| 2024-07-10 | CVE-2024-5664 | Cross-site Scripting vulnerability in Sonaar MP3 Audio Player for Music, Radio & Podcast
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-07-10 | CVE-2024-36450 | Cross-site Scripting vulnerability in Webmin
Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. | 5.4 |
| 2024-07-10 | CVE-2024-6410 | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.8.9 via the 'pm_upload_image' function due to missing validation on a user controlled key. | 4.3 |
| 2024-07-10 | CVE-2024-6550 | The Gravity Forms: Multiple Form Instances plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.1.1. | 5.3 |
| 2024-07-10 | CVE-2024-4866 | The UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-07-10 | CVE-2024-25023 | Cleartext Storage of Sensitive Information vulnerability in IBM Cloud PAK for Security and Qradar Suite
IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. | 5.5 |
| 2024-07-09 | CVE-2024-22377 | Path Traversal vulnerability in Pingidentity Pingfederate
The deploy directory in PingFederate runtime nodes is reachable to unauthorized users. | 5.3 |
| 2024-07-09 | CVE-2024-22477 | Cross-site Scripting vulnerability in Pingidentity Pingfederate
A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. | 4.3 |
| 2024-07-09 | CVE-2024-21993 | Unspecified vulnerability in Netapp Snapcenter
SnapCenter versions prior to 5.0p1 are susceptible to a vulnerability which could allow an authenticated attacker to discover plaintext credentials. | 6.5 |
| 2024-07-09 | CVE-2024-39900 | Authorization Bypass Through User-Controlled Key vulnerability in Opensearch Observability
OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards. | 5.4 |