Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-10 | CVE-2024-45148 | Unspecified vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. | 8.8 |
| 2024-10-10 | CVE-2024-45149 | Unspecified vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. | 4.3 |
| 2024-10-10 | CVE-2024-8977 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. | 8.1 |
| 2024-10-10 | CVE-2024-9596 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. | 5.3 |
| 2024-10-10 | CVE-2024-9623 | Incorrect Authorization vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository. | 6.5 |
| 2024-10-10 | CVE-2024-6747 | Information Exposure vulnerability in Checkmk 2.1.0/2.2.0 Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data | 7.5 |
| 2024-10-10 | CVE-2024-7049 | Unspecified vulnerability in Openwebui Open Webui 0.3.8 In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. | 5.4 |
| 2024-10-10 | CVE-2024-9796 | SQL Injection vulnerability in Internet-Formation Wp-Advanced-Search The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks | 9.8 |
| 2024-10-10 | CVE-2024-9780 | Missing Initialization of Resource vulnerability in Wireshark 4.4.0 ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file | 5.5 |
| 2024-10-10 | CVE-2024-9156 | SQL Injection vulnerability in Templateinvaders TI Woocommerce Wishlist The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |