Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-23 CVE-2024-9829 Missing Authorization vulnerability in Metagauss Download Plugin
The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions in all versions up to, and including, 2.2.0.
network
low complexity
metagauss CWE-862
6.5
2024-10-23 CVE-2024-31880 Allocation of Resources Without Limits or Throttling vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.
network
low complexity
ibm CWE-770
6.5
2024-10-23 CVE-2024-9927 Improper Authentication vulnerability in Wpovernight Woocommerce Order Proposal
The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5.
network
low complexity
wpovernight CWE-287
7.2
2024-10-22 CVE-2024-7587 Incorrect Default Permissions vulnerability in multiple products
Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for ICONICS GENESIS64 version 10.97.3 and prior, Mitsubishi Electric GENESIS64 version 10.97.3 and prior and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64 or MC Works64.
local
low complexity
iconics mitsubishielectric CWE-276
7.8
2024-10-22 CVE-2024-10229 Unspecified vulnerability in Google Chrome
Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.
network
low complexity
google
8.1
2024-10-22 CVE-2024-10230 Type Confusion vulnerability in Google Chrome
Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google CWE-843
8.8
2024-10-22 CVE-2024-10231 Type Confusion vulnerability in Google Chrome
Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google CWE-843
8.8
2024-10-22 CVE-2024-40493 NULL Pointer Dereference vulnerability in Keith-Cullen Freecoap 1.0
Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a specially crafted CoAP packet that causes `coap_msg_get_payload(resp)` to return a null pointer, which is then dereferenced in a call to `memcpy`.
network
low complexity
keith-cullen CWE-476
critical
9.8
2024-10-22 CVE-2024-44812 SQL Injection vulnerability in Janobe Online Complaint Site 1.0
SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component.
network
low complexity
janobe CWE-89
critical
9.8
2024-10-22 CVE-2024-48415 Cross-site Scripting vulnerability in Razormist Loan Management System 1.0
itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact_no, email and tax_id parameters in new borrowers functionality on the Borrowers page.
local
low complexity
razormist CWE-79
5.0