Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2024-50302 — Google Android: In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the
In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report. CVSSv3.1 5.5 (MEDIUM) · EPSS 82th percentile
CVE-2024-52434 — Supsystic Popup: Deserialization of Untrusted Data vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Command Injection.This
Deserialization of Untrusted Data vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Command Injection.This issue affects Popup by Supsystic: from n/a through <= 1.10.29. CVSSv3.1 9.1 (CRITICAL)
CVE-2024-52433 — Mindstien My_geo_posts_free: Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free my-geo-posts-free allows
Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free my-geo-posts-free allows Object Injection.This issue affects My Geo Posts Free: from n/a through <= 1.2. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-52432 — Nixsolutions Nix_anti-spam_light: Deserialization of Untrusted Data vulnerability in NIX Solutions Ltd NIX Anti-Spam Light nix-anti-spam-light allows
Deserialization of Untrusted Data vulnerability in NIX Solutions Ltd NIX Anti-Spam Light nix-anti-spam-light allows Object Injection.This issue affects NIX Anti-Spam Light: from n/a through <= 0.0.4. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-52431 — Pressaholic Wordpress_video_robot: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressaholic WordPress Video Robot - The Ultimate Video Importer wp-video-robot allows SQL Injection.This issue affects WordPress Video Robot - The Ultimate Video Importer: from n/a through <= 1.20.0. CVSSv3.1 9.3 (CRITICAL)
CVE-2024-52430 — Lis Video_gallery: Deserialization of Untrusted Data vulnerability in bublick Lis Video Gallery lis-video-gallery allows Object Injection.This
Deserialization of Untrusted Data vulnerability in bublick Lis Video Gallery lis-video-gallery allows Object Injection.This issue affects Lis Video Gallery: from n/a through <= 0.2.1. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-52429 — Antonhoelstad Wp_quick_setup: Unrestricted Upload of File with Dangerous Type vulnerability in AntonHoelstad WP Quick Setup wp-quick-setup
Unrestricted Upload of File with Dangerous Type vulnerability in AntonHoelstad WP Quick Setup wp-quick-setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through <= 2.0. CVSSv3.1 9.9 (CRITICAL)
CVE-2024-52428 — Scripteo Ads_booster_by_ads_pro: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Peter Ads Booster by Ads Pro free-wp-booster-by-ads-pro allows PHP Local File Inclusion.This issue affects Ads Booster by Ads Pro: from n/a through <= 1.12. CVSSv3.1 8.1 (HIGH)
CVE-2024-52427 — Vollstart Event_tickets_with_ticket_scanner: Deserialization of Untrusted Data vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows
Deserialization of Untrusted Data vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Server Side Include (SSI) Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through <= 2.3.11. CVSSv3.1 9.9 (CRITICAL)
CVE-2024-3370 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egebilgi Software Website Template allows SQL Injection. This issue affects Website Template: before 29.04.2024. CVSSv3.1 8.6 (HIGH) · EPSS 26th percentile
CVE-2024-52397 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Davor Zeljkovic Convert Docx2post convert-docx2post
Unrestricted Upload of File with Dangerous Type vulnerability in Davor Zeljkovic Convert Docx2post convert-docx2post allows Upload a Web Shell to a Web Server.This issue affects Convert Docx2post: from n/a through <= 1.4. CVSSv3.1 9.1 (CRITICAL)
CVE-2024-52416 — Authorization: Missing Authorization vulnerability in Eugen Bobrowski Debug Tool debug-tool allows Upload a Web Shell
Missing Authorization vulnerability in Eugen Bobrowski Debug Tool debug-tool allows Upload a Web Shell to a Web Server.This issue affects Debug Tool: from n/a through <= 2.2. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-52415 — Site: Cross-Site Request Forgery (CSRF) vulnerability in skipstorm SK WP Settings Backup sk-wp-settings-backup allows Object
Cross-Site Request Forgery (CSRF) vulnerability in skipstorm SK WP Settings Backup sk-wp-settings-backup allows Object Injection.This issue affects SK WP Settings Backup: from n/a through <= 1.0. CVSSv3.1 8.8 (HIGH)
CVE-2024-52414 — Deserialization: of Untrusted Data vulnerability in Anthony Carbon WDES Responsive Mobile Menu wdes-responsive-mobile-menu allows
Deserialization of Untrusted Data vulnerability in Anthony Carbon WDES Responsive Mobile Menu wdes-responsive-mobile-menu allows Object Injection.This issue affects WDES Responsive Mobile Menu: from n/a through <= 5.3.18. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-52413 — Deserialization: of Untrusted Data vulnerability in dmcwebzone Airin Blog airin-blog allows Object Injection.This issue
Deserialization of Untrusted Data vulnerability in dmcwebzone Airin Blog airin-blog allows Object Injection.This issue affects Airin Blog: from n/a through <= 1.6.1. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-52412 — Deserialization: of Untrusted Data vulnerability in Stephen Cui Xin xin allows Object Injection.This issue
Deserialization of Untrusted Data vulnerability in Stephen Cui Xin xin allows Object Injection.This issue affects Xin: from n/a through <= 1.0.8.1. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-52411 — Deserialization: of Untrusted Data vulnerability in flowcraft Advanced Personalization personalization-by-flowcraft allows Object Injection.This issue
Deserialization of Untrusted Data vulnerability in flowcraft Advanced Personalization personalization-by-flowcraft allows Object Injection.This issue affects Advanced Personalization: from n/a through <= 1.1.2. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-52410 — Deserialization: of Untrusted Data vulnerability in Phoenixheart Referrer Detector referrer-detector allows Object Injection.This issue
Deserialization of Untrusted Data vulnerability in Phoenixheart Referrer Detector referrer-detector allows Object Injection.This issue affects Referrer Detector: from n/a through <= 4.2.1.0. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-52409 — Deserialization: of Untrusted Data vulnerability in Phoenixheart AJAX Random Posts ajax-random-posts allows Object Injection.This
Deserialization of Untrusted Data vulnerability in Phoenixheart AJAX Random Posts ajax-random-posts allows Object Injection.This issue affects AJAX Random Posts: from n/a through <= 0.3.3. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-52408 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in pushassist Push Notifications for WordPress
Unrestricted Upload of File with Dangerous Type vulnerability in pushassist Push Notifications for WordPress by PushAssist push-notification-for-wp-by-pushassist allows Upload a Web Shell to a Web Server.This issue affects Push Notifications for WordPress by PushAssist: from n/a through <= 3.0.8. CVSSv3.1 9.9 (CRITICAL)
CVE-2024-52407 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in BasePress BasePress Migration Tools basepress-migration-tools
Unrestricted Upload of File with Dangerous Type vulnerability in BasePress BasePress Migration Tools basepress-migration-tools allows Upload a Web Shell to a Web Server.This issue affects BasePress Migration Tools: from n/a through <= 1.0.0. CVSSv3.1 9.9 (CRITICAL)
CVE-2024-52406 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in wibergsweb CSV to html csv-to-html
Unrestricted Upload of File with Dangerous Type vulnerability in wibergsweb CSV to html csv-to-html allows Upload a Web Shell to a Web Server.This issue affects CSV to html: from n/a through <= 3.26. CVSSv3.1 9.9 (CRITICAL)
CVE-2024-52405 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in bikramjoshii B-Banner Slider b-banner-slider allows
Unrestricted Upload of File with Dangerous Type vulnerability in bikramjoshii B-Banner Slider b-banner-slider allows Upload a Web Shell to a Web Server.This issue affects B-Banner Slider: from n/a through <= 1.1. CVSSv3.1 9.9 (CRITICAL)
CVE-2024-52404 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in bigfiveagency CF7 Reply Manager cf7-reply-manager.This
Unrestricted Upload of File with Dangerous Type vulnerability in bigfiveagency CF7 Reply Manager cf7-reply-manager.This issue affects CF7 Reply Manager: from n/a through <= 1.2.3. CVSSv3.1 9.9 (CRITICAL)
CVE-2024-52403 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Saad Iqbal User Management user-management
Unrestricted Upload of File with Dangerous Type vulnerability in Saad Iqbal User Management user-management allows Upload a Web Shell to a Web Server.This issue affects User Management: from n/a through <= 1.1. CVSSv3.1 9.9 (CRITICAL)