In WordPress versions from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, and from 5.9 through 5.9.9 a medium severity vulnerability CVE-2024-31111 was detected. This vulnerability allows attackers to insert harmful web scripts into pages to gain access to the system and sensitive information. To fix this problem, users should upgrade WordPress to version 6.5.5 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-31111.
Read more CMS
In GitLab CE/EE versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1 a medium severity vulnerability CVE-2024-2191 was detected. This vulnerability makes the merge request title publicly visible despite being set to project members only, failing to restrict access from unauthorized users. To address this issue users should upgrade to 16.11.5, 17.0.3 or 17.1.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-2191.
In GitLab CE/EE versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1 a high severity vulnerability CVE-2024-4901 was detected. A stored XSS vulnerability involves injecting malicious code into a web app via user inputs like commit notes. This allows attackers to run scripts in users’ browsers, compromising sessions or accessing sensitive data. To address this issue users should upgrade to 16.11.5, 17.0.3 or 17.1.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-4901.
Read more Developer Tools
In GitLab CE/EE all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1 a low severity vulnerability CVE-2024-4011 was detected. This vulnerability allows non-project member to promote key results to objectives. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-4011.
Read more Developer Tools
In GitLab CE/EE all versions starting from 1.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1 multiple Denial of Service (DoS) vulnerabilities CVE-2024-4557 of medium severity were detected. They allow an attacker to cause resource exhaustion via banzai pipeline. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-4557.
Read more Developer Tools
In WordPress version 6.5.5 a medium severity vulnerability CVE-2024-6305 was detected. This vulnerability allows attackers to inject arbitrary web scripts. There is no solution to this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6305/.
Read more CMS
In WordPress version 6.5.5 a medium severity vulnerability CVE-2024-6306 was detected. This vulnerability allows attackers to include arbitrary HTML Files on sites running Windows. There is no fix for this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6306/.
Read more CMS
In pgAdmin version 8.8 and earlier a high severity vulnerability CVE-2024-6238 was detected. The vulnerability involves installation directory permissions on Debian and RHEL 8 platforms, allowing attackers to gain unauthorized access. To fix this issue, users should update to version 8.9 to fix this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6238.
Read more Database
In Django version 3.15.2 a medium severity vulnerability CVE-2024-21520 was detected. This vulnerability allows attackers to access sensitive data via scripting. There is no fix to this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21520/.
Read more Application Development