2024-11-19
2024-11-19 02:16Z
MED

CVE-2024-50302 — Google Android: In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50302in the wild

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report. CVSSv3.1 5.5 (MEDIUM) · EPSS 82th percentile

CWECWE 908VNDGoogleTYPVulnerabilitySTAitw exploited
5.5
CVSS v3.1
78
Edit Score
2024-11-18
2024-11-18 15:15Z
CRIT

CVE-2024-52434 — Supsystic Popup: Deserialization of Untrusted Data vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Command Injection.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52434

Deserialization of Untrusted Data vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Command Injection.This issue affects Popup by Supsystic: from n/a through <= 1.10.29. CVSSv3.1 9.1 (CRITICAL)

CWECWE 94CWECWE 82VNDSupsysticTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2024-11-18
2024-11-18 15:15Z
CRIT

CVE-2024-52433 — Mindstien My_geo_posts_free: Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free my-geo-posts-free allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52433

Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free my-geo-posts-free allows Object Injection.This issue affects My Geo Posts Free: from n/a through <= 1.2. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDMindstienTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-11-18
2024-11-18 15:15Z
CRIT

CVE-2024-52432 — Nixsolutions Nix_anti-spam_light: Deserialization of Untrusted Data vulnerability in NIX Solutions Ltd NIX Anti-Spam Light nix-anti-spam-light allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52432

Deserialization of Untrusted Data vulnerability in NIX Solutions Ltd NIX Anti-Spam Light nix-anti-spam-light allows Object Injection.This issue affects NIX Anti-Spam Light: from n/a through <= 0.0.4. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDNixsolutionsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-11-18
2024-11-18 15:15Z
CRIT

CVE-2024-52431 — Pressaholic Wordpress_video_robot: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52431

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressaholic WordPress Video Robot - The Ultimate Video Importer wp-video-robot allows SQL Injection.This issue affects WordPress Video Robot - The Ultimate Video Importer: from n/a through <= 1.20.0. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89VNDPressaholicTYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2024-11-18
2024-11-18 15:15Z
CRIT

CVE-2024-52430 — Lis Video_gallery: Deserialization of Untrusted Data vulnerability in bublick Lis Video Gallery lis-video-gallery allows Object Injection.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52430

Deserialization of Untrusted Data vulnerability in bublick Lis Video Gallery lis-video-gallery allows Object Injection.This issue affects Lis Video Gallery: from n/a through <= 0.2.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDLisTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-11-18
2024-11-18 15:15Z
CRIT

CVE-2024-52429 — Antonhoelstad Wp_quick_setup: Unrestricted Upload of File with Dangerous Type vulnerability in AntonHoelstad WP Quick Setup wp-quick-setup

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52429

Unrestricted Upload of File with Dangerous Type vulnerability in AntonHoelstad WP Quick Setup wp-quick-setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through <= 2.0. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434VNDAntonhoelstadTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
728 × 90 / responsive · programmatic ad slot
2024-11-18
2024-11-18 15:15Z
HIGH

CVE-2024-52428 — Scripteo Ads_booster_by_ads_pro: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52428

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Peter Ads Booster by Ads Pro free-wp-booster-by-ads-pro allows PHP Local File Inclusion.This issue affects Ads Booster by Ads Pro: from n/a through <= 1.12. CVSSv3.1 8.1 (HIGH)

CWECWE 98VNDScripteoTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2024-11-18
2024-11-18 15:15Z
CRIT

CVE-2024-52427 — Vollstart Event_tickets_with_ticket_scanner: Deserialization of Untrusted Data vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52427

Deserialization of Untrusted Data vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Server Side Include (SSI) Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through <= 2.3.11. CVSSv3.1 9.9 (CRITICAL)

CWECWE 94CWECWE 82VNDVollstartTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-11-18
2024-11-18 13:15Z
HIGH

CVE-2024-3370 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-3370

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egebilgi Software Website Template allows SQL Injection. This issue affects Website Template: before 29.04.2024. CVSSv3.1 8.6 (HIGH) · EPSS 26th percentile

CWECWE 89TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2024-11-16
2024-11-16 23:15Z
CRIT

CVE-2024-52397 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Davor Zeljkovic Convert Docx2post convert-docx2post

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52397

Unrestricted Upload of File with Dangerous Type vulnerability in Davor Zeljkovic Convert Docx2post convert-docx2post allows Upload a Web Shell to a Web Server.This issue affects Convert Docx2post: from n/a through <= 1.4. CVSSv3.1 9.1 (CRITICAL)

CWECWE 434TYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2024-11-16
2024-11-16 22:15Z
CRIT

CVE-2024-52416 — Authorization: Missing Authorization vulnerability in Eugen Bobrowski Debug Tool debug-tool allows Upload a Web Shell

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52416

Missing Authorization vulnerability in Eugen Bobrowski Debug Tool debug-tool allows Upload a Web Shell to a Web Server.This issue affects Debug Tool: from n/a through <= 2.2. CVSSv3.1 10.0 (CRITICAL)

CWECWE 862TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-11-16
2024-11-16 22:15Z
HIGH

