| 2024-10-01 | CVE-2024-46263 | Out-of-bounds Write vulnerability in Randygaul Cute PNG 1.05
cute_png v1.05 was discovered to contain a stack overflow via the cp_dynamic() function at cute_png.h. | 7.8 |
| 2024-10-01 | CVE-2024-46264 | Out-of-bounds Write vulnerability in Randygaul Cute PNG 1.05
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_find() function at cute_png.h. | 7.8 |
| 2024-10-01 | CVE-2024-46267 | Out-of-bounds Write vulnerability in Randygaul Cute PNG 1.05
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_block() function at cute_png.h. | 7.8 |
| 2024-10-01 | CVE-2024-46274 | Out-of-bounds Write vulnerability in Randygaul Cute PNG 1.05
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_stored() function at cute_png.h. | 7.8 |
| 2024-10-01 | CVE-2024-46276 | Out-of-bounds Write vulnerability in Randygaul Cute PNG 1.05
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_chunk() function at cute_png.h. | 7.8 |
| 2024-10-01 | CVE-2024-9060 | The AVIF & SVG Uploader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.1.0 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-10-01 | CVE-2024-8288 | The Guten Post Layout – An Advanced Post Grid Collection for WordPress Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:guten-post-layout/post-grid' Gutenberg block in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-10-01 | CVE-2024-8324 | The XO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘get_slider’ function in all versions up to, and including, 3.8.6 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-10-01 | CVE-2024-8430 | The Spice Starter Sites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the spice_starter_sites_importer_creater function in all versions up to, and including, 1.2.5. | 5.3 |
| 2024-10-01 | CVE-2024-8793 | Cross-site Scripting vulnerability in Visser Store Exporter for Woocommerce
The Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.2.1. | 6.1 |