| 2024-10-30 | CVE-2024-10525 | Out-of-bounds Write vulnerability in Eclipse Mosquitto
In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. | 9.8 |
| 2024-10-30 | CVE-2024-3935 | Double Free vulnerability in Eclipse Mosquitto
In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker. | 6.5 |
| 2024-10-30 | CVE-2024-8512 | The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization() function. network low complexity CWE-95 critical | 9.1 |
| 2024-10-30 | CVE-2024-10108 | The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's adverts_add shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. | 7.2 |
| 2024-10-30 | CVE-2024-10223 | The WP Team – WordPress Team Member Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's htteamember shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-10-30 | CVE-2024-10399 | The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. | 4.3 |
| 2024-10-30 | CVE-2024-8871 | The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.5. | 6.1 |
| 2024-10-30 | CVE-2023-5816 | Unspecified vulnerability in Bowo Code Explorer
The Code Explorer plugin for WordPress is vulnerable to arbitrary external file reading in all versions up to, and including, 1.4.5. network low complexity bowo | 4.9 |
| 2024-10-30 | CVE-2024-10506 | SQL Injection vulnerability in Fabianros Blood Bank Management System 1.0
A vulnerability classified as critical has been found in code-projects Blood Bank System 1.0. | 7.2 |
| 2024-10-30 | CVE-2024-10507 | SQL Injection vulnerability in Codezips Free Exam Hall Seating Management System 1.0
A vulnerability classified as critical was found in Codezips Free Exam Hall Seating Management System 1.0. | 9.8 |