Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-15 CVE-2024-9982 AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter.
network
low complexity
CWE-89
critical
9.8
2024-10-15 CVE-2024-46898 Path Traversal vulnerability in Ss-Proj Shirasagi
SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability.
network
low complexity
ss-proj CWE-22
7.5
2024-10-15 CVE-2024-0129 Path Traversal vulnerability in Nvidia Nemo
NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction.
local
low complexity
nvidia CWE-22
7.8
2024-10-15 CVE-2024-9944 Cross-site Scripting vulnerability in Woocommerce
The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2.
network
low complexity
woocommerce CWE-79
6.1
2024-10-15 CVE-2024-21535 Cross-site Scripting vulnerability in Quantizor Markdown-To-Jsx
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization.
network
low complexity
quantizor CWE-79
6.1
2024-10-15 CVE-2024-9969 Cross-site Scripting vulnerability in Newtype Webeip 3.0
NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Scripting (XSS) attack.
network
low complexity
newtype CWE-79
5.4
2024-10-15 CVE-2024-9970 Unspecified vulnerability in Newtype Flowmaster BPM Plus
The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability.
network
low complexity
newtype
8.8
2024-10-15 CVE-2024-9971 SQL Injection vulnerability in Newtype Flowmaster BPM Plus
The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents.
network
low complexity
newtype CWE-89
8.8
2024-10-15 CVE-2024-9968 SQL Injection vulnerability in Newtype Webeip 3.0
WebEIP v3.0 from NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database.
network
low complexity
newtype CWE-89
8.8
2024-10-15 CVE-2024-6757 Unspecified vulnerability in Elementor Website Builder
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the get_image_alt function.
network
low complexity
elementor
4.3