Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-15 | CVE-2024-9985 | Unrestricted Upload of File with Dangerous Type vulnerability in Ragic Enterprise Cloud Database Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. | 9.8 |
| 2024-10-15 | CVE-2024-9837 | The The AADMY – Add Auto Date Month Year Into Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.1. | 7.3 |
| 2024-10-15 | CVE-2024-9980 | SQL Injection vulnerability in Formosasoft Ee-Class The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify and delete database contents. | 8.8 |
| 2024-10-15 | CVE-2024-9981 | Unrestricted Upload of File with Dangerous Type vulnerability in Formosasoft Ee-Class The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code execution on the server. | 8.8 |
| 2024-10-15 | CVE-2024-9982 | AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. | 9.8 |
| 2024-10-15 | CVE-2024-46898 | Path Traversal vulnerability in Ss-Proj Shirasagi SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. | 7.5 |
| 2024-10-15 | CVE-2024-9972 | Property Management System from ChanGate has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | 9.8 |
| 2024-10-15 | CVE-2024-0129 | Path Traversal vulnerability in Nvidia Nemo NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. | 7.8 |
| 2024-10-15 | CVE-2024-9944 | Cross-site Scripting vulnerability in Woocommerce The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. | 6.1 |
| 2024-10-15 | CVE-2024-21535 | Cross-site Scripting vulnerability in Quantizor Markdown-To-Jsx Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. | 6.1 |