Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-13 | CVE-2024-50852 | Command Injection vulnerability in Tendacn G3 Firmware 15.11.0.20 Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function. | 8.8 |
| 2024-11-13 | CVE-2024-50853 | Command Injection vulnerability in Tendacn G3 Firmware 15.11.0.20 Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function. | 8.8 |
| 2024-11-13 | CVE-2024-50854 | Out-of-bounds Write vulnerability in Tendacn G3 Firmware 15.11.0.20 Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow via the formSetPortMapping function. | 8.8 |
| 2024-11-13 | CVE-2024-9477 | Cross-site Scripting vulnerability in Airties Air4443 Firmware Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AirTies Air4443 Firmware allows Cross-Site Scripting (XSS).This issue affects Air4443 Firmware: through 14102024. NOTE: The vendor was contacted and it was learned that the product classified as End-of-Life and End-of-Support. | 6.1 |
| 2024-11-13 | CVE-2024-11159 | Unspecified vulnerability in Mozilla Thunderbird Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. | 4.3 |
| 2024-11-13 | CVE-2024-47574 | Missing Authentication for Critical Function vulnerability in Fortinet Forticlient A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages. | 7.8 |
| 2024-11-13 | CVE-2024-8001 | Unspecified vulnerability in Viwis Learning Management System 9.11 A vulnerability was found in VIWIS LMS 9.11. | 4.3 |
| 2024-11-13 | CVE-2024-9059 | Cross-site Scripting vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-11-13 | CVE-2024-9668 | Cross-site Scripting vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-11-13 | CVE-2024-9682 | Cross-site Scripting vulnerability in Royal-Elementor-Addons Royal Elementor Addons The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Form Builder widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |