Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-26 | CVE-2024-47330 | Missing Authorization vulnerability in Supsystic Slider and Social Share Buttons Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons by Supsystic: from n/a through 2.2.9. | 8.8 |
| 2024-09-26 | CVE-2024-8552 | Missing Authorization vulnerability in Wpchill Download Monitor The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.9. | 4.3 |
| 2024-09-26 | CVE-2024-8723 | Cross-site Scripting vulnerability in Wangbin 012 PS Multi Languages The 012 Ps Multi Languages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via translated titles in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-26 | CVE-2024-8803 | Cross-site Scripting vulnerability in Madfishdigital Bulk Noindex & Nofollow Toolkit The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.15. | 6.1 |
| 2024-09-26 | CVE-2024-8404 | Link Following vulnerability in Papercut NG An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. | 7.8 |
| 2024-09-26 | CVE-2024-8405 | Command Injection vulnerability in Papercut NG An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. | 5.5 |
| 2024-09-25 | CVE-2024-47083 | Information Exposure Through Log Files vulnerability in Microsoft Power Platform Terraform Provider Power Platform Terraform Provider allows managing environments and other resources within Power Platform. | 7.5 |
| 2024-09-25 | CVE-2023-51157 | Cross-site Scripting vulnerability in Zkteco Wdms 5.1.3 Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the Emp Name parameter. | 5.4 |
| 2024-09-25 | CVE-2024-46488 | Out-of-bounds Write vulnerability in Asg017 Sqlite-Vec 0.1.1 sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npy_token_next function. | 5.5 |
| 2024-09-25 | CVE-2024-46489 | Code Injection vulnerability in Ferrislucas Promptr 6.0.7 A remote command execution (RCE) vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL. | 8.8 |