2024-11-09
2024-11-09 03:15Z
CRIT

CVE-2024-10284 — Ce21 Ce21_suite: The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-10284

The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21_authentication_phrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. CVSSv3.1 9.8 (CRITICAL)

CWECWE 288CWECWE 306VNDCe21TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-11-08
2024-11-08 21:15Z
HIGH

CVE-2024-50808 — Seacms Seacms: 13.1 is vulnerable to code injection in the notification module of the member

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50808

SeaCms 13.1 is vulnerable to code injection in the notification module of the member message notification module in the backend user module, due to unsafe handling of the "notify" variable in admin_notify.php. CVSSv3.1 8.8 (HIGH) · EPSS 45th percentile

CWECWE 94VNDSeacmsTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-11-06
2024-11-06 07:15Z
CRIT

CVE-2024-9307 — Themelooks Mfolio: The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-9307

The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file or upload arbitrary EXE files on the affected site's server which may make remote code execution possible if the attacker can also gain access to run CVSSv3.1 9.9 (CRITICAL)

CWECWE 434VNDThemelooksVNDLiteTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-11-04
2024-11-04 15:15Z
HIGH

CVE-2024-51626 — Mansurahamed Woocommerce_quote_calculator: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-51626

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in chenyenming Woocommerce Quote Calculator woo-quote-calculator-order allows Blind SQL Injection.This issue affects Woocommerce Quote Calculator: from n/a through <= 1.1. CVSSv3.1 8.5 (HIGH)

CWECWE 89VNDMansurahamedTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-11-04
2024-11-04 14:15Z
CRIT

CVE-2024-50531 — Carrcommunications Rsvpmaker: Unrestricted Upload of File with Dangerous Type vulnerability in davidfcarr RSVPMaker for Toastmasters rsvpmaker-for-toastmasters

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50531

Unrestricted Upload of File with Dangerous Type vulnerability in davidfcarr RSVPMaker for Toastmasters rsvpmaker-for-toastmasters allows Upload a Web Shell to a Web Server.This issue affects RSVPMaker for Toastmasters: from n/a through <= 6.2.4. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434VNDCarrcommunicationsTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-11-04
2024-11-04 14:15Z
CRIT

CVE-2024-50530 — Myriadsolutionz Stars_smtp_mailer: Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Stars SMTP Mailer

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50530

Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Stars SMTP Mailer stars-smtp-mailer allows Upload a Web Shell to a Web Server.This issue affects Stars SMTP Mailer: from n/a through <= 2.2.1. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434VNDMyriadsolutionzTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-11-04
2024-11-04 14:15Z
CRIT

CVE-2024-50529 — Rudrainnovative Training_-_courses: Unrestricted Upload of File with Dangerous Type vulnerability in rudrainn Training – Courses training

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50529

Unrestricted Upload of File with Dangerous Type vulnerability in rudrainn Training – Courses training allows Upload a Web Shell to a Web Server.This issue affects Training – Courses: from n/a through <= 2.0.1. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434VNDRudrainnovativeTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
728 × 90 / responsive · programmatic ad slot
2024-11-04
2024-11-04 14:15Z
CRIT

CVE-2024-50527 — Stacksmarket Stacks_mobile_app_builder: Unrestricted Upload of File with Dangerous Type vulnerability in Stacks Stacks Mobile App Builder

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50527

Unrestricted Upload of File with Dangerous Type vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Upload a Web Shell to a Web Server.This issue affects Stacks Mobile App Builder: from n/a through <= 5.2.3. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434VNDStacksmarketTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-11-04
2024-11-04 14:15Z
CRIT

CVE-2024-50526 — Lindeni Multi_purpose_mail_form: Unrestricted Upload of File with Dangerous Type vulnerability in Lindeni Mahlalela Multi Purpose Mail

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50526

Unrestricted Upload of File with Dangerous Type vulnerability in Lindeni Mahlalela Multi Purpose Mail Form multi-purpose-mail-form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through <= 1.0.2. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434VNDLindeniTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-11-04
2024-11-04 14:15Z
CRIT

CVE-2024-50525 — Helloprint Helloprint: Unrestricted Upload of File with Dangerous Type vulnerability in helloprint Helloprint helloprint allows Upload

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50525

Unrestricted Upload of File with Dangerous Type vulnerability in helloprint Helloprint helloprint allows Upload a Web Shell to a Web Server.This issue affects Helloprint: from n/a through <= 2.0.4. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434VNDHelloprintTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-11-04
2024-11-04 14:15Z
CRIT

CVE-2024-50523 — Rainbow-link All_post_contact_form: All Post Contact Form allpost-contactform allows Upload a Web Shell to a Web Server.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50523

Unrestricted Upload of File with Dangerous Type vulnerability in RainbowLink Inc. All Post Contact Form allpost-contactform allows Upload a Web Shell to a Web Server.This issue affects All Post Contact Form: from n/a through <= 1.8.2. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434VNDRainbow LinkTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-11-04
2024-11-04 12:16Z
CRIT

