Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-11-06 CVE-2024-35146 IBM Maximo Application Suite - Monitor Component 8.10.11, 8.11.8, and 9.0.0 is vulnerable to cross-site scripting.
network
low complexity
CWE-79
5.4
5.4
2024-11-06 CVE-2024-6861 A disclosure of sensitive information flaw was found in foreman via the GraphQL API.
network
low complexity
CWE-200
7.5
7.5
2024-11-06 CVE-2020-11859 Cross-site Scripting vulnerability in Microfocus Imanager
Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3
network
low complexity
microfocus CWE-79
5.4
5.4
2024-11-06 CVE-2024-10914 Unspecified vulnerability in Dlink products
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028.
network
low complexity
dlink
critical
 9.8
9.8
2024-11-06 CVE-2024-10915 OS Command Injection vulnerability in Dlink products
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2024-11-06 CVE-2024-10186 Cross-site Scripting vulnerability in Avecnous Event Post
The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's events_cal shortcode in all versions up to, and including, 5.9.6 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
avecnous CWE-79
5.4
5.4
2024-11-06 CVE-2024-10168 Cross-site Scripting vulnerability in Pluginus Woot
The Active Products Tables for WooCommerce.
network
low complexity
pluginus CWE-79
5.4
5.4
2024-11-06 CVE-2024-8323 Cross-site Scripting vulnerability in Fatcatapps Easy Pricing Tables
The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fontFamily’ attribute in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping.
network
low complexity
fatcatapps CWE-79
5.4
5.4
2024-11-06 CVE-2024-10715 Cross-site Scripting vulnerability in Mappresspro Mappress
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map block in all versions up to, and including, 2.94.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
mappresspro CWE-79
5.4
5.4
2024-11-06 CVE-2024-8614 Unrestricted Upload of File with Dangerous Type vulnerability in Eyecix Jobsearch WP JOB Board
The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_wp_handle_upload() function in all versions up to, and including, 2.6.7.
network
low complexity
eyecix CWE-434
8.8
8.8