Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-11-01 CVE-2024-10655 SQL Injection vulnerability in Tongda2000 Office Anywhere 2017
A vulnerability was found in Tongda OA 2017 up to 11.9.
network
low complexity
tongda2000 CWE-89
critical
 9.8
9.8
2024-11-01 CVE-2024-37094 Unspecified vulnerability in Stylemixthemes Masterstudy LMS
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MasterStudy LMS: from n/a through 3.2.12.
network
low complexity
stylemixthemes
critical
 9.8
9.8
2024-11-01 CVE-2024-7456 SQL Injection vulnerability in Lunary 1.4.2
A SQL injection vulnerability exists in the `/api/v1/external-users` route of lunary-ai/lunary version v1.4.2.
network
low complexity
lunary CWE-89
critical
 9.8
9.8
2024-11-01 CVE-2024-10367 The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-11-01 CVE-2024-10232 The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atomchat shortcode in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-11-01 CVE-2024-10651 IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrator privileges to exploit this vulnerability to read arbitrary system files.
network
low complexity
CWE-36
4.9
4.9
2024-11-01 CVE-2024-10652 IDExpert from CHANGING Information Technology does not properly validate a parameter for a specific functionality, allowing unauthenticated remote attackers to inject JavsScript code and perform Reflected Cross-site scripting attacks.
network
low complexity
CWE-79
6.1
6.1
2024-11-01 CVE-2024-7424 The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to unauthorized modification of and access to data due to a missing capability check on several functions in all versions up to, and including, 4.0.1.
network
low complexity
CWE-284
5.4
5.4
2024-11-01 CVE-2024-9655 Cross-site Scripting vulnerability in Kadencewp Gutenberg Blocks With AI
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon widget in all versions up to, and including, 6.6.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
kadencewp CWE-79
5.4
5.4
2024-11-01 CVE-2024-10616 SQL Injection vulnerability in Tongda2000 Office Anywhere
A vulnerability classified as critical has been found in Tongda OA up to 11.9.
network
low complexity
tongda2000 CWE-89
critical
 9.8
9.8