2025-01-14
2025-01-14 22:15Z
CRIT

CVE-2024-57480 — H3c N12_firmware: N12 V100R005 contains a buffer overflow vulnerability due to the lack of length

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-57480

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the AP configuration function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. CVSSv3.1 9.8 (CRITICAL) · EPSS 53th percentile

CWECWE 120VNDH3cTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-01-14
2025-01-14 22:15Z
CRIT

CVE-2024-57479 — H3c N12_firmware: N12 V100R005 contains a buffer overflow vulnerability due to the lack of length

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-57479

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address update function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. CVSSv3.1 9.8 (CRITICAL) · EPSS 44th percentile

CWECWE 120VNDH3cTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-01-14
2025-01-14 22:15Z
CRIT

CVE-2024-57471 — H3c N12_firmware: N12 V100R005 contains a buffer overflow vulnerability due to the lack of length

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-57471

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 2.4G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. CVSSv3.1 9.8 (CRITICAL) · EPSS 53th percentile

CWECWE 120VNDH3cTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-01-14
2025-01-14 14:15Z
CRIT

CVE-2024-55591 — Fortinet Fortiproxy: An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-55591in the wild

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile

CWECWE 288VNDFortinetTYPVulnerabilitySTAitw exploited
9.8
CVSS v3.1
100
Edit Score
2025-01-14
2025-01-14 14:15Z
HIGH

CVE-2024-48884 — Fortinet Fortimanager: A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-48884

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.9, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, FortiProxy 7.2.0 through 7.2.11, FortiProxy 7.0.0 through 7.0.18, FortiProxy 2.0 all versions, Forti CVSSv3.1 7.5 (HIGH) · EPSS 96th percentile

CWECWE 22VNDFortinetTYPVulnerability
7.5
CVSS v3.1
92
Edit Score
2025-01-13
2025-01-13 19:15Z
CRIT

CVE-2024-46310 — Incorrect: Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-46310

Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint CVSSv3.1 9.1 (CRITICAL) · EPSS 82th percentile

CWECWE 281TYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2025-01-13
2025-01-13 14:15Z
CRIT

CVE-2025-22777 — Givewp Givewp: Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-22777

Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give allows Object Injection.This issue affects GiveWP: from n/a through <= 3.19.3. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDGivewpTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2025-01-10
2025-01-10 21:15Z
HIGH

CVE-2024-54996 — Monicahq Monica: v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54996

MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create. CVSSv3.1 8.8 (HIGH) · EPSS 52th percentile

CWECWE 94CWECWE 79VNDMonicahqTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-01-09
2025-01-09 20:15Z
HIGH

CVE-2024-54887 — Tp-link Tl-wr940n_firmware: TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54887

TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the context of the root user. CVSSv3.1 8.0 (HIGH) · EPSS 93th percentile

CWECWE 120VNDTp LinkVNDLinkTYPVulnerability
8.0
CVSS v3.1
92
Edit Score
2025-01-09
2025-01-09 20:15Z
CRIT

CVE-2024-54724 — PHPYun: before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54724

PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion. CVSSv3.1 9.8 (CRITICAL) · EPSS 44th percentile

CWECWE 94VNDPhpyunTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-01-09
2025-01-09 16:16Z
CRIT

CVE-2025-22542 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-22542

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ofek Nakar Virtual Bot virtual-bot allows Blind SQL Injection.This issue affects Virtual Bot: from n/a through <= 1.0.0. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-01-09
2025-01-09 16:16Z
CRIT

CVE-2025-22540 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-22540

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in seballero Emailing Subscription email-suscripcion allows Blind SQL Injection.This issue affects Emailing Subscription: from n/a through <= 1.4.1. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-01-09
2025-01-09 16:16Z
HIGH

CVE-2025-22537 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-22537

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in traveller11 Google Maps Travel Route google-maps-travel-route allows SQL Injection.This issue affects Google Maps Travel Route: from n/a through <= 1.3.1. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-01-09
2025-01-09 16:16Z
HIGH

