Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-24 CVE-2024-9865 Cross-site Scripting vulnerability in Metagauss Eventprime
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ep_booking_attendee_fields’ fields in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping.
network
low complexity
metagauss CWE-79
6.1
2024-10-24 CVE-2024-9374 The Terms descriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.6.
network
low complexity
6.1
2024-10-23 CVE-2023-50355 Information Exposure Through an Error Message vulnerability in Hcltech Sametime 11.6/12.0/12.0.2
HCL Sametime is impacted by the error messages containing sensitive information.
network
low complexity
hcltech CWE-209
5.3
2024-10-23 CVE-2024-48213 Path Traversal vulnerability in Rockoa Xinhu 2.6.5
RockOA v2.6.5 is vulnerable to Directory Traversal in webmain/system/beifen/beifenAction.php.
network
low complexity
rockoa CWE-22
4.3
2024-10-23 CVE-2024-10300 SQL Injection vulnerability in PHPgurukul Medical Card Generation System 1.0
A vulnerability, which was classified as critical, has been found in PHPGurukul Medical Card Generation System 1.0.
network
low complexity
phpgurukul CWE-89
7.2
2024-10-23 CVE-2024-10301 SQL Injection vulnerability in PHPgurukul Medical Card Generation System 1.0
A vulnerability, which was classified as critical, was found in PHPGurukul Medical Card Generation System 1.0.
network
low complexity
phpgurukul CWE-89
7.2
2024-10-23 CVE-2024-10298 SQL Injection vulnerability in PHPgurukul Medical Card Generation System 1.0
A vulnerability classified as critical has been found in PHPGurukul Medical Card Generation System 1.0.
network
low complexity
phpgurukul CWE-89
7.2
2024-10-23 CVE-2024-10299 SQL Injection vulnerability in PHPgurukul Medical Card Generation System 1.0
A vulnerability classified as critical was found in PHPGurukul Medical Card Generation System 1.0.
network
low complexity
phpgurukul CWE-89
7.2
2024-10-23 CVE-2024-48963 OS Command Injection vulnerability in Snyk CLI
The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project.
network
low complexity
snyk CWE-78
critical
9.8
2024-10-23 CVE-2024-48964 Code Injection vulnerability in Snyk CLI
The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project.
network
low complexity
snyk CWE-94
8.8