Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-15 | CVE-2024-9982 | AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. | 9.8 |
2024-10-15 | CVE-2024-46898 | Path Traversal vulnerability in Ss-Proj Shirasagi SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. | 7.5 |
2024-10-15 | CVE-2024-0129 | Path Traversal vulnerability in Nvidia Nemo NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. | 7.8 |
2024-10-15 | CVE-2024-9944 | Cross-site Scripting vulnerability in Woocommerce The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. | 6.1 |
2024-10-15 | CVE-2024-21535 | Cross-site Scripting vulnerability in Quantizor Markdown-To-Jsx Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. | 6.1 |
2024-10-15 | CVE-2024-9969 | Cross-site Scripting vulnerability in Newtype Webeip 3.0 NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Scripting (XSS) attack. | 5.4 |
2024-10-15 | CVE-2024-9970 | Unspecified vulnerability in Newtype Flowmaster BPM Plus The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. | 8.8 |
2024-10-15 | CVE-2024-9971 | SQL Injection vulnerability in Newtype Flowmaster BPM Plus The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents. | 8.8 |
2024-10-15 | CVE-2024-9968 | SQL Injection vulnerability in Newtype Webeip 3.0 WebEIP v3.0 from NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database. | 8.8 |
2024-10-15 | CVE-2024-6757 | Unspecified vulnerability in Elementor Website Builder The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the get_image_alt function. | 4.3 |