Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-31 | CVE-2024-10598 | Missing Authorization vulnerability in Tongda2000 Office Anywhere A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. | 6.5 |
| 2024-10-31 | CVE-2024-10599 | Allocation of Resources Without Limits or Throttling vulnerability in Tongda2000 Office Anywhere 2017 A vulnerability, which was classified as problematic, has been found in Tongda OA 2017 up to 11.7. | 7.5 |
| 2024-10-31 | CVE-2024-6480 | The SIP Reviews Shortcode for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'no_of_reviews' attribute in the woocommerce_reviews shortcode in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-10-31 | CVE-2024-10594 | SQL Injection vulnerability in Esafenet CDG 5 A vulnerability was found in ESAFENET CDG 5. | 8.8 |
| 2024-10-31 | CVE-2024-10595 | SQL Injection vulnerability in Esafenet CDG 5 A vulnerability was found in ESAFENET CDG 5. | 9.8 |
| 2024-10-31 | CVE-2024-10596 | SQL Injection vulnerability in Esafenet CDG 5 A vulnerability was found in ESAFENET CDG 5. | 8.8 |
| 2024-10-31 | CVE-2024-10597 | SQL Injection vulnerability in Esafenet CDG 5 A vulnerability classified as critical has been found in ESAFENET CDG 5. | 9.8 |
| 2024-10-31 | CVE-2024-8553 | A vulnerability was found in Foreman's loader macros introduced with report templates. | 6.3 |
| 2024-10-31 | CVE-2024-43383 | Deserialization of Untrusted Data vulnerability in Apache Lucene.Net 4.8.0 Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator. This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016. An attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. | 8.1 |
| 2024-10-31 | CVE-2024-49685 | Cross-Site Request Forgery (CSRF) vulnerability in Smashballoon Custom Twitter Feeds Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds (Tweets Widget) allows Cross Site Request Forgery.This issue affects Custom Twitter Feeds (Tweets Widget): from n/a through 2.2.3. | 8.8 |