Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-13 CVE-2024-9908 Classic Buffer Overflow vulnerability in Dlink Dir-619L Firmware 2.06B1
A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06.
network
low complexity
dlink CWE-120
8.8
8.8
2024-10-13 CVE-2024-9906 Cross-site Scripting vulnerability in Oretnom23 Online Eyewear Shop 1.0
A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0.
network
low complexity
oretnom23 CWE-79
5.4
5.4
2024-10-13 CVE-2024-9905 SQL Injection vulnerability in Oretnom23 Online Eyewear Shop 1.0
A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0.
network
low complexity
oretnom23 CWE-89
8.8
8.8
2024-10-12 CVE-2024-9894 SQL Injection vulnerability in Blood Bank System Project Blood Bank System 1.0
A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0.
network
low complexity
blood-bank-system-project CWE-89
8.8
8.8
2024-10-12 CVE-2024-8757 The WP Post Author – Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the linked_user_id parameter in all versions up to, and including, 3.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.2
7.2
2024-10-12 CVE-2024-8760 The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6.
network
low complexity
CWE-94
5.3
5.3
2024-10-12 CVE-2024-8915 The Category Icon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-10-12 CVE-2024-9595 The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the table cell content in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-10-12 CVE-2024-9696 The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rescue_tab' shortcode in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-10-12 CVE-2024-9047 The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php.
network
low complexity
CWE-22
critical
 9.8
9.8