Latest CVE Feed
-
8.7
HIGHCVE-2024-49399
The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 18, 2024
-
7.6
HIGHCVE-2024-48043
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ShortPixel ShortPixel Image Optimizer allows Blind SQL Injection.This issue affects ShortPixel Image Optimizer: from n/a through 5.6.3.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 18, 2024
-
8.2
HIGHCVE-2024-7755
The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 18, 2024
-
9.8
CRITICALCVE-2024-49322
Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through 1.0.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 18, 2024
-
10.0
CRITICALCVE-2024-49291
Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 18, 2024
-
6.4
MEDIUMCVE-2024-8920
The Fonto – Custom Web Fonts Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for ... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 18, 2024
-
7.1
HIGHCVE-2024-49320
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dennis Hoppe Encyclopedia / Glossary / Wiki allows Reflected XSS.This issue affects Encyclopedia / Glossary / Wiki: from n/a through 1.7.60.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 18, 2024
-
6.5
MEDIUMCVE-2024-48022
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SysBasics Shortcode For Elementor Templates allows Stored XSS.This issue affects Shortcode For Elementor Templates: from n/a through 1.0.0.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 18, 2024
-
6.5
MEDIUMCVE-2024-43609
Microsoft Office Spoofing Vulnerability... Read more
Affected Products : office 365_apps office_long_term_servicing_channel office_2016 office_2024 office_2021 office_2019- Published: Oct. 08, 2024
- Modified: Oct. 17, 2024
-
8.4
HIGHCVE-2024-43497
DeepSpeed Remote Code Execution Vulnerability... Read more
Affected Products : deepspeed- Published: Oct. 08, 2024
- Modified: Oct. 17, 2024
-
6.6
MEDIUM- Published: Oct. 08, 2024
- Modified: Oct. 17, 2024
-
7.8
HIGHCVE-2024-48911
OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unpri... Read more
Affected Products : opencanary- Published: Oct. 14, 2024
- Modified: Oct. 17, 2024
-
8.8
HIGHCVE-2024-9687
The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. This is due to insufficient validation of the user-controlled key on the 'validate_tg' action. This makes it possible for authentic... Read more
Affected Products : wp_2fa_with_telegram- Published: Oct. 15, 2024
- Modified: Oct. 17, 2024
-
4.3
MEDIUMCVE-2024-6757
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the get_image_alt function. This makes it possible for authenticated attackers,... Read more
Affected Products : website_builder- Published: Oct. 15, 2024
- Modified: Oct. 17, 2024
-
7.8
HIGHCVE-2024-43501
Windows Common Log File System Driver Elevation of Privilege Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 +10 more products- Published: Oct. 08, 2024
- Modified: Oct. 17, 2024
-
5.3
MEDIUMCVE-2024-30117
A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.... Read more
Affected Products : bigfix_platform- Published: Oct. 14, 2024
- Modified: Oct. 17, 2024
-
5.5
MEDIUMCVE-2024-43500
Windows Resilient File System (ReFS) Information Disclosure Vulnerability... Read more
Affected Products : windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2- Published: Oct. 08, 2024
- Modified: Oct. 17, 2024
-
7.1
HIGH- Published: Oct. 08, 2024
- Modified: Oct. 17, 2024
-
6.4
MEDIUMCVE-2024-9895
The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's moo_receipt_link shortcode in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping on user ... Read more
Affected Products : smart_online_order_for_clover- Published: Oct. 15, 2024
- Modified: Oct. 17, 2024
-
6.1
MEDIUMCVE-2024-9944
The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated atta... Read more
Affected Products : woocommerce- Published: Oct. 15, 2024
- Modified: Oct. 17, 2024