2024-07-09 | CVE-2024-39875 | Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). | 4.3 |
2024-07-09 | CVE-2024-39876 | Allocation of Resources Without Limits or Throttling vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). | 4.0 |
2024-07-09 | CVE-2024-6391 | The oik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bw_button shortcode in all versions up to, and including, 4.10.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-07-09 | CVE-2023-3286 | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user (secretary) in the system. | 6.5 |
2024-07-09 | CVE-2023-3289 | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system (including admin). | 6.5 |
2024-07-09 | CVE-2023-3290 | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. | 5.0 |
2024-07-09 | CVE-2024-37437 | Path Traversal vulnerability in Elementor Website Builder Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Cross-Site Scripting (XSS), Stored XSS.This issue affects Elementor Website Builder: from n/a through 3.22.1. | 5.4 |
2024-07-09 | CVE-2024-37442 | Injection vulnerability in Ays-Pro Photo Gallery Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Photo Gallery Team Photo Gallery by Ays allows Code Injection.This issue affects Photo Gallery by Ays: from n/a before 5.7.1. | 5.5 |
2024-07-09 | CVE-2024-4862 | The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-07-09 | CVE-2024-5946 | The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tab’ shortcode in all versions up to, and including, 0.4.8 due to insufficient input sanitization and output escaping. | 6.4 |