Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-11-20 CVE-2024-8726 The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.3.
network
low complexity
CWE-79
6.1
2024-11-20 CVE-2024-9239 The Booster for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.2.3.
network
low complexity
CWE-79
6.1
2024-11-20 CVE-2024-9653 The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
2024-11-20 CVE-2024-11278 The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.7.2.
network
low complexity
6.1
2024-11-19 CVE-2024-11400 The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the really_curr_tax parameter in all versions up to, and including, 1.3.6.3 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
2024-11-19 CVE-2024-37070 IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.
network
low complexity
CWE-359
4.3
2024-11-19 CVE-2024-52360 IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injection.
network
low complexity
7.6
2024-11-19 CVE-2024-52714 Classic Buffer Overflow vulnerability in Tenda AC6 Firmware 15.03.06.50Multi
Tenda AC6 v2.0 v15.03.06.50 was discovered to contain a buffer overflow in the function 'fromSetSysTime.
network
low complexity
tenda CWE-120
critical
9.8
2024-11-19 CVE-2024-52759 Classic Buffer Overflow vulnerability in Dlink Di-8003 Firmware 16.07.16A1
D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function.
network
low complexity
dlink CWE-120
critical
9.8
2024-11-19 CVE-2024-53050 In the Linux kernel, the following vulnerability has been resolved: drm/i915/hdcp: Add encoder check in hdcp2_get_capability Add encoder check in intel_hdcp2_get_capability to avoid null pointer error.
local
low complexity
CWE-476
5.5