Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-02 | CVE-2024-47804 | Unspecified vulnerability in Jenkins If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk, allowing attackers with Item/Configure permission to save the item to persist it, effectively bypassing the item creation restriction. | 4.3 |
| 2024-10-02 | CVE-2024-47805 | Insufficiently Protected Credentials vulnerability in Jenkins Credentials Jenkins Credentials Plugin 1380.va_435002fa_924 and earlier, except 1371.1373.v4eb_fa_b_7161e9, does not redact encrypted values of credentials using the `SecretBytes` type when accessing item `config.xml` via REST API or CLI. | 7.5 |
| 2024-10-02 | CVE-2024-44193 | Unspecified vulnerability in Apple Itunes A logic issue was addressed with improved restrictions. | 7.8 |
| 2024-10-02 | CVE-2024-9429 | SQL Injection vulnerability in Code-Projects Restaurant Reservation System 1.0 A vulnerability has been found in code-projects Restaurant Reservation System 1.0 and classified as critical. | 9.8 |
| 2024-10-02 | CVE-2024-35294 | An unauthenticated remote attacker may use the devices traffic capture without authentication to grab plaintext administrative credentials. | 6.5 |
| 2024-10-02 | CVE-2024-35293 | An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS. | 9.1 |
| 2024-10-02 | CVE-2024-8282 | Cross-site Scripting vulnerability in Vowelweb Ibtana The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:ive/ive-productscarousel' Gutenberg block in all versions up to, and including, 1.2.4.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-10-02 | CVE-2024-8505 | Cross-site Scripting vulnerability in Connekthq Ajax Load More The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_label’ parameter in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-10-02 | CVE-2024-9218 | Cross-site Scripting vulnerability in Themegrill Magazine Blocks The Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.14. | 6.1 |
| 2024-10-02 | CVE-2024-9344 | Cross-site Scripting vulnerability in Berqier Berqwp The BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. | 6.1 |