CVE-2025-22535 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-22535

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jonkern WPListCal wplistcal allows SQL Injection.This issue affects WPListCal: from n/a through <= 1.3.5. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-01-09
2025-01-09 16:16Z
HIGH

CVE-2025-22508 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-22508

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in roninwp FAT Event Lite fat-event-lite allows PHP Local File Inclusion.This issue affects FAT Event Lite: from n/a through <= 1.1. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-01-09
2025-01-09 16:16Z
HIGH

CVE-2025-22505 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-22505

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crispweb NC Wishlist for Woocommerce nc-wishlist-for-woocommerce allows SQL Injection.This issue affects NC Wishlist for Woocommerce: from n/a through <= 1.0.1. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-01-09
2025-01-09 16:16Z
CRIT

CVE-2025-22504 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in jumpdemand 4ECPS Web Forms 4ecps-webforms

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-22504

Unrestricted Upload of File with Dangerous Type vulnerability in jumpdemand 4ECPS Web Forms 4ecps-webforms allows Upload a Web Shell to a Web Server.This issue affects 4ECPS Web Forms: from n/a through <= 0.2.18. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2025-01-09
2025-01-09 11:15Z
CRIT

CVE-2024-11642 — Addonmaster Post_grid_master: The Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-11642

The Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.4.12 via the 'locate_template' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access co CVSSv3.1 9.8 (CRITICAL)

CWECWE 22VNDAddonmasterVNDPostTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-01-08
2025-01-08 12:58Z
HIGH

AmsiBypass — Bypassing Amsi using LdrLoadDll

GitHub · EDR bypass / evasion·github.comGITHUB POC

AmsiBypass is a proof-of-concept tool demonstrating AMSI (Antimalware Scan Interface) evasion by intercepting LdrLoadDll calls via either hardware breakpoints or inline hooking to prevent amsi.dll from loading. The technique exploits the fact that all DLL loading operations funnel through LdrLoadDll in ntdll.dll, allowing an attacker to return an 'Access Denied' error when amsi.dll is requested, effectively disabling AMSI scanning.

SRFOsTACTA0005TYPToolTYPExploitSTGDefense EvasionTECT1027TECT1562.001EXPProcess Injection
72
Edit Score
2025-01-08
2025-01-08 08:15Z
CRIT

CVE-2024-11635 — Iptanus Wordpress_file_upload: The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-11635

The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server. CVSSv3.1 9.8 (CRITICAL)

CWECWE 94VNDWordpressVNDIptanusTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-01-08
2025-01-08 07:15Z
CRIT

CVE-2024-11613 — Iptanus Wordpress_file_upload: The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-11613

The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and including, 4.24.15 via the 'wfu_file_downloader.php' file. This is due to lack of proper sanitization of the 'source' parameter and allowing a user-defined directory path. This makes it possible for unauthenticated attackers to execute code on the server. CVSSv3.1 9.8 (CRITICAL)

CWECWE 94VNDWordpressVNDIptanusTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-01-07
2025-01-07 18:15Z
CRIT

CVE-2024-50660 — Ipublishmedia Adportal: File Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50660

File Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the file upload functionality CVSSv3.1 9.8 (CRITICAL) · EPSS 60th percentile

CWECWE 94VNDIpublishmediaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-01-07
2025-01-07 18:15Z
CRIT

CVE-2024-50658 — Ipublishmedia Adportal: Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50658

Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the shippingAsBilling and firstname parameters in updateuserinfo.html file CVSSv3.1 9.8 (CRITICAL) · EPSS 58th percentile

CWECWE 94VNDIpublishmediaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-01-07
2025-01-07 16:15Z
HIGH

CVE-2025-22519 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-22519

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jerodmoore eDoc Easy Tables edoc-easy-tables allows SQL Injection.This issue affects eDoc Easy Tables: from n/a through <= 1.29. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-01-07
2025-01-07 16:15Z
CRIT

CVE-2025-0247 — Mozilla Firefox: Some of these bugs showed evidence of memory corruption and we presume that with

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-0247

Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 134 and Thunderbird 134. CVSSv3.1 9.8 (CRITICAL)

CWECWE 787VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score