Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-25 | CVE-2024-8940 | Unrestricted Upload of File with Dangerous Type vulnerability in Scriptcase 9.4.019 Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request. | 9.8 |
| 2024-09-25 | CVE-2024-8941 | Path Traversal vulnerability in Scriptcase 9.4.019 Path traversal vulnerability in Scriptcase version 9.4.019, in /scriptcase/devel/compat/nm_edit_php_edit.php (in the “subpage” parameter), which allows unauthenticated remote users to bypass SecurityManager's intended restrictions and list and/or read a parent directory via a “/...” or directly into a path used in the POST parameter “field_file” by a web application. | 5.3 |
| 2024-09-25 | CVE-2024-8942 | Cross-site Scripting vulnerability in Scriptcase 9.4.019 Vulnerability in Scriptcase version 9.4.019 that consists of a Cross-Site Scripting (XSS), due to the lack of input validation, affecting the “id_form_msg_title” parameter, among others. | 8.2 |
| 2024-09-25 | CVE-2024-9120 | Use After Free vulnerability in Google Chrome Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2024-09-25 | CVE-2024-9121 | Out-of-bounds Write vulnerability in Google Chrome Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | 8.8 |
| 2024-09-25 | CVE-2024-9122 | Type Confusion vulnerability in Google Chrome Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | 8.8 |
| 2024-09-25 | CVE-2024-9123 | Integer Overflow or Wraparound vulnerability in Google Chrome Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | 8.8 |
| 2024-09-25 | CVE-2024-9148 | Cross-site Scripting vulnerability in Flowiseai Embed and Flowise Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0. | 6.1 |
| 2024-09-24 | CVE-2022-2439 | The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'upload[file]' parameter in versions up to, and including 3.3.3. | 7.2 |
| 2024-09-24 | CVE-2024-8623 | Code Injection vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3. | 7.3 |