| 2024-10-08 | CVE-2024-8215 | Cross-site Scripting vulnerability in Payara
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Payara Platform Payara Server (Admin Console modules) allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before 6.2024.10, from 4.1.2.191.1 before 4.1.2.191.51. | 8.4 |
| 2024-10-08 | CVE-2024-33506 | Unspecified vulnerability in Fortinet Fortimanager
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager 7.4.2 and below, 7.2.5 and below, 7.0.12 and below allows a remote authenticated attacker assigned to an Administrative Domain (ADOM) to access device summary of unauthorized ADOMs via crafted HTTP requests. | 4.3 |
| 2024-10-08 | CVE-2024-45330 | Unspecified vulnerability in Fortinet Fortianalyzer and Fortianalyzer Cloud
A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests. | 7.2 |
| 2024-10-08 | CVE-2024-8431 | The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson() function in all versions up to, and including, 3.2.21. | 4.3 |
| 2024-10-08 | CVE-2024-8482 | Cross-site Scripting vulnerability in Royal-Elementor-Addons Royal Elementor Addons
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.3.982 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-10-08 | CVE-2024-9207 | The BuddyPress Docs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.3. | 6.1 |
| 2024-10-08 | CVE-2024-8422 | Use After Free vulnerability in Schneider-Electric Zelio Soft 2
CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when application user opens a malicious Zelio Soft 2 project file. | 7.8 |
| 2024-10-08 | CVE-2024-8433 | The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘themehunk_megamenu_bg_image' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. | 6.4 |
| 2024-10-08 | CVE-2024-8629 | The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.3.7. | 6.1 |
| 2024-10-08 | CVE-2022-4534 | The Limit Login Attempts (Spam Protection) plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.3. | 5.3 |