_ajax_send_premium_support function in all versions up to, and including, 4.23.12. | 5.4 |
2024-10-23 | CVE-2024-9947 | Improper Authentication vulnerability in Properfraction Profilepress The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. | 9.8 |
2024-10-23 | CVE-2024-50066 | Race Condition vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix move_normal_pmd/retract_page_tables race In mremap(), move_page_tables() looks at the type of the PMD entry and the specified address range to figure out by which method the next chunk of page table entries should be moved. At that point, the mmap_lock is held in write mode, but no rmap locks are held yet. | 7.0 |