Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-09-26 CVE-2024-8404 Link Following vulnerability in Papercut NG
An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled.
local
low complexity
papercut CWE-59
7.8
7.8
2024-09-26 CVE-2024-8405 Command Injection vulnerability in Papercut NG
An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled.
local
low complexity
papercut CWE-77
5.5
5.5
2024-09-25 CVE-2024-47083 Information Exposure Through Log Files vulnerability in Microsoft Power Platform Terraform Provider
Power Platform Terraform Provider allows managing environments and other resources within Power Platform.
network
low complexity
microsoft CWE-532
7.5
7.5
2024-09-25 CVE-2023-51157 Cross-site Scripting vulnerability in Zkteco Wdms 5.1.3
Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the Emp Name parameter.
network
low complexity
zkteco CWE-79
5.4
5.4
2024-09-25 CVE-2024-46488 Out-of-bounds Write vulnerability in Asg017 Sqlite-Vec 0.1.1
sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npy_token_next function.
local
low complexity
asg017 CWE-787
5.5
5.5
2024-09-25 CVE-2024-46489 Code Injection vulnerability in Ferrislucas Promptr 6.0.7
A remote command execution (RCE) vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL.
network
low complexity
ferrislucas CWE-94
8.8
8.8
2024-09-25 CVE-2024-46655 Cross-site Scripting vulnerability in Ellevo 6.2.0.38160
A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL.
network
low complexity
ellevo CWE-79
6.1
6.1
2024-09-25 CVE-2024-47082 Cross-Site Request Forgery (CSRF) vulnerability in Strawberryrocks Strawberry
Strawberry GraphQL is a library for creating GraphQL APIs.
network
low complexity
strawberryrocks CWE-352
8.0
8.0
2024-09-25 CVE-2024-47305 Cross-Site Request Forgery (CSRF) vulnerability in Dineshkarki USE ANY Font
Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any Font allows Cross Site Request Forgery.This issue affects Use Any Font: from n/a through 6.3.08.
network
low complexity
dineshkarki CWE-352
8.8
8.8
2024-09-25 CVE-2024-47315 Cross-Site Request Forgery (CSRF) vulnerability in Givewp
Cross-Site Request Forgery (CSRF) vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.15.1.
network
low complexity
givewp CWE-352
8.8
8.8