Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-04 | CVE-2024-9384 | Cross-site Scripting vulnerability in Wpfactory Quantity Dynamic Pricing & Bulk Discounts for Woocommerce The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.8.0. | 6.1 |
| 2024-10-04 | CVE-2024-9421 | Cross-site Scripting vulnerability in Prontotools Login Logout Shortcode The Login Logout Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-10-04 | CVE-2024-9445 | Cross-site Scripting vulnerability in Acekyd Display Medium Posts The Display Medium Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's display_medium_posts shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-10-04 | CVE-2024-44204 | Unspecified vulnerability in Apple Iphone OS A logic issue was addressed with improved validation. | 5.5 |
| 2024-10-04 | CVE-2024-44207 | Unspecified vulnerability in Apple Iphone OS This issue was addressed with improved checks. | 4.3 |
| 2024-10-03 | CVE-2024-42417 | SQL Injection vulnerability in Deltaww Diaenergie Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. | 8.8 |
| 2024-10-03 | CVE-2024-43699 | SQL Injection vulnerability in Deltaww Diaenergie Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. | 9.8 |
| 2024-10-03 | CVE-2024-41587 | Cross-site Scripting vulnerability in Draytek products Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6. | 5.4 |
| 2024-10-03 | CVE-2024-41591 | Cross-site Scripting vulnerability in Draytek products DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS. | 6.1 |
| 2024-10-03 | CVE-2024-41593 | Out-of-bounds Write vulnerability in Draytek products DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow. | 9.8 |