2024-11-16
2024-11-16 22:15Z
CRIT

CVE-2024-52400 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Subhasis Laha Gallerio gallerio allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52400

Unrestricted Upload of File with Dangerous Type vulnerability in Subhasis Laha Gallerio gallerio allows Upload a Web Shell to a Web Server.This issue affects Gallerio: from n/a through <= 1.01. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-11-16
2024-11-16 22:15Z
CRIT

CVE-2024-52399 — Upload: Writer Helper writer-helper allows Upload a Web Shell to a Web Server.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52399

Unrestricted Upload of File with Dangerous Type vulnerability in Clarisse K. Writer Helper writer-helper allows Upload a Web Shell to a Web Server.This issue affects Writer Helper: from n/a through <= 3.1.6. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-11-16
2024-11-16 22:15Z
CRIT

CVE-2024-52398 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI collect-and-deliver-interface-for-woocommerce.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52398

Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI collect-and-deliver-interface-for-woocommerce.This issue affects CDI: from n/a through <= 5.5.3. CVSSv3.1 9.1 (CRITICAL)

CWECWE 434TYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2024-11-16
2024-11-16 04:15Z
HIGH

CVE-2024-9849 — Real3D: The Real3D Flipbook Lite – 3D FlipBook, PDF Viewer, PDF Embedder plugin for WordPress

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-9849

The Real3D Flipbook Lite – 3D FlipBook, PDF Viewer, PDF Embedder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'r3dfb_save_thumbnail_callback' function in all versions up to, and including, 4.8. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. CVSSv3.1 8.8 (HIGH)

CWECWE 434VNDReal3dTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-11-15
2024-11-15 12:00Z
CRIT

BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA

Volexity·volexity.comin the wild0day

Volexity disclosed a zero-day credential disclosure vulnerability in Fortinet FortiClient VPN client (Windows, v7.4.0) that allows extraction of VPN credentials from process memory via hardcoded JSON object offsets. The vulnerability was discovered in July 2024 being actively exploited by BrazenBamboo (Chinese state-affiliated APT) through a dedicated plugin in their DEEPDATA post-exploitation malware framework. Fortinet acknowledged the issue on July 24, 2024, but had not patched it at publication; a public advisory was issued December 18, 2024.

SRFApplicationSRFOsTACTA0006TACTA0009VNDFortinetTYPResearchTYPVulnerabilityTYPThreat Intel
92
Edit Score
2024-11-15
2024-11-15 11:15Z
CRIT

CVE-2024-10534 — Dataprom Personnel_attendance_control_systems_\/_access_control_security_: Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems (PACS) /

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-10534

Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS) allows Traffic Injection. This issue affects Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS): before 2024. CVSSv3.1 9.8 (CRITICAL) · EPSS 44th percentile

CWECWE 346VNDOriginVNDDatapromTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-11-14
2024-11-14 19:15Z
CRIT

CVE-2024-52370 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support hive-support

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52370

Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support hive-support allows Upload a Web Shell to a Web Server.This issue affects Hive Support: from n/a through <= 1.1.1. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
728 × 90 / responsive · programmatic ad slot
2024-11-14
2024-11-14 19:15Z
CRIT

CVE-2024-52369 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Optimal Access KBucket kbucket allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52369

Unrestricted Upload of File with Dangerous Type vulnerability in Optimal Access KBucket kbucket allows Upload a Web Shell to a Web Server.This issue affects KBucket: from n/a through <= 4.2.2. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-11-14
2024-11-14 18:15Z
CRIT

CVE-2024-52393 — Podlove Podlove_podcast_publisher: Deserialization of Untrusted Data vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52393

Deserialization of Untrusted Data vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress.This issue affects Podlove Podcast Publisher: from n/a through <= 4.1.15. CVSSv3.1 9.1 (CRITICAL)

CWECWE 94CWECWE 82VNDPodloveTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2024-11-14
2024-11-14 18:15Z
CRIT

CVE-2024-52384 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in wpmonks Sage AI: Chatbots, OpenAI

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52384

Unrestricted Upload of File with Dangerous Type vulnerability in wpmonks Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation ai-content-generator allows Upload a Web Shell to a Web Server.This issue affects Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation: from n/a through <= 2.4.9. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-11-14
2024-11-14 18:15Z
CRIT

CVE-2024-52382 — Authorization: Missing Authorization vulnerability in medmatech Matix Popup Builder medma-matix allows Privilege Escalation.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52382

Missing Authorization vulnerability in medmatech Matix Popup Builder medma-matix allows Privilege Escalation.This issue affects Matix Popup Builder: from n/a through <= 1.0.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 862TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-11-14
2024-11-14 18:15Z
HIGH

CVE-2024-52381 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52381

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Shoaib Rehmat ZIJ KART zij-kart allows PHP Local File Inclusion.This issue affects ZIJ KART: from n/a through <= 1.1. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2024-11-14
2024-11-14 18:15Z
CRIT

CVE-2024-52380 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in softpulseinfotech Picsmize picsmize allows Upload

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52380

Unrestricted Upload of File with Dangerous Type vulnerability in softpulseinfotech Picsmize picsmize allows Upload a Web Shell to a Web Server.This issue affects Picsmize: from n/a through <= 1.0.0. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-11-14
2024-11-14 18:15Z
CRIT

CVE-2024-52379 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in faizalbahasan kineticPay for WooCommerce kineticpay-for-woocommerce

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52379

Unrestricted Upload of File with Dangerous Type vulnerability in faizalbahasan kineticPay for WooCommerce kineticpay-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects kineticPay for WooCommerce: from n/a through <= 2.0.8. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-11-14
2024-11-14 18:15Z
CRIT

CVE-2024-52377 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in bdthemes Instant Image Generator ai-image

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52377

Unrestricted Upload of File with Dangerous Type vulnerability in bdthemes Instant Image Generator ai-image allows Upload a Web Shell to a Web Server.This issue affects Instant Image Generator: from n/a through <= 1.5.2. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-11-14
2024-11-14 18:15Z
CRIT

CVE-2024-52376 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52376

Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for WordPress boat-rental-system allows Upload a Web Shell to a Web Server.This issue affects Boat Rental Plugin for WordPress: from n/a through <= 1.0.1. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-11-14
2024-11-14 18:15Z
CRIT

CVE-2024-52375 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Arttia Creative Datasets Manager by

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52375

Unrestricted Upload of File with Dangerous Type vulnerability in Arttia Creative Datasets Manager by Arttia Creative datasets-manager-by-arttia-creative.This issue affects Datasets Manager by Arttia Creative: from n/a through <= 1.5. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-11-14
2024-11-14 18:15Z
CRIT

CVE-2024-52374 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in DoThatTask Do That Task do-that-task

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52374

Unrestricted Upload of File with Dangerous Type vulnerability in DoThatTask Do That Task do-that-task allows Upload a Web Shell to a Web Server.This issue affects Do That Task: from n/a through <= 1.5.5. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-11-14
2024-11-14 18:15Z
CRIT

CVE-2024-52373 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Team Devexhub Devexhub Gallery devexhub-gallery

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52373

Unrestricted Upload of File with Dangerous Type vulnerability in Team Devexhub Devexhub Gallery devexhub-gallery allows Upload a Web Shell to a Web Server.This issue affects Devexhub Gallery: from n/a through <= 2.0.1. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-11-14
2024-11-14 18:15Z
CRIT

CVE-2024-52372 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in WebTechGlobal Easy CSV Importer BETA

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52372

Unrestricted Upload of File with Dangerous Type vulnerability in WebTechGlobal Easy CSV Importer BETA easy-csv-importer allows Upload a Web Shell to a Web Server.This issue affects Easy CSV Importer BETA: from n/a through <= 7.0.0. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-11-14
2024-11-14 18:15Z
HIGH

CVE-2024-52371 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DonnellC

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-52371

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DonnellC Global Gateway e4 | Payeezy Gateway | globe-gateway-e4.This issue affects Global Gateway e4 | Payeezy Gateway |: from n/a through <= 2.0. CVSSv3.1 8.6 (HIGH)

CWECWE 22TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2024-11-14
2024-11-14 11:15Z
CRIT

CVE-2024-10571 — Ays-pro Chartify: The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-10571

The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be CVSSv3.1 9.8 (CRITICAL)

CWECWE 98VNDAys ProVNDChartifyTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-11-13
2024-11-13 02:15Z
HIGH

CVE-2024-10629 — GPX: The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-10629

The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files on the affected site's server which may make remote code execution possible. CVSSv3.1 8.8 (HIGH)

CWECWE 862VNDGpxTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-11-11
2024-11-11 06:15Z
HIGH

CVE-2024-51882 — Ehues Gboy_custom_google_map: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-51882

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopalkumar315 Gboy Custom Google Map gboy-custom-google-map allows Blind SQL Injection.This issue affects Gboy Custom Google Map: from n/a through <= 1.2. CVSSv3.1 8.5 (HIGH)

CWECWE 89VNDEhuesTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-11-11
2024-11-11 06:15Z
HIGH

CVE-2024-51845 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-51845

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in richteam Share Buttons – Social Media rich-web-share-button allows Blind SQL Injection.This issue affects Share Buttons – Social Media: from n/a through <= 1.0.2. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score