Latest CVE Feed
-
7.1
HIGHCVE-2024-49308
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Toast Plugins Animator allows Reflected XSS.This issue affects Animator: from n/a through 3.0.11.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 18, 2024
-
6.5
MEDIUMCVE-2024-49277
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodeAstrology Team UltraAddons Elementor Lite allows Stored XSS.This issue affects UltraAddons Elementor Lite: from n/a through 1.1.8.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 18, 2024
-
7.5
HIGHCVE-2024-49285
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Moridrin SSV MailChimp allows PHP Local File Inclusion.This issue affects SSV MailChimp: from n/a through 3.1.5.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 18, 2024
-
9.8
CRITICALCVE-2024-49318
Deserialization of Untrusted Data vulnerability in Scott Olson My Reading Library allows Object Injection.This issue affects My Reading Library: from n/a through 1.0.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 18, 2024
-
6.5
MEDIUMCVE-2024-49263
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Takashi Matsuyama My Favorites allows Stored XSS.This issue affects My Favorites: from n/a through 1.4.1.... Read more
Affected Products : my_favorites- Published: Oct. 17, 2024
- Modified: Oct. 18, 2024
-
8.5
HIGHCVE-2024-49244
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cmssoft CSV Product Import Export for WooCommerce allows SQL Injection.This issue affects CSV Product Import Export for WooCommerce: from n/a through 1.0... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 18, 2024
-
6.5
MEDIUMCVE-2024-49289
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gora Tech LLC Cooked Pro allows Stored XSS.This issue affects Cooked Pro: from n/a before 1.8.0.... Read more
Affected Products : cooked- Published: Oct. 17, 2024
- Modified: Oct. 18, 2024
-
9.2
CRITICALCVE-2024-49397
The affected product is vulnerable to a cross-site scripting attack which may allow an attacker to bypass authentication and takeover admin accounts.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 18, 2024
-
6.5
MEDIUMCVE-2024-43609
Microsoft Office Spoofing Vulnerability... Read more
Affected Products : office 365_apps office_long_term_servicing_channel office_2016 office_2024 office_2021 office_2019- Published: Oct. 08, 2024
- Modified: Oct. 17, 2024
-
8.4
HIGHCVE-2024-43497
DeepSpeed Remote Code Execution Vulnerability... Read more
Affected Products : deepspeed- Published: Oct. 08, 2024
- Modified: Oct. 17, 2024
-
6.6
MEDIUM- Published: Oct. 08, 2024
- Modified: Oct. 17, 2024
-
7.8
HIGHCVE-2024-48911
OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unpri... Read more
Affected Products : opencanary- Published: Oct. 14, 2024
- Modified: Oct. 17, 2024
-
8.8
HIGHCVE-2024-9687
The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. This is due to insufficient validation of the user-controlled key on the 'validate_tg' action. This makes it possible for authentic... Read more
Affected Products : wp_2fa_with_telegram- Published: Oct. 15, 2024
- Modified: Oct. 17, 2024
-
4.3
MEDIUMCVE-2024-6757
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the get_image_alt function. This makes it possible for authenticated attackers,... Read more
Affected Products : website_builder- Published: Oct. 15, 2024
- Modified: Oct. 17, 2024
-
7.8
HIGHCVE-2024-43501
Windows Common Log File System Driver Elevation of Privilege Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 +10 more products- Published: Oct. 08, 2024
- Modified: Oct. 17, 2024
-
5.3
MEDIUMCVE-2024-30117
A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.... Read more
Affected Products : bigfix_platform- Published: Oct. 14, 2024
- Modified: Oct. 17, 2024
-
5.5
MEDIUMCVE-2024-43500
Windows Resilient File System (ReFS) Information Disclosure Vulnerability... Read more
Affected Products : windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2- Published: Oct. 08, 2024
- Modified: Oct. 17, 2024
-
7.1
HIGH- Published: Oct. 08, 2024
- Modified: Oct. 17, 2024
-
6.4
MEDIUMCVE-2024-9895
The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's moo_receipt_link shortcode in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping on user ... Read more
Affected Products : smart_online_order_for_clover- Published: Oct. 15, 2024
- Modified: Oct. 17, 2024
-
6.1
MEDIUMCVE-2024-9944
The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated atta... Read more
Affected Products : woocommerce- Published: Oct. 15, 2024
- Modified: Oct. 17, 2024