Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-7985 | Unrestricted Upload of File with Dangerous Type vulnerability in Fileorganizer The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the "fileorganizer_ajax_handler" function in all versions up to, and including, 1.0.9. | 8.8 |
| 2024-10-29 | CVE-2024-49769 | Unspecified vulnerability in Agendaless Waitress Waitress is a Web Server Gateway Interface server for Python 2 and 3. | 7.5 |
| 2024-10-29 | CVE-2024-10458 | Unspecified vulnerability in Mozilla Thunderbird A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. | 7.5 |
| 2024-10-29 | CVE-2024-10459 | Use After Free vulnerability in Mozilla Thunderbird An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. | 7.5 |
| 2024-10-29 | CVE-2024-10466 | Unspecified vulnerability in Mozilla Thunderbird By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. | 7.5 |
| 2024-10-29 | CVE-2024-10467 | Out-of-bounds Write vulnerability in Mozilla Thunderbird Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. | 8.8 |
| 2024-10-29 | CVE-2024-41153 | Command Injection vulnerability in Hitachienergy Tro610 Firmware, Tro620 Firmware and Tro670 Firmware Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. | 7.2 |
| 2024-10-29 | CVE-2024-6674 | Origin Validation Error vulnerability in Lollms web UI A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. | 7.1 |
| 2024-10-29 | CVE-2024-7474 | Unspecified vulnerability in Lunary In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability exists. | 8.1 |
| 2024-10-29 | CVE-2024-7783 | Cleartext Storage of Sensitive Information vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT (JSON Web Token) used as a bearer token in single user mode. | 7.5 |