9.8
CVE-2024-49400 -
Tacquito prior to commit 07b49d1358e6ec0b5aa482fcd284f509191119e2 was not properly performing regex matches on authorized commands and arguments. Configured allowed commands/arguments were intended to require a match on the entire string, but instead only enforced a match on a sub-string. That woulโฆ
0.0
CVE-2024-49317 - WordPress Point Maker plugin <= 0.1.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ZIPANG Point Maker point-maker allows PHP Local File Inclusion.This issue affects Point Maker: from n/a through <= 0.1.4.
9.8
CVE-2024-49318 - WordPress My Reading Library plugin <= 1.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Scott My Reading Library my-reading-library allows Object Injection.This issue affects My Reading Library: from n/a through <= 1.0.
4.9
CVE-2024-49312 - WordPress Edwiser Bridge plugin <= 3.0.7 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery (SSRF) vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge.This issue affects Edwiser Bridge: from n/a through <= 3.0.7.
6.3
CVE-2024-10073 - flairNLP flair Mode File Loader clustering.py ClusteringModel code injection
A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\models\clustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to launch the attack remotely. The complโฆ
5.3
CVE-2024-10072 - ESAFENET CDG EncryptPolicyService.java actionAddEncryptPolicyGroup sql injection
A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. This issue affects the function actionAddEncryptPolicyGroup of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument checklist leads to sql injection. The attack may be iโฆ
8.7
CVE-2024-49399 - Missing Authentication for Critical Function in Elvaco M-Bus Metering Gateway CMe3100
The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information.
8.8
CVE-2024-49398 - Unrestricted Upload of File with Dangerous Type in Elvaco M-Bus Metering Gateway CMe3100
The affected product is vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute code.
9.2
CVE-2024-49397 - Cross-site Scripting in Elvaco M-Bus Metering Gateway CMe3100
The affected product is vulnerable to a cross-site scripting attack which may allow an attacker to bypass authentication and takeover admin accounts.
8.7
CVE-2024-49396 - Insufficiently Protected Credentials in Elvaco M-Bus Metering Gateway CMe3100
The affected product is vulnerable due to insufficiently protected credentials, which may allow an attacker to impersonate Elvaco and send false information.