Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2024-8950 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arne Informatics Piramit Automation allows Blind SQL Injection. This issue affects Piramit Automation: before 27.09.2024. CVSSv3.1 9.9 (CRITICAL) · EPSS 15th percentile
CVE-2024-12066 — SMSA: The SMSA Shipping(official) plugin for WordPress is vulnerable to arbitrary file deletion due to
The SMSA Shipping(official) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsa_delete_label() function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). CVE-2024-49249 is likely a duplica CVSSv3.1 8.8 (HIGH)
CVE-2024-21549 — Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due
Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arbitrary file reading on a local file. **Note:** This is a bypass of the fix for [CVE-2024-21544](https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8496745). CVSSv3.1 8.6 (HIGH) · EPSS 15th percentile
CVE-2024-10244 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ISDO Software Web Software allows SQL Injection. This issue affects Web Software: before 3.6. CVSSv3.1 9.8 (CRITICAL) · EPSS 28th percentile
CVE-2024-56057 — Vibethemes Wordpress_learning_management_system: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2. CVSSv3.1 9.9 (CRITICAL)
CVE-2024-56055 — Vibethemes Wordpress_learning_management_system: Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS
Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2. CVSSv3.1 8.5 (HIGH)
CVE-2024-56054 — Vibethemes Wordpress_learning_management_system: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2. CVSSv3.1 9.1 (CRITICAL)
CVE-2024-56052 — Vibethemes Wordpress_learning_management_system: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2. CVSSv3.1 9.9 (CRITICAL)
CVE-2024-56051 — Vibethemes Wordpress_learning_management_system: Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows
Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows Code Injection.This issue affects WPLMS: from n/a through < 1.9.9.5. CVSSv3.1 8.5 (HIGH)
CVE-2024-56050 — Vibethemes Wordpress_learning_management_system: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.3. CVSSv3.1 9.9 (CRITICAL)
CVE-2024-56049 — Vibethemes Wordpress_learning_management_system: Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS
Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2. CVSSv3.1 8.5 (HIGH)
CVE-2024-56048 — Vibethemes Wordpress_learning_management_system: Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by
Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9. CVSSv3.1 8.8 (HIGH)
CVE-2024-56047 — Vibethemes Wordpress_learning_management_system: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.3. CVSSv3.1 8.5 (HIGH)
CVE-2024-54383 — Wpwebelite Woocommerce_pdf_vouchers: Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers woocommerce-pdf-vouchers allows Privilege Escalation.This issue
Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers woocommerce-pdf-vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a through < 4.9.9. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-56059 — Improperly: Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in farinspace Partners partners
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in farinspace Partners partners allows Object Injection.This issue affects Partners: from n/a through <= 0.2.0. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-56058 — Deserialization: of Untrusted Data vulnerability in denniskravetstns VRPConnector vrpconnector allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in denniskravetstns VRPConnector vrpconnector allows Object Injection.This issue affects VRPConnector: from n/a through <= 2.0.1. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-55985 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ydesignservices YDS Support Ticket System yds-support-ticket-system allows SQL Injection.This issue affects YDS Support Ticket System: from n/a through <= 1.0. CVSSv3.1 8.5 (HIGH)
CVE-2024-55984 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susheelhbti Saksh Escrow System saksh-escrow-system allows SQL Injection.This issue affects Saksh Escrow System: from n/a through <= 2.4. CVSSv3.1 8.5 (HIGH)
CVE-2024-55983 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PowerFormBuilder PowerFormBuilder power-forms-builder allows SQL Injection.This issue affects PowerFormBuilder: from n/a through <= 1.0.6. CVSSv3.1 8.5 (HIGH)
CVE-2024-55975 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rohit Urane Dr Affiliate dr-affiliate allows SQL Injection.This issue affects Dr Affiliate: from n/a through <= 1.2.3. CVSSv3.1 8.5 (HIGH)
CVE-2024-54270 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axeptio Axeptio axeptio-sdk-integration allows PHP Local File Inclusion.This issue affects Axeptio: from n/a through <= 2.5.4. CVSSv3.1 8.1 (HIGH)
CVE-2024-8972 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobil365 Informatics Saha365 App allows SQL Injection. This issue affects Saha365 App: before 30.09.2024. CVSSv3.1 9.8 (CRITICAL) · EPSS 28th percentile
CVE-2024-37774 — Sunbirddcim Dctrack: A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to
A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens. CVSSv3.1 8.0 (HIGH) · EPSS 9th percentile
CVE-2024-54285 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in SeedProd LLC SeedProd Pro seedprod-coming-soon-pro-5
Unrestricted Upload of File with Dangerous Type vulnerability in SeedProd LLC SeedProd Pro seedprod-coming-soon-pro-5 allows Upload a Web Shell to a Web Server.This issue affects SeedProd Pro: from n/a through <= 6.18.13. CVSSv3.1 9.1 (CRITICAL)
CVE-2024-54280 — Iqonic Wpbookit: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WPBookit wpbookit allows SQL Injection.This issue affects WPBookit: from n/a through <= 1.6.0. CVSSv3.1 9.3 (CRITICAL)