2024-08-12 | CVE-2024-4350 | Cross-site Scripting vulnerability in Concretecms Concrete CMS Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. | 4.8 |
2024-08-12 | CVE-2024-4359 | The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 5.7.2 via the SVG widget and a lack of sufficient file validation in the render_svg function. | 6.5 |
2024-08-12 | CVE-2024-4360 | The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 5.7.2 due to insufficient input sanitization and output escaping on user supplied attributes like 'title_tag'. | 6.4 |
2024-08-12 | CVE-2024-6562 | The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.5. | 5.3 |
2024-08-12 | CVE-2024-6691 | The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the currency value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. | 4.4 |
2024-08-12 | CVE-2024-6758 | Unspecified vulnerability in Sprecher-Automation products Improper Privilege Management in Sprecher Automation SPRECON-E below version 8.71j allows a remote attacker with low privileges to save unauthorized protection assignments. | 6.5 |
2024-08-12 | CVE-2024-6759 | Path Traversal vulnerability in Freebsd When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". | 5.3 |
2024-08-12 | CVE-2024-7408 | Cleartext Transmission of Sensitive Information vulnerability in Airveda Pm2.5 Pm10 Monitor Firmware This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. | 6.5 |
2024-08-12 | CVE-2024-7410 | The My Custom CSS PHP & ADS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.3. | 5.3 |
2024-08-12 | CVE-2024-7412 | The No Update Nag plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.12. | 5.3 |