| 2024-08-05 | CVE-2024-6710 | Cross-site Scripting vulnerability in Metaphorcreations Ditty
The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. | 5.4 |
| 2024-08-05 | CVE-2024-7466 | Cross-site Scripting vulnerability in Pmweb 7.2.00
A vulnerability has been found in PMWeb 7.2.00 and classified as problematic. | 5.4 |
| 2024-08-04 | CVE-2024-7453 | Cross-site Scripting vulnerability in Fastadmin 1.5.0.20240328
A vulnerability was found in FastAdmin 1.5.0.20240328. | 4.8 |
| 2024-08-04 | CVE-2024-6331 | Injection vulnerability in Stitionai Devika
stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read (LFI) by Prompt Injection. | 6.5 |
| 2024-08-03 | CVE-2024-37286 | Information Exposure Through Log Files vulnerability in Elastic APM Server
APM server logs contain document body from a partially failed bulk index request. | 6.5 |
| 2024-08-03 | CVE-2024-7438 | Authorization Bypass Through User-Controlled Key vulnerability in Simplemachines Simple Machines Forum 2.1.4
A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. | 4.3 |
| 2024-08-03 | CVE-2024-7437 | Authorization Bypass Through User-Controlled Key vulnerability in Simplemachines Simple Machines Forum 2.1.4
A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. | 4.3 |
| 2024-08-03 | CVE-2024-38321 | Information Exposure Through Log Files vulnerability in IBM Business Automation Workflow
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. | 6.5 |
| 2024-08-03 | CVE-2024-6709 | The Sync Post With Other Site plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sps_add_update_post' function in all versions up to, and including, 1.6. | 4.3 |
| 2024-08-03 | CVE-2024-6872 | The Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! – TemplateSpare plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'templatespare_activate_required_theme' and 'templatespare_get_theme_status' functions in all versions up to, and including, 2.4.2. | 4.3 |