Security Vulnerabilities - CVEs Published In October 2024
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction.
CVSS Score
9.8
EPSS Score
0.007
Published
2024-10-10
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scripts may be executed within the context of the victim's browser and have high impact on confidentiality and integrity. Exploitation of this issue requires user interaction.
CVSS Score
8.1
EPSS Score
0.017
Published
2024-10-10
Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier.
CVSS Score
6.0
EPSS Score
0.0
Published
2024-10-10
The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
CVSS Score
9.8
EPSS Score
0.785
Published
2024-10-10
The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers.
CVSS Score
9.0
EPSS Score
0.001
Published
2024-10-10
The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The attacker could also check if a service is running.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-10-10
Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data
CVSS Score
5.3
EPSS Score
0.003
Published
2024-10-10
In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation, bypassing the intended approval process.
CVSS Score
5.4
EPSS Score
0.0
Published
2024-10-10
AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file
CVSS Score
7.8
EPSS Score
0.001
Published
2024-10-10
ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file
CVSS Score
7.8
EPSS Score
0.001
Published
2024-10-10