Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-15 | CVE-2022-20685 | A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer overflow while processing Modbus traffic. | 7.5 |
| 2024-11-15 | CVE-2024-11245 | SQL Injection vulnerability in Anisha Farmacia 1.0 A vulnerability, which was classified as critical, has been found in code-projects Farmacia 1.0. | 7.5 |
| 2024-11-15 | CVE-2024-41784 | Path Traversal vulnerability in IBM Sterling Secure Proxy IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. | 7.5 |
| 2024-11-15 | CVE-2024-11241 | SQL Injection vulnerability in Anisha JOB Recruitment 1.0 A vulnerability was found in code-projects Job Recruitment 1.0. | 7.5 |
| 2024-11-15 | CVE-2021-3742 | Unspecified vulnerability in Chatwoot A Server-Side Request Forgery (SSRF) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0. | 8.8 |
| 2024-11-15 | CVE-2024-10311 | Unspecified vulnerability in Cmorillas1 External Database Based Actions 0.1 The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. | 8.8 |
| 2024-11-14 | CVE-2024-50968 | Unspecified vulnerability in Adonesevangelista Agri-Trading Online Shopping System 1.0 A business logic vulnerability exists in the Add to Cart function of itsourcecode Agri-Trading Online Shopping System 1.0, which allows remote attackers to manipulate the quant parameter when adding a product to the cart. | 7.5 |
| 2024-11-14 | CVE-2024-3760 | Unspecified vulnerability in Lunary In lunary-ai/lunary version 1.2.7, there is a lack of rate limiting on the forgot password page, leading to an email bombing vulnerability. | 7.5 |
| 2024-11-14 | CVE-2024-3379 | Incorrect Authorization vulnerability in Lunary In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to. | 8.1 |
| 2024-11-14 | CVE-2024-3501 | Insecure Storage of Sensitive Information vulnerability in Lunary In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of `GET /v1/users/me` and `GET /v1/users/me/org` API endpoints. | 8.1 |