Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-09-26 CVE-2024-43191 IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request.
network
low complexity
CWE-502
7.2
7.2
2024-09-26 CVE-2024-7259 A flaw was found in oVirt.
network
high complexity
CWE-312
4.4
4.4
2024-09-26 CVE-2024-8771 The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'preview_email_template_design' function in all versions up to, and including, 5.7.34.
network
low complexity
CWE-862
4.3
4.3
2024-09-26 CVE-2023-46175 IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user.
network
high complexity
 4.4
4.4
2024-09-26 CVE-2024-9177 The Themedy Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themedy_col, themedy_social_link, themedy_alertbox, and themedy_pullleft shortcodes in all versions up to, and including, 1.0.14, and up to, and including 1.0.15 for the plugin's themedy_button shortcode due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2024-09-26 CVE-2024-8633 The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.27 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
5.5
5.5
2024-09-26 CVE-2024-8126 The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.8.
network
high complexity
CWE-434
7.5
7.5
2024-09-26 CVE-2024-8704 The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 5.2.8 via the 'fma_locale' parameter.
network
low complexity
 7.2
7.2
2024-09-26 CVE-2024-8725 Multiple plugins and/or themes for WordPress are vulnerable to Limited File Upload in various versions.
network
high complexity
CWE-434
6.8
6.8
2024-09-26 CVE-2022-4541 The WordPress Visitors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a spoofed HTTP Header value in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
7.2
7.2