Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-09-23 CVE-2024-47068 Cross-site Scripting vulnerability in Rollupjs Rollup
Rollup is a module bundler for JavaScript.
network
low complexity
rollupjs CWE-79
6.1
6.1
2024-09-23 CVE-2024-47069 Cross-site Scripting vulnerability in Oveleon Cookiebar
Oveleon Cookie Bar is a cookie bar is for the Contao Open Source CMS and allows a visitor to define cookie & privacy settings for the website.
network
low complexity
oveleon CWE-79
6.1
6.1
2024-09-23 CVE-2024-23922 Insufficient Verification of Data Authenticity vulnerability in Sony Xav-Ax5500 Firmware 1.13
Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability.
low complexity
sony CWE-345
6.8
6.8
2024-09-23 CVE-2024-23972 Classic Buffer Overflow vulnerability in Sony Xav-Ax5500 Firmware 1.13
Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability.
low complexity
sony CWE-120
6.8
6.8
2024-09-23 CVE-2024-8606 Incorrect Authorization vulnerability in Checkmk 2.2.0/2.3.0
Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication
network
low complexity
checkmk CWE-863
8.8
8.8
2024-09-23 CVE-2024-8758 Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master
The Quiz and Survey Master (QSM) WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
network
low complexity
expresstech CWE-79
4.8
4.8
2024-09-23 CVE-2024-47227 Cross-site Scripting vulnerability in Iredmail Iredadmin
iRedAdmin before 2.6 allows XSS, e.g., via order_name.
network
low complexity
iredmail CWE-79
6.1
6.1
2024-09-23 CVE-2024-9094 SQL Injection vulnerability in Code-Projects Blood Bank System 1.0
A vulnerability classified as critical was found in code-projects Blood Bank System 1.0.
network
low complexity
code-projects CWE-89
critical
 9.8
9.8
2024-09-23 CVE-2024-9092 Cross-site Scripting vulnerability in Rems Profile Registration Without Reload/Refresh 1.0
A vulnerability was found in SourceCodester Profile Registration without Reload Refresh 1.0.
network
low complexity
rems CWE-79
6.1
6.1
2024-09-23 CVE-2024-9093 SQL Injection vulnerability in Rems Profile Registration Without Reload/Refresh 1.0
A vulnerability classified as critical has been found in SourceCodester Profile Registration without Reload Refresh 1.0.
network
low complexity
rems CWE-89
7.2
7.2