In GitLab CE/EE versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2 a medium severity vulnerability CVE-2024-12570 was detected. This vulnerability lets attackers use a victim’s CI_JOB_TOKEN to steal their GitLab session token. To address this issue, users should upgrade to versions 17.4.6, 17.5.4, or 17.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12570.
Read more Developer Tools
In LibreNMS versions 24.9.0 up to 24.10.0 a medium severity vulnerability CVE-2024-53457 was detected. This vulnerability lets attackers run harmful web scripts or HTML code by adding a specially crafted input into the Display Name field. To address this issue, users should upgrade LibreNMS to version 24.10.1 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-53457.
Read more Monitoring
In the Planaday API plugin for WordPress versions up to and including 11.4 a medium severity vulnerability CVE-2024-11804 was detected. This vulnerability allows attackers to inject harmful web scripts into pages by exploiting the ‘tab’ parameter. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11804.
Read more CMS
In the kvCORE IDX plugin for WordPress version 2.3.35 a medium severity vulnerability CVE-2024-11723 was detected. This vulnerability allows attackers to trick users into clicking malicious links, which can steal personal data or perform harmful actions on their behalf. No patched version has been officially released at this time. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-11723.
Read more CMS
In the Essential Real Estate plugin for WordPress version 5.1.6 a medium severity vulnerability CVE-2024-12329 was detected. This vulnerability allows authenticated users with Contributor-level access and above to view sensitive data, such as invoices and transaction logs, without proper authorization. To fix this issue, users should upgrade the Essential Real Estate plugin for WordPress to version 5.1.7. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-12329.
Read more CMS
In the Country Blocker plugin for WordPress versions up to and including 3.2 a medium severity vulnerability CVE-2024-11459 was detected. This vulnerability allows attackers to inject harmful web scripts into pages via the ‘ip’ parameter. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11459.
Read more CMS
In ONLYOFFICE Docs Plugin for WordPress versions up to and including 2.0.0 a medium severity vulnerability CVE-2024-11450 was detected. This vulnerability allows attackers with contributor-level access or higher to inject arbitrary web scripts into pages via the ‘onlyoffice’ shortcode. These scripts execute whenever a user accesses an injected page. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-11450.
Read more Productivity
In miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Plugin versions 7.5.14 and prior a medium severity vulnerability CVE-2023-24375 was detected. This vulnerability allows attackers to exploit incorrectly configured access control security levels. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-24375.
Read more CMS
In Keycloak OIDC-Client versions 34.0.1 and prior a medium severity vulnerability CVE-2024-12369 was detected. This vulnerability allows attackers to inject a stolen authorization code into their own session, impersonating a victim with the victim’s identity. This attack can be executed via a Man-in-the-Middle (MitM) or phishing attack. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12369.
Read more Security