CVE-2024-52415 — Site: Cross-Site Request Forgery (CSRF) vulnerability in skipstorm SK WP Settings Backup sk-wp-settings-backup allows Object

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52415

Cross-Site Request Forgery (CSRF) vulnerability in skipstorm SK WP Settings Backup sk-wp-settings-backup allows Object Injection.This issue affects SK WP Settings Backup: from n/a through <= 1.0. CVSSv3.1 8.8 (HIGH)

CWECWE 352TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-11-16
2024-11-16 22:15Z
CRIT

CVE-2024-52414 — Deserialization: of Untrusted Data vulnerability in Anthony Carbon WDES Responsive Mobile Menu wdes-responsive-mobile-menu allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52414

Deserialization of Untrusted Data vulnerability in Anthony Carbon WDES Responsive Mobile Menu wdes-responsive-mobile-menu allows Object Injection.This issue affects WDES Responsive Mobile Menu: from n/a through <= 5.3.18. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-11-16
2024-11-16 22:15Z
CRIT

CVE-2024-52413 — Deserialization: of Untrusted Data vulnerability in dmcwebzone Airin Blog airin-blog allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52413

Deserialization of Untrusted Data vulnerability in dmcwebzone Airin Blog airin-blog allows Object Injection.This issue affects Airin Blog: from n/a through <= 1.6.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-11-16
2024-11-16 22:15Z
CRIT

CVE-2024-52412 — Deserialization: of Untrusted Data vulnerability in Stephen Cui Xin xin allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52412

Deserialization of Untrusted Data vulnerability in Stephen Cui Xin xin allows Object Injection.This issue affects Xin: from n/a through <= 1.0.8.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-11-16
2024-11-16 22:15Z
CRIT

CVE-2024-52411 — Deserialization: of Untrusted Data vulnerability in flowcraft Advanced Personalization personalization-by-flowcraft allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52411

Deserialization of Untrusted Data vulnerability in flowcraft Advanced Personalization personalization-by-flowcraft allows Object Injection.This issue affects Advanced Personalization: from n/a through <= 1.1.2. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-11-16
2024-11-16 22:15Z
CRIT

CVE-2024-52410 — Deserialization: of Untrusted Data vulnerability in Phoenixheart Referrer Detector referrer-detector allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52410

Deserialization of Untrusted Data vulnerability in Phoenixheart Referrer Detector referrer-detector allows Object Injection.This issue affects Referrer Detector: from n/a through <= 4.2.1.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-11-16
2024-11-16 22:15Z
CRIT

CVE-2024-52409 — Deserialization: of Untrusted Data vulnerability in Phoenixheart AJAX Random Posts ajax-random-posts allows Object Injection.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52409

Deserialization of Untrusted Data vulnerability in Phoenixheart AJAX Random Posts ajax-random-posts allows Object Injection.This issue affects AJAX Random Posts: from n/a through <= 0.3.3. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-11-16
2024-11-16 22:15Z
CRIT

CVE-2024-52408 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in pushassist Push Notifications for WordPress

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52408

Unrestricted Upload of File with Dangerous Type vulnerability in pushassist Push Notifications for WordPress by PushAssist push-notification-for-wp-by-pushassist allows Upload a Web Shell to a Web Server.This issue affects Push Notifications for WordPress by PushAssist: from n/a through <= 3.0.8. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-11-16
2024-11-16 22:15Z
CRIT

CVE-2024-52407 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in BasePress BasePress Migration Tools basepress-migration-tools

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52407

Unrestricted Upload of File with Dangerous Type vulnerability in BasePress BasePress Migration Tools basepress-migration-tools allows Upload a Web Shell to a Web Server.This issue affects BasePress Migration Tools: from n/a through <= 1.0.0. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-11-16
2024-11-16 22:15Z
CRIT

CVE-2024-52406 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in wibergsweb CSV to html csv-to-html

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52406

Unrestricted Upload of File with Dangerous Type vulnerability in wibergsweb CSV to html csv-to-html allows Upload a Web Shell to a Web Server.This issue affects CSV to html: from n/a through <= 3.26. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-11-16
2024-11-16 22:15Z
CRIT

CVE-2024-52405 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in bikramjoshii B-Banner Slider b-banner-slider allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52405

Unrestricted Upload of File with Dangerous Type vulnerability in bikramjoshii B-Banner Slider b-banner-slider allows Upload a Web Shell to a Web Server.This issue affects B-Banner Slider: from n/a through <= 1.1. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-11-16
2024-11-16 22:15Z
CRIT

CVE-2024-52404 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in bigfiveagency CF7 Reply Manager cf7-reply-manager.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52404

Unrestricted Upload of File with Dangerous Type vulnerability in bigfiveagency CF7 Reply Manager cf7-reply-manager.This issue affects CF7 Reply Manager: from n/a through <= 1.2.3. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-11-16
2024-11-16 22:15Z
CRIT

CVE-2024-52403 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Saad Iqbal User Management user-management

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52403

Unrestricted Upload of File with Dangerous Type vulnerability in Saad Iqbal User Management user-management allows Upload a Web Shell to a Web Server.This issue affects User Management: from n/a through <= 1.1. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score