Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-25 | CVE-2024-22892 | Inadequate Encryption Strength vulnerability in Openslides 4.0.15 OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords. | 7.5 |
| 2024-09-25 | CVE-2024-45613 | Cross-site Scripting vulnerability in Ckeditor Ckeditor5 CKEditor 5 is a JavaScript rich-text editor. | 6.1 |
| 2024-09-25 | CVE-2024-6512 | Incorrect Authorization vulnerability in Devolutions Server Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing intended security restrictions, via the PAM access request approval mechanism. | 6.5 |
| 2024-09-25 | CVE-2024-7575 | Command Injection vulnerability in Telerik UI for WPF In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. | 9.8 |
| 2024-09-25 | CVE-2024-7576 | Deserialization of Untrusted Data vulnerability in Telerik UI for WPF In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability. | 9.8 |
| 2024-09-25 | CVE-2024-7679 | Command Injection vulnerability in Telerik UI for WPF In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. | 7.8 |
| 2024-09-25 | CVE-2024-8316 | Deserialization of Untrusted Data vulnerability in Telerik UI for WPF In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability. | 7.8 |
| 2024-09-25 | CVE-2024-8546 | Cross-site Scripting vulnerability in Wpmet Elementskit Elementor Addons The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video widget in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-09-25 | CVE-2024-6592 | Incorrect Authorization vulnerability in Watchguard Authentication Gateway and Single Sign-On Client Incorrect Authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows and the WatchGuard Single Sign-On Client on Windows and MacOS allows Authentication Bypass.This issue affects the Authentication Gateway: through 12.10.2; Windows Single Sign-On Client: through 12.7; MacOS Single Sign-On Client: through 12.5.4. | 9.1 |
| 2024-09-25 | CVE-2024-6593 | Incorrect Authorization vulnerability in Watchguard Authentication Gateway Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows allows an attacker with network access to execute restricted management commands. This issue affects Authentication Gateway: through 12.10.2. | 9.1 |