Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-30 | CVE-2024-9885 | The Widget or Sidebar Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sidebar' shortcode in all versions up to, and including, 0.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
| 2024-10-30 | CVE-2024-9886 | The WP Baidu Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'baidu_map' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity | 6.4 |
| 2024-10-30 | CVE-2024-10505 | Code Injection vulnerability in Wuzhicms 4.1.0 A vulnerability was found in wuzhicms 4.1.0. | 7.2 |
| 2024-10-30 | CVE-2024-10500 | SQL Injection vulnerability in Esafenet CDG 5 A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. | 8.8 |
| 2024-10-30 | CVE-2024-10501 | SQL Injection vulnerability in Esafenet CDG 5 A vulnerability, which was classified as critical, was found in ESAFENET CDG 5. | 8.8 |
| 2024-10-30 | CVE-2024-10502 | SQL Injection vulnerability in Esafenet CDG 5 A vulnerability has been found in ESAFENET CDG 5 and classified as critical. | 8.8 |
| 2024-10-30 | CVE-2024-10503 | Cross-site Scripting vulnerability in Klokantech Maptiler Tileserver GL 2.3.1 A vulnerability was found in Klokan MapTiler tileserver-gl 2.3.1 and classified as problematic. | 6.1 |
| 2024-10-29 | CVE-2024-50348 | Cross-site Scripting vulnerability in Instantcms InstantCMS is a free and open source content management system. | 5.4 |
| 2024-10-29 | CVE-2024-51378 | OS Command Injection vulnerability in Cyberpanel getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. | 9.8 |
| 2024-10-29 | CVE-2024-51567 | Missing Authentication for Critical Function vulnerability in Cyberpanel upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. | 9.8 |