Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-25 | CVE-2024-8914 | The Thanh Toán Quét Mã QR Code T? Ð?ng – MoMo, ViettelPay, VNPay và 40 ngân hàng Vi?t Nam plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 due to incorrect use of the wp_kses_allowed_html function, which allows the 'onclick' attribute for certain HTML elements without sufficient restriction or context validation. | 7.2 |
| 2024-09-25 | CVE-2024-8917 | Cross-site Scripting vulnerability in Anwp Football Leagues The AnWP Football Leagues plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.16.7 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-09-25 | CVE-2024-8919 | Cross-site Scripting vulnerability in Wpdeveloperr Confetti Fall Animation The Confetti Fall Animation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'confetti-fall-animation' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-09-25 | CVE-2024-8940 | Unrestricted Upload of File with Dangerous Type vulnerability in Scriptcase 9.4.019 Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request. | 9.8 |
| 2024-09-25 | CVE-2024-8941 | Path Traversal vulnerability in Scriptcase 9.4.019 Path traversal vulnerability in Scriptcase version 9.4.019, in /scriptcase/devel/compat/nm_edit_php_edit.php (in the “subpage” parameter), which allows unauthenticated remote users to bypass SecurityManager's intended restrictions and list and/or read a parent directory via a “/...” or directly into a path used in the POST parameter “field_file” by a web application. | 5.3 |
| 2024-09-25 | CVE-2024-8942 | Cross-site Scripting vulnerability in Scriptcase 9.4.019 Vulnerability in Scriptcase version 9.4.019 that consists of a Cross-Site Scripting (XSS), due to the lack of input validation, affecting the “id_form_msg_title” parameter, among others. | 8.2 |
| 2024-09-25 | CVE-2024-9120 | Use After Free vulnerability in Google Chrome Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2024-09-25 | CVE-2024-9121 | Out-of-bounds Write vulnerability in Google Chrome Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | 8.8 |
| 2024-09-25 | CVE-2024-9122 | Type Confusion vulnerability in Google Chrome Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | 8.8 |
| 2024-09-25 | CVE-2024-9123 | Integer Overflow or Wraparound vulnerability in Google Chrome Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | 8.8 |