CVE-2024-49666 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound ARPrice allows SQL Injection. This issue affects ARPrice: from n/a through 4.0.3.
CVSS: HIGH (8.5) EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|
CVE-2024-49655 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound ARPrice allows SQL Injection. This issue affects ARPrice: from n/a through 4.0.3.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|
CVE-2024-49333 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5.
CVSS: HIGH (8.5) EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|
CVE-2024-49303 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5.
CVSS: HIGH (8.5) EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|
CVE-2024-49300 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows Reflected XSS. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|
CVE-2024-48392 |
Description: OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover.
EPSS Score: 0.05%
January 22nd, 2025 (6 months ago)
|
CVE-2024-45687 |
Description: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in Payara Platform Payara Server (Grizzly, REST Management Interface modules), Payara Platform Payara Micro (Grizzly modules) allows Manipulating State, Identity Spoofing.This issue affects Payara Server: from 4.1.151 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0; Payara Micro: from 4.1.152 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0.
CVSS: LOW (2.4) EPSS Score: 0.05%
January 22nd, 2025 (6 months ago)
|
CVE-2024-45478 |
Description: Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0.
Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.
EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|
CVE-2024-45091 |
Description: IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.
CVSS: MEDIUM (6.2) EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|
CVE-2024-43771 |
Description: In gatts_process_read_req of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|