Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-13 | CVE-2024-37398 | Unspecified vulnerability in Ivanti Secure Access Client Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | 7.8 |
| 2024-11-13 | CVE-2024-8874 | The AJAX Login and Registration modal popup + inline form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.24. | 6.1 |
| 2024-11-13 | CVE-2024-8985 | The Social Proof (Testimonial) Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spslider-block shortcode in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-11-13 | CVE-2024-9614 | The Constant Contact Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. | 6.1 |
| 2024-11-12 | CVE-2024-28729 | Unspecified vulnerability in Dlink Dwr-2000M Firmware 1.34Me An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request. | 9.8 |
| 2024-11-12 | CVE-2024-28730 | Cross-site Scripting vulnerability in Dlink Dwr-2000M Firmware 1.34Me Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the file upload feature of the VPN configuration module. | 5.4 |
| 2024-11-12 | CVE-2024-28731 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dwr-2000M Firmware 1.34Me Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the Port forwarding option. | 4.3 |
| 2024-11-12 | CVE-2024-49507 | Out-of-bounds Write vulnerability in Adobe Indesign InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2024-11-12 | CVE-2024-49508 | Out-of-bounds Write vulnerability in Adobe Indesign InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2024-11-12 | CVE-2024-49509 | Out-of-bounds Write vulnerability in Adobe Indesign InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |