| 2024-10-29 | CVE-2024-50409 | Cross-site Scripting vulnerability in Kibokolabs Namaste! LMS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kiboko Labs Namaste! LMS allows Stored XSS.This issue affects Namaste! LMS: from n/a through 2.6.2. | 5.4 |
| 2024-10-29 | CVE-2024-50410 | Cross-site Scripting vulnerability in Kibokolabs Namaste! LMS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kiboko Labs Namaste! LMS allows Stored XSS.This issue affects Namaste! LMS: from n/a through 2.6.4. | 5.4 |
| 2024-10-29 | CVE-2024-10436 | The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.1 via the get_condition_value function. | 8.8 |
| 2024-10-29 | CVE-2024-10437 | The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to unauthorized Smar Message activation/deactivation due to a missing capability check on the ajax_enable function in all versions up to, and including, 4.2.1. | 4.3 |
| 2024-10-29 | CVE-2024-9376 | The Kata Plus – Addons for Elementor – Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-10-29 | CVE-2024-10048 | The Post Status Notifier Lite and Premium plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.11.6 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-10-29 | CVE-2024-22066 | Authentication Bypass by Capture-replay vulnerability in ZTE products
There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . | 6.5 |
| 2024-10-29 | CVE-2024-45477 | Unspecified vulnerability in Apache Nifi
Apache NiFi 1.10.0 through 1.27.0 and 2.0.0-M1 through 2.0.0-M3 support a description field for Parameters in a Parameter Context configuration that is vulnerable to cross-site scripting. | 4.6 |
| 2024-10-29 | CVE-2024-46872 | Cross-Site Request Forgery (CSRF) vulnerability in Mattermost Server
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks | 4.6 |
| 2024-10-29 | CVE-2024-49642 | Cross-site Scripting vulnerability in Rafasashi Todo Custom Field
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rafasashi Todo Custom Field allows Reflected XSS.This issue affects Todo Custom Field: from n/a through 3.0.4. | 6.1 |