Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-25 | CVE-2024-46489 | Code Injection vulnerability in Ferrislucas Promptr 6.0.7 A remote command execution (RCE) vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL. | 8.8 |
| 2024-09-25 | CVE-2024-46655 | Cross-site Scripting vulnerability in Ellevo 6.2.0.38160 A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL. | 6.1 |
| 2024-09-25 | CVE-2024-47082 | Cross-Site Request Forgery (CSRF) vulnerability in Strawberryrocks Strawberry Strawberry GraphQL is a library for creating GraphQL APIs. | 8.0 |
| 2024-09-25 | CVE-2024-47305 | Cross-Site Request Forgery (CSRF) vulnerability in Dineshkarki USE ANY Font Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any Font allows Cross Site Request Forgery.This issue affects Use Any Font: from n/a through 6.3.08. | 8.8 |
| 2024-09-25 | CVE-2024-47315 | Cross-Site Request Forgery (CSRF) vulnerability in Givewp Cross-Site Request Forgery (CSRF) vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.15.1. | 8.8 |
| 2024-09-25 | CVE-2024-20414 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS XE A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system through the web UI. This vulnerability is due to incorrectly accepting configuration changes through the HTTP GET method. | 6.5 |
| 2024-09-25 | CVE-2024-20433 | Out-of-bounds Write vulnerability in Cisco IOS A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to a buffer overflow when processing crafted RSVP packets. | 7.5 |
| 2024-09-25 | CVE-2024-20434 | Integer Overflow or Wraparound vulnerability in Cisco IOS XE A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. | 4.3 |
| 2024-09-25 | CVE-2024-20436 | NULL Pointer Dereference vulnerability in Cisco IOS XE A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a null pointer dereference when accessing specific URLs. | 7.5 |
| 2024-09-25 | CVE-2024-20437 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOS XE A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. | 8.8 |