Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2024-07-23 CVE-2024-1737 Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
network
low complexity
 7.5
7.5
2024-07-23 CVE-2024-1975 If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.
network
low complexity
 7.5
7.5
2024-07-23 CVE-2024-40060 go-chart v2.1.1 was discovered to contain an infinite loop via the drawCanvas() function.
network
low complexity
CWE-835
7.5
7.5
2024-07-23 CVE-2024-6828 The Redux Framework plugin for WordPress is vulnerable to unauthenticated JSON file uploads due to missing authorization and capability checks on the Redux_Color_Scheme_Import function in versions 4.4.12 to 4.4.17.
network
low complexity
 7.2
7.2
2024-07-23 CVE-2024-6885 The MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the maxi_remove_custom_image_size and maxi_add_custom_image_size functions in all versions up to, and including, 1.9.2.
network
low complexity
 8.1
8.1
2024-07-22 CVE-2024-32484 An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04.
network
low complexity
CWE-80
7.4
7.4
2024-07-22 CVE-2024-5973 Unspecified vulnerability in Stylemixthemes Masterstudy LMS
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have.
network
low complexity
stylemixthemes
8.8
8.8
2024-07-22 CVE-2024-6244 Cross-Site Request Forgery (CSRF) vulnerability in Projectzealous PZ Frontend Manager
The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
network
low complexity
projectzealous CWE-352
8.8
8.8
2024-07-22 CVE-2024-6969 SQL Injection vulnerability in Clinics Patient Management System Project Clinics Patient Management System 1.0
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. 		7.5
7.5
2024-07-22 CVE-2024-6967 SQL Injection vulnerability in Employee and Visitor Gate Pass Logging System Project Employee and Visitor Gate Pass Logging System 1.0
A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. 		7.5
7.5