Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-05 | CVE-2024-9455 | The WP Cleanup and Basic Functions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-10-05 | CVE-2024-47840 | Cross-site Scripting vulnerability in Wikimedia Apex Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Apex skin allows Stored XSS.This issue affects Mediawiki - Apex skin: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. | 4.8 |
| 2024-10-05 | CVE-2024-47845 | Improper Encoding or Escaping of Output vulnerability in Wikimedia Wikimedia-Extensions-Css Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. | 8.2 |
| 2024-10-05 | CVE-2024-47846 | Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki Cargo 3.6.0 Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. | 8.8 |
| 2024-10-05 | CVE-2024-47847 | Cross-site Scripting vulnerability in Mediawiki Cargo 3.6.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. | 6.1 |
| 2024-10-05 | CVE-2024-47849 | SQL Injection vulnerability in Mediawiki Cargo 3.6.0 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. | 9.8 |
| 2024-10-04 | CVE-2024-37868 | Unrestricted Upload of File with Dangerous Type vulnerability in Emiloimagtolis Online Discussion Forum 1.0 File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received using the "$- FILES" variable. | 8.8 |
| 2024-10-04 | CVE-2024-37869 | Unrestricted Upload of File with Dangerous Type vulnerability in Emiloimagtolis Online Discussion Forum 1.0 File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using the "$- FILES" variable | 8.8 |
| 2024-10-04 | CVE-2024-43683 | Open Redirect vulnerability in Microchip Timeprovider 4100 Firmware URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0. | 6.1 |
| 2024-10-04 | CVE-2024-43684 | Cross-Site Request Forgery (CSRF) vulnerability in Microchip Timeprovider 4100 Firmware Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0. | 8.8 |