Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-11-18 CVE-2024-10486 The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6.
network
low complexity
CWE-862
5.3
5.3
2024-11-18 CVE-2024-21287 Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension).
network
low complexity
 7.5
7.5
2024-11-18 CVE-2020-26067 A vulnerability in the web-based interface of Cisco Webex Teams could allow an authenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of usernames.
network
low complexity
CWE-80
5.4
5.4
2024-11-18 CVE-2024-10390 The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0.
network
low complexity
CWE-862
6.4
6.4
2024-11-18 CVE-2020-26062 A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt.
network
low complexity
CWE-203
5.3
5.3
2024-11-18 CVE-2020-26063 A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization. The vulnerability is due to improper authorization checks on API endpoints.
network
low complexity
CWE-269
5.4
5.4
2024-11-18 CVE-2020-26071 A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to create or overwrite arbitrary files on an affected device, which could result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation for specific commands.
local
low complexity
CWE-22
8.4
8.4
2024-11-18 CVE-2020-26073 A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to application programmatic interfaces (APIs).
network
low complexity
CWE-35
7.5
7.5
2024-11-18 CVE-2020-27124 A vulnerability in the SSL/TLS handler of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause the affected device to reload unexpectedly, leading to a denial of service (DoS) condition. The vulnerability is due to improper error handling on established SSL/TLS connections.
network
low complexity
CWE-457
8.6
8.6
2024-11-18 CVE-2020-3431 A vulnerability in the web-based management interface of Cisco Small Business RV042 Dual WAN VPN Routers and Cisco Small Business RV042G Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software.
network
low complexity
CWE-79
6.1
6.1