Security Vulnerabilities - CVEs Published In October 2024
The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.002
Published
2024-10-18
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.
CVSS Score
9.4
EPSS Score
0.94
Published
2024-10-18
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS Score
5.9
EPSS Score
0.012
Published
2024-10-18
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS Score
5.9
EPSS Score
0.012
Published
2024-10-17
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS Score
6.5
EPSS Score
0.006
Published
2024-10-17
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS Score
6.5
EPSS Score
0.012
Published
2024-10-17
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS Score
7.6
EPSS Score
0.061
Published
2024-10-17
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS Score
7.6
EPSS Score
0.061
Published
2024-10-17
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS Score
5.4
EPSS Score
0.003
Published
2024-10-17
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS Score
7.5
EPSS Score
0.065
Published
2024-10-17