2024-12-25
2024-12-25 13:15Z
CRIT

CVE-2024-8950 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-8950

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arne Informatics Piramit Automation allows Blind SQL Injection. This issue affects Piramit Automation: before 27.09.2024. CVSSv3.1 9.9 (CRITICAL) · EPSS 15th percentile

CWECWE 89TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-12-21
2024-12-21 07:15Z
HIGH

CVE-2024-12066 — SMSA: The SMSA Shipping(official) plugin for WordPress is vulnerable to arbitrary file deletion due to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-12066

The SMSA Shipping(official) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsa_delete_label() function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). CVE-2024-49249 is likely a duplica CVSSv3.1 8.8 (HIGH)

CWECWE 73VNDSmsaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-12-20
2024-12-20 05:15Z
HIGH

CVE-2024-21549 — Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-21549

Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arbitrary file reading on a local file. **Note:** This is a bypass of the fix for [CVE-2024-21544](https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8496745). CVSSv3.1 8.6 (HIGH) · EPSS 15th percentile

CWECWE 20TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2024-12-19
2024-12-19 14:15Z
CRIT

CVE-2024-10244 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-10244

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ISDO Software Web Software allows SQL Injection. This issue affects Web Software: before 3.6. CVSSv3.1 9.8 (CRITICAL) · EPSS 28th percentile

CWECWE 89TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-12-18
2024-12-18 19:15Z
CRIT

CVE-2024-56057 — Vibethemes Wordpress_learning_management_system: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56057

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434VNDVibethemesTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-12-18
2024-12-18 19:15Z
HIGH

CVE-2024-56055 — Vibethemes Wordpress_learning_management_system: Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56055

Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2. CVSSv3.1 8.5 (HIGH)

CWECWE 35VNDVibethemesTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-12-18
2024-12-18 19:15Z
CRIT

CVE-2024-56054 — Vibethemes Wordpress_learning_management_system: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56054

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2. CVSSv3.1 9.1 (CRITICAL)

CWECWE 434VNDVibethemesTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
728 × 90 / responsive · programmatic ad slot
2024-12-18
2024-12-18 19:15Z
CRIT

CVE-2024-56052 — Vibethemes Wordpress_learning_management_system: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56052

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434VNDVibethemesTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-12-18
2024-12-18 19:15Z
HIGH

CVE-2024-56051 — Vibethemes Wordpress_learning_management_system: Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56051

Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows Code Injection.This issue affects WPLMS: from n/a through < 1.9.9.5. CVSSv3.1 8.5 (HIGH)

CWECWE 94VNDVibethemesTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-12-18
2024-12-18 19:15Z
CRIT

CVE-2024-56050 — Vibethemes Wordpress_learning_management_system: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56050

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.3. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434VNDVibethemesTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-12-18
2024-12-18 19:15Z
HIGH

CVE-2024-56049 — Vibethemes Wordpress_learning_management_system: Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56049

Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2. CVSSv3.1 8.5 (HIGH)

CWECWE 35VNDVibethemesTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-12-18
2024-12-18 19:15Z
HIGH

CVE-2024-56048 — Vibethemes Wordpress_learning_management_system: Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56048

Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9. CVSSv3.1 8.8 (HIGH)

CWECWE 862VNDVibethemesTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-12-18
2024-12-18 19:15Z
HIGH

CVE-2024-56047 — Vibethemes Wordpress_learning_management_system: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56047

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.3. CVSSv3.1 8.5 (HIGH)

CWECWE 89VNDVibethemesTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-12-18
2024-12-18 19:15Z
CRIT

CVE-2024-54383 — Wpwebelite Woocommerce_pdf_vouchers: Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers woocommerce-pdf-vouchers allows Privilege Escalation.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54383

Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers woocommerce-pdf-vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a through < 4.9.9. CVSSv3.1 9.8 (CRITICAL)

CWECWE 266VNDWpwebeliteTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-12-18
2024-12-18 12:15Z
CRIT

CVE-2024-56059 — Improperly: Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in farinspace Partners partners

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56059

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in farinspace Partners partners allows Object Injection.This issue affects Partners: from n/a through <= 0.2.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 1321VNDImproperlyTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-12-18
2024-12-18 12:15Z
CRIT

CVE-2024-56058 — Deserialization: of Untrusted Data vulnerability in denniskravetstns VRPConnector vrpconnector allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56058

Deserialization of Untrusted Data vulnerability in denniskravetstns VRPConnector vrpconnector allows Object Injection.This issue affects VRPConnector: from n/a through <= 2.0.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-12-18
2024-12-18 12:15Z
HIGH

CVE-2024-55985 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-55985

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ydesignservices YDS Support Ticket System yds-support-ticket-system allows SQL Injection.This issue affects YDS Support Ticket System: from n/a through <= 1.0. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-12-18
2024-12-18 12:15Z
HIGH

CVE-2024-55984 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-55984

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susheelhbti Saksh Escrow System saksh-escrow-system allows SQL Injection.This issue affects Saksh Escrow System: from n/a through <= 2.4. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-12-18
2024-12-18 12:15Z
HIGH

CVE-2024-55983 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-55983

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PowerFormBuilder PowerFormBuilder power-forms-builder allows SQL Injection.This issue affects PowerFormBuilder: from n/a through <= 1.0.6. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-12-18
2024-12-18 12:15Z
HIGH

CVE-2024-55975 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-55975

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rohit Urane Dr Affiliate dr-affiliate allows SQL Injection.This issue affects Dr Affiliate: from n/a through <= 1.2.3. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-12-18
2024-12-18 12:15Z
HIGH

CVE-2024-54270 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54270

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axeptio Axeptio axeptio-sdk-integration allows PHP Local File Inclusion.This issue affects Axeptio: from n/a through <= 2.5.4. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2024-12-17
2024-12-17 14:15Z
CRIT

CVE-2024-8972 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-8972

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobil365 Informatics Saha365 App allows SQL Injection. This issue affects Saha365 App: before 30.09.2024. CVSSv3.1 9.8 (CRITICAL) · EPSS 28th percentile

CWECWE 89TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-12-16
2024-12-16 22:15Z
HIGH

CVE-2024-37774 — Sunbirddcim Dctrack: A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-37774

A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens. CVSSv3.1 8.0 (HIGH) · EPSS 9th percentile

CWECWE 352VNDSunbirddcimTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2024-12-16
2024-12-16 16:15Z
CRIT

CVE-2024-54285 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in SeedProd LLC SeedProd Pro seedprod-coming-soon-pro-5

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54285

Unrestricted Upload of File with Dangerous Type vulnerability in SeedProd LLC SeedProd Pro seedprod-coming-soon-pro-5 allows Upload a Web Shell to a Web Server.This issue affects SeedProd Pro: from n/a through <= 6.18.13. CVSSv3.1 9.1 (CRITICAL)

CWECWE 434TYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2024-12-16
2024-12-16 16:15Z
CRIT

CVE-2024-54280 — Iqonic Wpbookit: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54280

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WPBookit wpbookit allows SQL Injection.This issue affects WPBookit: from n/a through <= 1.6.0. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89VNDIqonicTYPVulnerability
9.3
CVSS v3.1
97
Edit Score