Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-08 | CVE-2024-47594 | Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal 7.50 SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. | 5.4 |
| 2024-10-08 | CVE-2024-8925 | Unspecified vulnerability in PHP-Fpm In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. | 5.3 |
| 2024-10-08 | CVE-2024-8926 | OS Command Injection vulnerability in PHP-Fpm In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. | 8.8 |
| 2024-10-08 | CVE-2024-8927 | Unspecified vulnerability in PHP-Fpm In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. | 7.5 |
| 2024-10-08 | CVE-2024-9026 | Unspecified vulnerability in PHP-Fpm In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. | 3.3 |
| 2024-10-07 | CVE-2024-47781 | Cross-site Scripting vulnerability in Miraheze Createwiki 20220402 CreateWiki is an extension used at Miraheze for requesting & creating wikis. | 6.1 |
| 2024-10-07 | CVE-2024-47782 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Miraheze Wikidiscover 20240208 WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. | 5.4 |
| 2024-10-07 | CVE-2024-43362 | Cross-site Scripting vulnerability in Cacti Cacti is an open source performance and fault management framework. | 5.4 |
| 2024-10-07 | CVE-2024-43363 | Code Injection vulnerability in Cacti Cacti is an open source performance and fault management framework. | 7.2 |
| 2024-10-07 | CVE-2024-43364 | Cross-site Scripting vulnerability in Cacti Cacti is an open source performance and fault management framework. | 8.2 |