Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-09-23 CVE-2024-46997 Unspecified vulnerability in Dataease
DataEase is an open source data visualization analysis tool.
network
low complexity
dataease
critical
9.8
2024-09-23 CVE-2024-47066 Server-Side Request Forgery (SSRF) vulnerability in Lobehub Lobe Chat
Lobe Chat is an open-source artificial intelligence chat framework.
network
low complexity
lobehub CWE-918
8.8
2024-09-23 CVE-2024-47068 Cross-site Scripting vulnerability in Rollupjs Rollup
Rollup is a module bundler for JavaScript.
network
low complexity
rollupjs CWE-79
6.1
2024-09-23 CVE-2024-47069 Cross-site Scripting vulnerability in Oveleon Cookiebar
Oveleon Cookie Bar is a cookie bar is for the Contao Open Source CMS and allows a visitor to define cookie & privacy settings for the website.
network
low complexity
oveleon CWE-79
6.1
2024-09-23 CVE-2024-23922 Insufficient Verification of Data Authenticity vulnerability in Sony Xav-Ax5500 Firmware 1.13
Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability.
low complexity
sony CWE-345
6.8
2024-09-23 CVE-2024-23972 Classic Buffer Overflow vulnerability in Sony Xav-Ax5500 Firmware 1.13
Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability.
low complexity
sony CWE-120
6.8
2024-09-23 CVE-2024-45348 Command Injection vulnerability in MI Ax9000 Firmware
Xiaomi Router AX9000 has a post-authorization command injection vulnerability.
network
low complexity
mi CWE-77
8.8
2024-09-23 CVE-2024-8606 Incorrect Authorization vulnerability in Checkmk 2.2.0/2.3.0
Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication
network
low complexity
checkmk CWE-863
8.8
2024-09-23 CVE-2024-8758 Cross-site Scripting vulnerability in Expresstech Quiz and Survey Master
The Quiz and Survey Master (QSM) WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
network
low complexity
expresstech CWE-79
4.8
2024-09-23 CVE-2024-47227 Cross-site Scripting vulnerability in Iredmail Iredadmin
iRedAdmin before 2.6 allows XSS, e.g., via order_name.
network
low complexity
iredmail CWE-79
6.1