Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-15 | CVE-2024-9925 | SQL Injection vulnerability in Taismartfactory Qplant SF 1.0 SQL injection vulnerability in TAI Smart Factory's QPLANT SF version 1.0. | 9.8 |
| 2024-10-15 | CVE-2024-9983 | Path Traversal vulnerability in Ragic Enterprise Cloud Database Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | 7.5 |
| 2024-10-15 | CVE-2024-9984 | Missing Authentication for Critical Function vulnerability in Ragic Enterprise Cloud Database Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie. | 9.8 |
| 2024-10-15 | CVE-2024-9985 | Unrestricted Upload of File with Dangerous Type vulnerability in Ragic Enterprise Cloud Database Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. | 9.8 |
| 2024-10-15 | CVE-2024-9837 | The The AADMY – Add Auto Date Month Year Into Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.1. | 7.3 |
| 2024-10-15 | CVE-2024-9980 | SQL Injection vulnerability in Formosasoft Ee-Class The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify and delete database contents. | 8.8 |
| 2024-10-15 | CVE-2024-9981 | Unrestricted Upload of File with Dangerous Type vulnerability in Formosasoft Ee-Class The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code execution on the server. | 8.8 |
| 2024-10-15 | CVE-2024-9982 | AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. | 9.8 |
| 2024-10-15 | CVE-2024-46898 | Path Traversal vulnerability in Ss-Proj Shirasagi SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. | 7.5 |
| 2024-10-15 | CVE-2024-0129 | Path Traversal vulnerability in Nvidia Nemo NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. | 7.8 |