Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-04 CVE-2024-6400 Cleartext Storage of Sensitive Information vulnerability in Finrota
Cleartext Storage of Sensitive Information vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data.This issue solved in versions 1.21.10, 1.23.01, 1.23.08, 1.23.11 and 1.24.03.
network
low complexity
finrota CWE-312
7.5
7.5
2024-10-04 CVE-2024-9071 Cross-site Scripting vulnerability in Sigmadevs Easy Demo Importer
The Easy Demo Importer – A Modern One-Click Demo Import Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping.
network
low complexity
sigmadevs CWE-79
5.4
5.4
2024-10-04 CVE-2024-9271 Cross-site Scripting vulnerability in Remilia Re:Wp
The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping.
network
low complexity
remilia CWE-79
5.4
5.4
2024-10-04 CVE-2024-6444 Out-of-bounds Write vulnerability in Zephyrproject Zephyr 3.2.01
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
low complexity
zephyrproject CWE-787
6.5
6.5
2024-10-04 CVE-2024-9306 Cross-site Scripting vulnerability in Wpbookingcalendar WP Booking Calendar
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 10.6 due to insufficient input sanitization and output escaping.
network
low complexity
wpbookingcalendar CWE-79
4.8
4.8
2024-10-04 CVE-2024-9435 Cross-site Scripting vulnerability in Plainware Shiftcontroller
The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL keys in all versions up to, and including, 4.9.66 due to insufficient input sanitization and output escaping.
network
low complexity
plainware CWE-79
6.1
6.1
2024-10-04 CVE-2024-47854 Cross-site Scripting vulnerability in Veritas Data Insight
An XSS vulnerability was discovered in Veritas Data Insight before 7.1.
network
low complexity
veritas CWE-79
6.1
6.1
2024-10-04 CVE-2024-6442 Out-of-bounds Write vulnerability in Zephyrproject Zephyr 3.2.01
In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow.
low complexity
zephyrproject CWE-787
6.5
6.5
2024-10-04 CVE-2024-6443 Out-of-bounds Write vulnerability in Zephyrproject Zephyr 3.2.01
In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty.
low complexity
zephyrproject CWE-787
6.5
6.5
2024-10-04 CVE-2024-8804 Cross-site Scripting vulnerability in Davidartiss Code Embed
The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's script embed functionality in all versions up to, and including, 2.4 due to insufficient restrictions on who can utilize the functionality.
network
low complexity
davidartiss CWE-79
5.4
5.4