Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-08 | CVE-2024-9841 | Cross-site Scripting vulnerability in Microfocus Arcsight Management Center and Arcsight Platform A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. | 6.1 |
| 2024-11-08 | CVE-2024-25431 | Out-of-bounds Read vulnerability in Bytecodealliance Webassembly Micro Runtime An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility function. | 7.8 |
| 2024-11-08 | CVE-2024-45763 | OS Command Injection vulnerability in Dell Enterprise Sonic Distribution Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. | 7.2 |
| 2024-11-08 | CVE-2024-50634 | Unspecified vulnerability in Sbond Watcharr A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform privilege escalation using a crafted JWT token. | 8.8 |
| 2024-11-08 | CVE-2024-45764 | Unspecified vulnerability in Dell Enterprise Sonic Distribution Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authentication vulnerability. | 9.8 |
| 2024-11-08 | CVE-2024-45765 | OS Command Injection vulnerability in Dell Enterprise Sonic Distribution Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. | 7.2 |
| 2024-11-08 | CVE-2024-46948 | Unspecified vulnerability in Northern.Tech Mender 3.2.0/3.2.1/3.2.2 Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control. | 4.3 |
| 2024-11-08 | CVE-2024-10325 | Cross-site Scripting vulnerability in Brainstormforce Elementor Header & Footer Builder The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-11-08 | CVE-2024-10839 | XXE vulnerability in Zohocorp Manageengine Sharepoint Manager Plus Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option. | 8.1 |
| 2024-11-08 | CVE-2024-10187 | Cross-site Scripting vulnerability in Mycred The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycred_link shortcode in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |