Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-10 | CVE-2024-9522 | Missing Authentication for Critical Function vulnerability in Lagunaisw WP Users Masquerade The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. | 8.8 |
| 2024-10-10 | CVE-2024-9581 | Code Injection vulnerability in Happyplugins Shortcodes Anywhere The Shortcodes AnyWhere plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.1. | 7.3 |
| 2024-10-10 | CVE-2024-9685 | Missing Authorization vulnerability in Andreamarinucci Notification for Telegram The Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nftb_test_action' function in versions up to, and including, 3.3.1. | 4.3 |
| 2024-10-10 | CVE-2024-48949 | Improper Verification of Cryptographic Signature vulnerability in Indutny Elliptic The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation. | 9.1 |
| 2024-10-10 | CVE-2024-48941 | Unspecified vulnerability in Syracom Secure Login 3.1.1.0 The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. | 5.4 |
| 2024-10-10 | CVE-2024-48942 | Unspecified vulnerability in Syracom Secure Login 3.1.1.0 The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. | 5.9 |
| 2024-10-09 | CVE-2024-48933 | Cross-site Scripting vulnerability in Lemonldap-Ng Lemonldap::Ng A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters. | 6.1 |
| 2024-10-09 | CVE-2024-8264 | Information Exposure Through Log Files vulnerability in Fortra Robot Schedule Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled. | 5.5 |
| 2024-10-09 | CVE-2024-30118 | Unspecified vulnerability in Hcltech Connections 7.0/8.0 HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data. | 5.7 |
| 2024-10-09 | CVE-2024-39515 | An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). | 7.5 |