| 2024-08-12 | CVE-2024-41890 | Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link. | 5.3 |
| 2024-08-12 | CVE-2024-42164 | Use of Insufficiently Random Values vulnerability in Fiware Keyrock
Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable_2fa link. | 4.3 |
| 2024-08-12 | CVE-2024-42165 | Use of Insufficiently Random Values vulnerability in Fiware Keyrock
Insufficiently random values for generating activation token in FIWARE Keyrock <= 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link. | 5.4 |
| 2024-08-12 | CVE-2024-4350 | Cross-site Scripting vulnerability in Concretecms Concrete CMS
Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. | 4.8 |
| 2024-08-12 | CVE-2024-4359 | The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 5.7.2 via the SVG widget and a lack of sufficient file validation in the render_svg function. | 6.5 |
| 2024-08-12 | CVE-2024-4360 | The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 5.7.2 due to insufficient input sanitization and output escaping on user supplied attributes like 'title_tag'. | 6.4 |
| 2024-08-12 | CVE-2024-6562 | The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.5. | 5.3 |
| 2024-08-12 | CVE-2024-6691 | The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the currency value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. | 4.4 |
| 2024-08-12 | CVE-2024-6758 | Unspecified vulnerability in Sprecher-Automation products
Improper Privilege Management in Sprecher Automation SPRECON-E below version 8.71j allows a remote attacker with low privileges to save unauthorized protection assignments. | 6.5 |
| 2024-08-12 | CVE-2024-6759 | Path Traversal vulnerability in Freebsd
When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". | 5.3 |