Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-13 | CVE-2024-7133 | Cross-site Scripting vulnerability in Premio MY Sticky BAR The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.3 does not validate and escape some of its settings before outputting them back in the page, which could allow users with a high role to perform Stored Cross-Site Scripting attacks. | 4.8 |
| 2024-09-13 | CVE-2024-7863 | Cross-Site Request Forgery (CSRF) vulnerability in Pixeljar Favicon Generator The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server | 6.8 |
| 2024-09-13 | CVE-2024-7864 | Cross-Site Request Forgery (CSRF) vulnerability in Pixeljar Favicon Generator The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not have CSRF and path validation in the output_sub_admin_page_0() function, allowing attackers to make logged in admins delete arbitrary files on the server | 6.5 |
| 2024-09-13 | CVE-2024-8656 | Cross-site Scripting vulnerability in Wpfactory Helper The WPFactory Helper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.7.0. | 6.1 |
| 2024-09-13 | CVE-2024-43180 | Cleartext Transmission of Sensitive Information vulnerability in IBM Concert 1.0 IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
| 2024-09-13 | CVE-2024-8762 | SQL Injection vulnerability in Code-Projects Crud Operation System 1.0 A vulnerability was found in code-projects Crud Operation System 1.0. | 9.8 |
| 2024-09-12 | CVE-2024-7960 | Unspecified vulnerability in Rockwellautomation Pavilion8 5.20 The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. | 9.1 |
| 2024-09-12 | CVE-2024-7961 | Path Traversal vulnerability in Rockwellautomation Pavilion8 5.20 A path traversal vulnerability exists in the Rockwell Automation affected product. | 9.8 |
| 2024-09-12 | CVE-2024-20430 | Uncontrolled Search Path Element vulnerability in Cisco Meraki Systems Manager A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges. This vulnerability is due to incorrect handling of directory search paths at runtime. | 7.3 |
| 2024-09-12 | CVE-2024-44459 | Allocation of Resources Without Limits or Throttling vulnerability in Octavolabs Vernemq 2.0.1 A memory allocation issue in vernemq v2.0.1 allows attackers to cause a Denial of Service (DoS) via excessive memory consumption. | 7.5 |