Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-26 | CVE-2024-47145 | Unspecified vulnerability in Mattermost Server Mattermost versions 9.5.x <= 9.5.8 fail to properly authorize access to archived channels when viewing archived channels is disabled, which allows an attacker to view posts and files of archived channels via file links. | 4.3 |
| 2024-09-26 | CVE-2024-47197 | Insecure Storage of Sensitive Information vulnerability in Apache Maven Archetype 3.2.1 Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the issue. Archetype integration testing creates a file called ./target/classes/archetype-it/archetype-settings.xml This file contains all the content from the users ~/.m2/settings.xml file, which often contains information they do not want to publish. | 7.5 |
| 2024-09-26 | CVE-2024-8861 | Cross-site Scripting vulnerability in Metagauss Profilegrid The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.9.3.2 due to incorrect use of the wp_kses_allowed_html function, which allows the 'onclick' attribute for certain HTML elements without sufficient restriction or context validation. | 5.4 |
| 2024-09-26 | CVE-2024-4278 | Unspecified vulnerability in Gitlab An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. | 2.7 |
| 2024-09-26 | CVE-2024-0132 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Nvidia Container Toolkit and Nvidia GPU Operator NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. | 8.3 |
| 2024-09-26 | CVE-2024-0133 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Nvidia Container Toolkit and Nvidia GPU Operator NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. | 3.4 |
| 2024-09-26 | CVE-2024-6517 | Cross-site Scripting vulnerability in Dotsquares Contact Form 7 Math Captcha The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users. | 6.1 |
| 2024-09-26 | CVE-2024-45372 | Cross-Site Request Forgery (CSRF) vulnerability in Planex Mzk-Dp300N Firmware MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. | 6.5 |
| 2024-09-26 | CVE-2024-45836 | Cross-site Scripting vulnerability in Planex products Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. | 6.1 |
| 2024-09-26 | CVE-2024-7772 | Unrestricted Upload of File with Dangerous Type vulnerability in Artbees Jupiter X Core The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. | 9.8 |