Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-16 | CVE-2024-8746 | Unrestricted Upload of File with Dangerous Type vulnerability in Filemanagerpro File Manager The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mk_file_folder_manager_shortcode' ajax action in all versions up to, and including, 8.3.9. | 8.8 |
| 2024-10-16 | CVE-2024-9305 | The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.4. | 8.1 |
| 2024-10-16 | CVE-2024-49340 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Watson Studio Local 1.2.3 IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2024-10-15 | CVE-2024-38139 | Unspecified vulnerability in Microsoft Dataverse Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. | 8.8 |
| 2024-10-15 | CVE-2024-38190 | Missing Authorization vulnerability in Microsoft Power Platform Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector. | 8.6 |
| 2024-10-15 | CVE-2024-45085 | Improper Check for Unusual or Exceptional Conditions vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. | 7.5 |
| 2024-10-15 | CVE-2024-48783 | Unspecified vulnerability in Ruijie Nbr3000D-E Firmware An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via the /tool/shell/postgresql.conf component. | 7.5 |
| 2024-10-15 | CVE-2024-9594 | Use of Hard-coded Credentials vulnerability in Kubernetes Image Builder A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process when using the Nutanix, OVA, QEMU or raw providers. | 8.1 |
| 2024-10-15 | CVE-2024-9954 | Use After Free vulnerability in Google Chrome Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2024-10-15 | CVE-2024-9955 | Use After Free vulnerability in Google Chrome Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |