Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-15 | CVE-2024-9981 | Unrestricted Upload of File with Dangerous Type vulnerability in Formosasoft Ee-Class The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code execution on the server. | 8.8 |
| 2024-10-15 | CVE-2024-46898 | Path Traversal vulnerability in Ss-Proj Shirasagi SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. | 7.5 |
| 2024-10-15 | CVE-2024-0129 | Path Traversal vulnerability in Nvidia Nemo NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. | 7.8 |
| 2024-10-15 | CVE-2024-9970 | Unspecified vulnerability in Newtype Flowmaster BPM Plus The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. | 8.8 |
| 2024-10-15 | CVE-2024-9971 | SQL Injection vulnerability in Newtype Flowmaster BPM Plus The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents. | 8.8 |
| 2024-10-15 | CVE-2024-9968 | SQL Injection vulnerability in Newtype Webeip 3.0 WebEIP v3.0 from NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database. | 8.8 |
| 2024-10-15 | CVE-2024-9687 | Authorization Bypass Through User-Controlled Key vulnerability in Dueclic WP 2FA With Telegram The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. | 8.8 |
| 2024-10-15 | CVE-2024-9820 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Dueclic WP 2FA With Telegram The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. | 7.5 |
| 2024-10-14 | CVE-2024-48911 | Incorrect Authorization vulnerability in Thinkst Opencanary OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. | 7.8 |
| 2024-10-14 | CVE-2024-6207 | Unspecified vulnerability in Rockwellautomation products CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and send a specially crafted CIP message to the device. | 7.5 |