Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-18 | CVE-2024-4740 | Use of Hard-coded Credentials vulnerability in Moxa Mxsecurity 1.0/1.0.1 MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. | 7.5 |
| 2024-10-18 | CVE-2023-49567 | Improper Certificate Validation vulnerability in Bitdefender Total Security A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. | 6.8 |
| 2024-10-18 | CVE-2023-6055 | Improper Certificate Validation vulnerability in Bitdefender Total Security A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates. | 7.4 |
| 2024-10-18 | CVE-2023-6056 | Improper Certificate Validation vulnerability in Bitdefender Total Security A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. | 7.4 |
| 2024-10-18 | CVE-2023-6057 | Unspecified vulnerability in Bitdefender Total Security A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. | 7.4 |
| 2024-10-18 | CVE-2023-6058 | Improper Certificate Validation vulnerability in Bitdefender Total Security A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. | 6.8 |
| 2024-10-18 | CVE-2024-10055 | Cross-site Scripting vulnerability in Ninjateam Click to Chat The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaio_snapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-10-18 | CVE-2024-10078 | Missing Authorization vulnerability in Newsignature WP Easy Post Types The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. | 5.4 |
| 2024-10-18 | CVE-2024-10079 | Deserialization of Untrusted Data vulnerability in Newsignature WP Easy Post Types The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input from the 'text' parameter in the 'ajax_import_content' function. | 8.8 |
| 2024-10-18 | CVE-2024-10080 | Cross-site Scripting vulnerability in Newsignature WP Easy Post Types The WP Easy Post Types plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |