2024-12-16
2024-12-16 16:15Z
CRIT

CVE-2024-54229 — Incorrect: Privilege Assignment vulnerability in straightvisions GmbH SV100 Companion sv100-companion allows Privilege Escalation.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54229

Incorrect Privilege Assignment vulnerability in straightvisions GmbH SV100 Companion sv100-companion allows Privilege Escalation.This issue affects SV100 Companion: from n/a through <= 2.0.02. CVSSv3.1 9.8 (CRITICAL)

CWECWE 266TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-12-16
2024-12-16 16:15Z
CRIT

CVE-2024-43234 — Xtendify Woffice: Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice woffice allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-43234

Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice woffice allows Authentication Bypass.This issue affects Woffice: from n/a through <= 5.4.14. CVSSv3.1 9.8 (CRITICAL) · EPSS 15th percentile

CWECWE 288VNDXtendifyTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-12-16
2024-12-16 15:15Z
HIGH

CVE-2024-56013 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in wovax Wovax IDX wovax-idx

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56013

Authentication Bypass Using an Alternate Path or Channel vulnerability in wovax Wovax IDX wovax-idx allows Authentication Bypass.This issue affects Wovax IDX: from n/a through <= 1.2.2. CVSSv3.1 8.8 (HIGH)

CWECWE 288TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-12-16
2024-12-16 15:15Z
CRIT

CVE-2024-56012 — Site: Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Flash News / Post (Responsive) flashnews-fading-effect-pearlbells allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-56012

Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Flash News / Post (Responsive) flashnews-fading-effect-pearlbells allows Privilege Escalation.This issue affects Flash News / Post (Responsive): from n/a through <= 4.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 352TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-12-16
2024-12-16 15:15Z
CRIT

CVE-2024-55988 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-55988

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Amol Nirmala Waman Navayan CSV Export navayan-csv-export allows Blind SQL Injection.This issue affects Navayan CSV Export: from n/a through <= 1.0.9. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2024-12-16
2024-12-16 15:15Z
HIGH

CVE-2024-55987 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-55987

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ritesh Sanap Advanced What should we write next about advanced-what-should-we-write-about-next allows SQL Injection.This issue affects Advanced What should we write next about: from n/a through <= 1.0.3. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-12-16
2024-12-16 15:15Z
HIGH

CVE-2024-55986 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-55986

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tiny13 Service service allows Blind SQL Injection.This issue affects Service: from n/a through <= 1.0.4. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
728 × 90 / responsive · programmatic ad slot
2024-12-16
2024-12-16 15:15Z
CRIT

CVE-2024-55982 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-55982

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in richteam Share Buttons – Social Media rich-web-share-button allows Blind SQL Injection.This issue affects Share Buttons – Social Media: from n/a through <= 1.0.2. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2024-12-16
2024-12-16 15:15Z
CRIT

CVE-2024-55981 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-55981

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nabajit Roy Nabz Image Gallery nabz-image-gallery allows SQL Injection.This issue affects Nabz Image Gallery: from n/a through <= v1.00. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2024-12-16
2024-12-16 15:15Z
CRIT

CVE-2024-55980 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-55980

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robindkumar Wr Age Verification wr-age-verification allows SQL Injection.This issue affects Wr Age Verification: from n/a through <= 2.0.0. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2024-12-16
2024-12-16 15:15Z
HIGH

CVE-2024-55979 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-55979

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robindkumar Wr Age Verification wr-age-verification allows SQL Injection.This issue affects Wr Age Verification: from n/a through <= 2.0.0. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-12-16
2024-12-16 15:15Z
CRIT

CVE-2024-55978 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-55978

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WalletStation Code Generator Pro code-generator-pro allows SQL Injection.This issue affects Code Generator Pro: from n/a through <= 1.2. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2024-12-16
2024-12-16 15:15Z
CRIT

CVE-2024-55977 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-55977

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BinaryCarpenter LaunchPage.app Importer launchpage-app-importer allows SQL Injection.This issue affects LaunchPage.app Importer: from n/a through <= 1.1. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2024-12-16
2024-12-16 15:15Z
CRIT

CVE-2024-55976 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-55976

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mikeleembruggen Critical Site Intel critical-site-intel-stats allows SQL Injection.This issue affects Critical Site Intel: from n/a through <= 1.0. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2024-12-16
2024-12-16 15:15Z
HIGH

CVE-2024-55974 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-55974

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Martí Batlles Martinez Mimoos devoluciones-packback allows SQL Injection.This issue affects Mimoos: from n/a through <= 1.2. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-12-16
2024-12-16 15:15Z
HIGH

CVE-2024-55973 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-55973

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in rnystrom TSB Occasion Editor tsb-occasion-editor allows SQL Injection.This issue affects TSB Occasion Editor: from n/a through <= 1.2.1. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-12-16
2024-12-16 15:15Z
CRIT

CVE-2024-55972 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-55972

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in chriscarvache eTemplates etemplates allows SQL Injection.This issue affects eTemplates: from n/a through <= 0.2.1. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2024-12-16
2024-12-16 15:15Z
HIGH

CVE-2024-54379 — Authorization: Missing Authorization vulnerability in blokhauswp Minterpress minterpress allows Privilege Escalation.This issue affects Minterpress: from

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54379

Missing Authorization vulnerability in blokhauswp Minterpress minterpress allows Privilege Escalation.This issue affects Minterpress: from n/a through <= 1.0.5. CVSSv3.1 8.8 (HIGH)

CWECWE 862TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-12-16
2024-12-16 15:15Z
HIGH

CVE-2024-54378 — Authorization: Missing Authorization vulnerability in Quietly Quietly Insights quietly-insights allows Privilege Escalation.This issue affects Quietly

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54378

Missing Authorization vulnerability in Quietly Quietly Insights quietly-insights allows Privilege Escalation.This issue affects Quietly Insights: from n/a through <= 1.2.2. CVSSv3.1 8.8 (HIGH)

CWECWE 862TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-12-16
2024-12-16 15:15Z
CRIT

CVE-2024-54372 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Insertify insertify allows Code Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54372

Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Insertify insertify allows Code Injection.This issue affects Insertify: from n/a through <= 1.1.4. CVSSv3.1 9.6 (CRITICAL)

CWECWE 352TYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2024-12-16
2024-12-16 15:15Z
CRIT

CVE-2024-54370 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo Gallery

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54370

Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member gallery-for-ultimate-member allows Upload a Web Shell to a Web Server.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through <= 1.1.0. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-12-16
2024-12-16 15:15Z
CRIT

CVE-2024-54369 — Authorization: Missing Authorization vulnerability in ThemeHunk Zita Site Builder ai-site-builder allows Accessing Functionality Not Properly

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54369

Missing Authorization vulnerability in ThemeHunk Zita Site Builder ai-site-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through <= 1.0.2. CVSSv3.1 9.1 (CRITICAL)

CWECWE 862TYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2024-12-16
2024-12-16 15:15Z
CRIT

CVE-2024-54368 — Site: Cross-Site Request Forgery (CSRF) vulnerability in rubengarzajr GitSync git-sync allows Code Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54368

Cross-Site Request Forgery (CSRF) vulnerability in rubengarzajr GitSync git-sync allows Code Injection.This issue affects GitSync: from n/a through <= 1.1.0. CVSSv3.1 9.6 (CRITICAL)

CWECWE 352TYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2024-12-16
2024-12-16 15:15Z
CRIT

CVE-2024-54367 — Ultimatemember Forumwp: Deserialization of Untrusted Data vulnerability in Ultimate Member ForumWP forumwp allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54367

Deserialization of Untrusted Data vulnerability in Ultimate Member ForumWP forumwp allows Object Injection.This issue affects ForumWP: from n/a through <= 2.1.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDUltimatememberTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-12-16
2024-12-16 15:15Z
HIGH

CVE-2024-54365 — Incorrect: Privilege Assignment vulnerability in Knowhalim KH Easy User Settings kh-easy-user-settings allows Privilege Escalation.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54365

Incorrect Privilege Assignment vulnerability in Knowhalim KH Easy User Settings kh-easy-user-settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through <= 1.0.0. CVSSv3.1 8.8 (HIGH)

CWECWE 266TYPVulnerability
8.8
CVSS v3.1
94
Edit Score