Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-22 | CVE-2024-45335 | Unspecified vulnerability in Trendmicro Antivirus ONE Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a specifically crafted virus to allow itself to bypass and evade a virus scan detection. | 5.5 |
| 2024-10-22 | CVE-2024-46902 | SQL Injection vulnerability in Trendmicro Deep Discovery Inspector 6.6/6.7 A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain the ability to execute high-privileged code (admin user rights) on the target system in order to exploit this vulnerability. | 9.1 |
| 2024-10-22 | CVE-2024-46903 | Unspecified vulnerability in Trendmicro Deep Discovery Inspector 6.6/6.7 A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 6.5 |
| 2024-10-22 | CVE-2024-45518 | Server-Side Request Forgery (SSRF) vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. | 8.8 |
| 2024-10-22 | CVE-2024-46538 | Cross-site Scripting vulnerability in Netgate Pfsense 2.5.2 A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php. | 4.8 |
| 2024-10-22 | CVE-2024-48570 | SQL Injection vulnerability in PHPgurukul Client Management System 1.0 Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Dates Reports parameter at /admin/bwdates-reports-ds.php. | 7.5 |
| 2024-10-22 | CVE-2024-48706 | Cross-site Scripting vulnerability in O-Dyn Collabtive 3.1 Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a) managemessage.php file and (b) managetask.php file respectively. | 5.4 |
| 2024-10-22 | CVE-2024-48707 | Cross-site Scripting vulnerability in O-Dyn Collabtive 3.1 Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under (a) action=add or action=edit within managemilestone.php file and (b) action=addpro within admin.php file. | 5.4 |
| 2024-10-22 | CVE-2024-48708 | Cross-site Scripting vulnerability in O-Dyn Collabtive 3.1 Collabtive 3.1 is vulnerable to Cross-Site Scripting (XSS) via the name parameter in (a) file tasklist.php under action = add/edit and in (b) file admin.php under action = adduser/edituser. | 5.4 |
| 2024-10-22 | CVE-2024-49208 | Incorrect Authorization vulnerability in Archerirm Archer 2024.03/2024.04/2024.06 Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass vulnerability related to supporting application files. | 3.1 |