Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-15 | CVE-2024-9687 | Authorization Bypass Through User-Controlled Key vulnerability in Dueclic WP 2FA With Telegram The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. | 8.8 |
| 2024-10-15 | CVE-2024-9820 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Dueclic WP 2FA With Telegram The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. | 7.5 |
| 2024-10-15 | CVE-2024-9952 | Cross-site Scripting vulnerability in Oretnom23 Online Eyewear Shop 1.0 A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. | 4.8 |
| 2024-10-15 | CVE-2024-9546 | Unspecified vulnerability in Xplodedthemes Wpide The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.9. | 5.3 |
| 2024-10-15 | CVE-2024-9548 | Cross-site Scripting vulnerability in Wp-Slimstat Slimstat Analytics The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the resource parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping when logging visitor requests. | 6.1 |
| 2024-10-14 | CVE-2024-30117 | Uncontrolled Search Path Element vulnerability in Hcltech Bigfix Platform A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances. | 5.3 |
| 2024-10-14 | CVE-2024-35518 | Command Injection vulnerability in Netgear Ex6120 Firmware Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter. | 6.8 |
| 2024-10-14 | CVE-2024-35519 | Command Injection vulnerability in Netgear Ex3700 Firmware, Ex6100 Firmware and Ex6120 Firmware Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter. | 6.8 |
| 2024-10-14 | CVE-2024-35520 | Command Injection vulnerability in Netgear R7000 Firmware 1.0.11.136 Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter. | 6.8 |
| 2024-10-14 | CVE-2024-9953 | Deserialization of Untrusted Data vulnerability in Cert Vince A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. | 4.9 |