Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-23 | CVE-2024-9829 | Missing Authorization vulnerability in Metagauss Download Plugin The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions in all versions up to, and including, 2.2.0. | 6.5 |
2024-10-23 | CVE-2024-31880 | Allocation of Resources Without Limits or Throttling vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. | 6.5 |
2024-10-23 | CVE-2024-9927 | Improper Authentication vulnerability in Wpovernight Woocommerce Order Proposal The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. | 7.2 |
2024-10-22 | CVE-2024-7587 | Incorrect Default Permissions vulnerability in multiple products Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for ICONICS GENESIS64 version 10.97.3 and prior, Mitsubishi Electric GENESIS64 version 10.97.3 and prior and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64 or MC Works64. | 7.8 |
2024-10-22 | CVE-2024-10229 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. | 8.1 |
2024-10-22 | CVE-2024-10230 | Type Confusion vulnerability in Google Chrome Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2024-10-22 | CVE-2024-10231 | Type Confusion vulnerability in Google Chrome Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2024-10-22 | CVE-2024-40493 | NULL Pointer Dereference vulnerability in Keith-Cullen Freecoap 1.0 Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a specially crafted CoAP packet that causes `coap_msg_get_payload(resp)` to return a null pointer, which is then dereferenced in a call to `memcpy`. | 9.8 |
2024-10-22 | CVE-2024-44812 | SQL Injection vulnerability in Janobe Online Complaint Site 1.0 SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component. | 9.8 |
2024-10-22 | CVE-2024-48415 | Cross-site Scripting vulnerability in Razormist Loan Management System 1.0 itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact_no, email and tax_id parameters in new borrowers functionality on the Borrowers page. | 5.0 |