Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-50466 | Cross-Site Request Forgery (CSRF) vulnerability in Darkmysite Cross-Site Request Forgery (CSRF) vulnerability in DarkMySite DarkMySite – Advanced Dark Mode Plugin for WordPress darkmysite allows Cross Site Request Forgery.This issue affects DarkMySite – Advanced Dark Mode Plugin for WordPress: from n/a through 1.2.8. | 8.8 |
| 2024-10-29 | CVE-2024-8924 | SQL Injection vulnerability in Servicenow Vancouver/Xanadu ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. | 7.5 |
| 2024-10-29 | CVE-2024-9990 | Cross-Site Request Forgery (CSRF) vulnerability in Odude Crypto Tool The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. | 8.8 |
| 2024-10-29 | CVE-2024-7985 | Unrestricted Upload of File with Dangerous Type vulnerability in Fileorganizer The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the "fileorganizer_ajax_handler" function in all versions up to, and including, 1.0.9. | 8.8 |
| 2024-10-29 | CVE-2024-49769 | Unspecified vulnerability in Agendaless Waitress Waitress is a Web Server Gateway Interface server for Python 2 and 3. | 7.5 |
| 2024-10-29 | CVE-2024-10458 | Unspecified vulnerability in Mozilla Thunderbird A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. | 7.5 |
| 2024-10-29 | CVE-2024-10459 | Use After Free vulnerability in Mozilla Thunderbird An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. | 7.5 |
| 2024-10-29 | CVE-2024-10466 | Unspecified vulnerability in Mozilla Thunderbird By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. | 7.5 |
| 2024-10-29 | CVE-2024-10467 | Out-of-bounds Write vulnerability in Mozilla Thunderbird Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. | 8.8 |
| 2024-10-29 | CVE-2024-41153 | Command Injection vulnerability in Hitachienergy Tro610 Firmware, Tro620 Firmware and Tro670 Firmware Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. | 7.2 |