Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-15 | CVE-2024-9973 | SQL Injection vulnerability in Oretnom23 Online Eyewear Shop 1.0 A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. | 9.8 |
| 2024-10-15 | CVE-2024-9974 | SQL Injection vulnerability in Oretnom23 Online Eyewear Shop 1.0 A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. | 9.8 |
| 2024-10-15 | CVE-2024-9895 | Cross-site Scripting vulnerability in Zaytech Smart Online Order for Clover The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's moo_receipt_link shortcode in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-10-15 | CVE-2024-9925 | SQL Injection vulnerability in Taismartfactory Qplant SF 1.0 SQL injection vulnerability in TAI Smart Factory's QPLANT SF version 1.0. | 9.8 |
| 2024-10-15 | CVE-2024-9983 | Path Traversal vulnerability in Ragic Enterprise Cloud Database Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | 7.5 |
| 2024-10-15 | CVE-2024-9984 | Missing Authentication for Critical Function vulnerability in Ragic Enterprise Cloud Database Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie. | 9.8 |
| 2024-10-15 | CVE-2024-9985 | Unrestricted Upload of File with Dangerous Type vulnerability in Ragic Enterprise Cloud Database Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. | 9.8 |
| 2024-10-15 | CVE-2024-9837 | The The AADMY – Add Auto Date Month Year Into Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.1. | 7.3 |
| 2024-10-15 | CVE-2024-9980 | SQL Injection vulnerability in Formosasoft Ee-Class The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to inject arbitrary SQL commands to read, modify and delete database contents. | 8.8 |
| 2024-10-15 | CVE-2024-9981 | Unrestricted Upload of File with Dangerous Type vulnerability in Formosasoft Ee-Class The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code execution on the server. | 8.8 |