PT-2025-48957

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.2, 9.4.6, 9.3.8, and 9.2.10 Splunk Cloud Platform versions prior to 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117 Description A user with the admin all objects privilege capability could potentially execut...

EUVD-2024-31297

Malicious code in bioql PyPI...

CVE-2024-33564

Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8...

CVE-2024-33563

Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8...

CVE-2024-33564

Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8...

CVE-2024-33561

Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8...

CVE-2024-33563

Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8...

PT-2024-25331 · 8Theme · 8Theme Xstore

Name of the Vulnerable Software and Affected Versions: 8theme XStore versions n/a through 9.3.8 Description: A Missing Authorization vulnerability affects 8theme XStore. The issue allows for exploitation due to missing authorization checks. No information is provided about the estimated number of...

PT-2024-25332 · 8Theme · 8Theme Xstore

Name of the Vulnerable Software and Affected Versions: 8theme XStore versions 9.3.8 and earlier Description: The issue is related to a Missing Authorization vulnerability. This vulnerability affects 8theme XStore, allowing unauthorized access. The estimated number of potentially affected devices...

WordPress plugin XStore security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-25329 · 8Theme · 8Theme Xstore

Name of the Vulnerable Software and Affected Versions: 8theme XStore versions n/a through 9.3.8 Description: A Missing Authorization vulnerability affects 8theme XStore. The issue allows for exploitation due to missing authorization checks. No information is provided about the estimated number of...

WordPress XStore theme <= 9.3.8 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme XStore versions = 9.3.8...

WordPress XStore theme <= 9.3.8 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme XStore versions = 9.3.8...

WordPress XStore Theme <= 9.3.8 is vulnerable to Broken Access Control

Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33563 Patch priority High CVSS severity High 7.6 Developer Claim ownership PSID b054c7b1c33a Credits Rafie Muhammad Patchstack Required...

WordPress XStore Theme <= 9.3.8 is vulnerable to Local File Inclusion

Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-33560 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 6dff12fe54af Credits Rafie Muhammad Patchstack Required privilege...

WordPress XStore Theme <= 9.3.8 is vulnerable to Settings Change

Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-33564 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID fefe041fa298 Credits Rafie Muhammad Patchstack Required privileg...

WordPress XStore Theme <= 9.3.8 is vulnerable to Broken Access Control

Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-33561 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID b6ec6d6c7945 Credits Rafie Muhammad Patchstack Required...

FreeBSD : Grafana -- Stored XSS in TraceView panel (e7841611-b808-11ed-b695-6c3be5272acd)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e7841611-b808-11ed-b695-6c3be5272acd advisory. - Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch,...

FreeBSD : Grafana -- Stored XSS in geomap panel plugin via attribution (e2a8e2bd-b808-11ed-b695-6c3be5272acd)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e2a8e2bd-b808-11ed-b695-6c3be5272acd advisory. - Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch,...

GHSA-HJV9-HM2F-RPCJ Grafana vulnerable to Cross-site Scripting

Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible due to map attributions weren't properly sanitized and allowed arbitrary JavaScript...