Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-9997 | Out-of-bounds Write vulnerability in Autodesk products A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. | 7.8 |
| 2024-10-29 | CVE-2024-50455 | Missing Authorization vulnerability in Seopress 6.9 Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1. | 8.8 |
| 2024-10-29 | CVE-2024-50456 | Missing Authorization vulnerability in Seopress 6.9 Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1. | 8.8 |
| 2024-10-29 | CVE-2024-8587 | Out-of-bounds Write vulnerability in Autodesk products A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. | 7.8 |
| 2024-10-29 | CVE-2024-10491 | Unspecified vulnerability in Openjsf Express A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources. This vulnerability is especially relevant for dynamic parameters. | 5.3 |
| 2024-10-29 | CVE-2024-50459 | Missing Authorization vulnerability in Hmplugin Aidwp Missing Authorization vulnerability in HM Plugin WordPress Stripe Donation and Payment Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Stripe Donation and Payment Plugin: from n/a through 3.2.3. | 9.8 |
| 2024-10-29 | CVE-2024-50466 | Cross-Site Request Forgery (CSRF) vulnerability in Darkmysite Cross-Site Request Forgery (CSRF) vulnerability in DarkMySite DarkMySite – Advanced Dark Mode Plugin for WordPress darkmysite allows Cross Site Request Forgery.This issue affects DarkMySite – Advanced Dark Mode Plugin for WordPress: from n/a through 1.2.8. | 8.8 |
| 2024-10-29 | CVE-2024-8924 | SQL Injection vulnerability in Servicenow Vancouver/Xanadu ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. | 7.5 |
| 2024-10-29 | CVE-2024-9988 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Odude Crypto Tool The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. | 9.8 |
| 2024-10-29 | CVE-2024-9989 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Odude Crypto Tool The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. | 9.8 |