Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-13 | CVE-2024-8985 | The Social Proof (Testimonial) Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spslider-block shortcode in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-11-13 | CVE-2024-9614 | The Constant Contact Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. | 6.1 |
| 2024-11-12 | CVE-2024-28729 | Unspecified vulnerability in Dlink Dwr-2000M Firmware 1.34Me An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request. | 9.8 |
| 2024-11-12 | CVE-2024-28730 | Cross-site Scripting vulnerability in Dlink Dwr-2000M Firmware 1.34Me Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the file upload feature of the VPN configuration module. | 5.4 |
| 2024-11-12 | CVE-2024-28731 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dwr-2000M Firmware 1.34Me Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the Port forwarding option. | 4.3 |
| 2024-11-12 | CVE-2024-11110 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. | 6.5 |
| 2024-11-12 | CVE-2024-11111 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. | 4.3 |
| 2024-11-12 | CVE-2024-11112 | Use After Free vulnerability in Google Chrome Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2024-11-12 | CVE-2024-11113 | Use After Free vulnerability in Google Chrome Use after free in Accessibility in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2024-11-12 | CVE-2024-11114 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 8.3 |