Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-26 | CVE-2024-47171 | Path Traversal vulnerability in Agnai Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. | 4.3 |
| 2024-09-26 | CVE-2024-43191 | IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request. | 7.2 |
| 2024-09-26 | CVE-2024-7259 | A flaw was found in oVirt. | 4.4 |
| 2024-09-26 | CVE-2024-8771 | The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'preview_email_template_design' function in all versions up to, and including, 5.7.34. | 4.3 |
| 2024-09-26 | CVE-2023-46175 | IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user. network high complexity | 4.4 |
| 2024-09-26 | CVE-2024-9177 | Cross-site Scripting vulnerability in Themedy Toolbox The Themedy Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themedy_col, themedy_social_link, themedy_alertbox, and themedy_pullleft shortcodes in all versions up to, and including, 1.0.14, and up to, and including 1.0.15 for the plugin's themedy_button shortcode due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-09-26 | CVE-2024-7107 | Files or Directories Accessible to External Parties vulnerability in Nationalkeep Cybermath 1.4 Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations.This issue affects CyberMath: before CYBM.240816253. | 7.5 |
| 2024-09-26 | CVE-2024-7108 | Incorrect Authorization vulnerability in Nationalkeep Cybermath 1.4 Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CyberMath: before CYBM.240816253. | 9.8 |
| 2024-09-26 | CVE-2024-8633 | Cross-site Scripting vulnerability in 10Web Form Maker The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.27 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-09-26 | CVE-2024-8126 | Unrestricted Upload of File with Dangerous Type vulnerability in Advancedfilemanager Advanced File Manager The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.8. | 8.8 |