Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-04 | CVE-2024-47654 | Unspecified vulnerability in Shilpisoft Client Dashboard This vulnerability exists in Shilpi Client Dashboard due to lack of rate limiting and Captcha protection for OTP requests in certain API endpoint. | 7.5 |
| 2024-10-04 | CVE-2024-47655 | Unrestricted Upload of File with Dangerous Type vulnerability in Shilpisoft Client Dashboard This vulnerability exists in the Shilpi Client Dashboard due to improper validation of files being uploaded other than the specified extension. | 8.8 |
| 2024-10-04 | CVE-2024-47656 | Improper Restriction of Excessive Authentication Attempts vulnerability in Shilpisoft Client Dashboard This vulnerability exists in Shilpi Client Dashboard due to missing restrictions for incorrect login attempts on its API based login. | 9.8 |
| 2024-10-04 | CVE-2024-47657 | Authorization Bypass Through User-Controlled Key vulnerability in Shilpisoft NET Back Office This vulnerability exists in the Shilpi Net Back Office due to improper access controls on certain API endpoints. | 6.5 |
| 2024-10-04 | CVE-2024-8499 | Cross-site Scripting vulnerability in Themehigh Checkout Field Editor The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘render_review_request_notice’ function in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-10-04 | CVE-2024-9481 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed eml file to crash the application during file processing. | 5.5 |
| 2024-10-04 | CVE-2024-9482 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed Mach-O file to crash the application during file processing. | 5.5 |
| 2024-10-04 | CVE-2024-9483 | NULL Pointer Dereference vulnerability in multiple products A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing. | 5.5 |
| 2024-10-04 | CVE-2024-9484 | NULL Pointer Dereference vulnerability in multiple products An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing. | 5.5 |
| 2024-10-04 | CVE-2024-9513 | Information Exposure Through Discrepancy vulnerability in Netadmin IAM A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 and classified as problematic. | 3.7 |