Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-31 CVE-2024-10596 SQL Injection vulnerability in Esafenet CDG 5
A vulnerability was found in ESAFENET CDG 5.
network
low complexity
esafenet CWE-89
8.8
8.8
2024-10-31 CVE-2024-10597 SQL Injection vulnerability in Esafenet CDG 5
A vulnerability classified as critical has been found in ESAFENET CDG 5.
network
low complexity
esafenet CWE-89
critical
 9.8
9.8
2024-10-31 CVE-2024-8553 A vulnerability was found in Foreman's loader macros introduced with report templates.
network
low complexity
CWE-200
6.3
6.3
2024-10-31 CVE-2024-43383 Deserialization of Untrusted Data vulnerability in Apache Lucene.Net 4.8.0
Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator. This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016. An attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type.
network
high complexity
apache CWE-502
8.1
8.1
2024-10-31 CVE-2024-49685 Cross-Site Request Forgery (CSRF) vulnerability in Smashballoon Custom Twitter Feeds
Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds (Tweets Widget) allows Cross Site Request Forgery.This issue affects Custom Twitter Feeds (Tweets Widget): from n/a through 2.2.3.
network
low complexity
smashballoon CWE-352
8.8
8.8
2024-10-31 CVE-2024-9165 The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.4.4 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2024-10-31 CVE-2024-9430 The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is vulnerable to unauthorized access of Quote data due to a missing capability check on the ct_tepfw_wp_loaded function in all versions up to, and including, 1.0.0.
network
low complexity
CWE-306
5.3
5.3
2024-10-31 CVE-2024-9434 The WPGlobus Translate Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0.
network
low complexity
 6.1
6.1
2024-10-31 CVE-2024-9446 The WP Simple Anchors Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpanchor shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-10-31 CVE-2024-10392 The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_image_upload' function in all versions up to, and including, 1.8.89.
network
low complexity
CWE-434
critical
 9.8
9.8