CVE-2024-10035 — Bg-tek Coslat: Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Special Elements used

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-10035

Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Special Elements used in a Command ('Command Injection'), Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in BG-TEK Informatics Security Technologies CoslatV3 allows Command Injection, Privilege Escalation. This issue affects CoslatV3: through 3.1069. NOTE: The vendor was contacted and it was learned that the product is not suppo CVSSv3.1 9.8 (CRITICAL) · EPSS 78th percentile

CWECWE 94CWECWE 77CWECWE 78VNDBg TekTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-11-04
2024-11-04 11:15Z
CRIT

CVE-2024-51661 — Davidlingren Media_library_assistant: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-51661

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Command Injection.This issue affects Media LIbrary Assistant: from n/a through <= 3.19. CVSSv3.1 9.1 (CRITICAL)

CWECWE 78VNDDavidlingrenTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2024-10-31
2024-10-31 19:15Z
CRIT

CVE-2024-51065 — Phpgurukul Beauty_parlour_management_system: Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in admin/index.php via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-51065

Phpgurukul Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in admin/index.php via the the username parameter. CVSSv3.1 9.8 (CRITICAL) · EPSS 40th percentile

CWECWE 89VNDPhpgurukulTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-31
2024-10-31 19:15Z
CRIT

CVE-2024-51064 — Phpgurukul Teachers_record_management_system: Teachers Record Management System v2.1 is vulnerable to SQL Injection via the tid

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-51064

Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection via the tid parameter to admin/queries.php. CVSSv3.1 9.8 (CRITICAL) · EPSS 43th percentile

CWECWE 89VNDPhpgurukulTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-31
2024-10-31 19:15Z
CRIT

CVE-2024-51063 — Phpgurukul Teachers_record_management_system: Teachers Record Management System v2.1 is vulnerable to SQL Injection in add-teacher.php via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-51063

Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection in add-teacher.php via the mobile number or email parameter. CVSSv3.1 9.1 (CRITICAL) · EPSS 39th percentile

CWECWE 89VNDPhpgurukulTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2024-10-31
2024-10-31 19:15Z
CRIT

CVE-2024-51060 — Projectworlds Online_admission_system: Online Admission System v1 is vulnerable to SQL Injection in index.php via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-51060

Projectworlds Online Admission System v1 is vulnerable to SQL Injection in index.php via the 'a_id' parameter. CVSSv3.1 9.1 (CRITICAL) · EPSS 37th percentile

CWECWE 89VNDProjectworldsTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2024-10-31
2024-10-31 10:15Z
CRIT

CVE-2024-49674 — Site: Cross-Site Request Forgery (CSRF) vulnerability in lukashuser EKC Tournament Manager ekc-tournament-manager allows Upload a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49674

Cross-Site Request Forgery (CSRF) vulnerability in lukashuser EKC Tournament Manager ekc-tournament-manager allows Upload a Web Shell to a Web Server.This issue affects EKC Tournament Manager: from n/a through <= 2.2.1. CVSSv3.1 9.6 (CRITICAL)

CWECWE 352TYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2024-10-30
2024-10-30 21:15Z
HIGH

CVE-2024-48734 — Unrestricted file upload in /SASStudio/SASStudio/sasexec/{sessionID}/{InternalPath} in SAS Studio 9.4 allows remote attacker to upload

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-48734

Unrestricted file upload in /SASStudio/SASStudio/sasexec/{sessionID}/{InternalPath} in SAS Studio 9.4 allows remote attacker to upload malicious files. NOTE: this is disputed by the vendor because file upload is allowed for authorized users. CVSSv3.1 8.8 (HIGH) · EPSS 45th percentile

CWECWE 434TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-10-30
2024-10-30 21:15Z
HIGH

CVE-2024-48733 — SQL: injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows remote attacker to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-48733

SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users. CVSSv3.1 8.8 (HIGH) · EPSS 49th percentile

CWECWE 89TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-10-30
2024-10-30 08:15Z
CRIT

CVE-2024-50511 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in donimedia WP donimedia carousel wp-donimedia-carousel

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50511

Unrestricted Upload of File with Dangerous Type vulnerability in donimedia WP donimedia carousel wp-donimedia-carousel allows Upload a Web Shell to a Web Server.This issue affects WP donimedia carousel: from n/a through <= 1.0.1. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-10-30
2024-10-30 08:15Z
CRIT

CVE-2024-50510 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For Woocommerce ar-for-woocommerce

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50510

Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For Woocommerce ar-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects AR For Woocommerce: from n/a through <= 6.3. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-10-30
2024-10-30 08:15Z
HIGH

CVE-2024-50509 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chetan

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50509

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chetan Khandla Woocommerce Product Design woo-product-design allows Path Traversal.This issue affects Woocommerce Product Design: from n/a through <= 1.0.0. CVSSv3.1 8.6 (HIGH)

CWECWE 22TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2024-10-30
2024-10-30 08:15Z
CRIT

CVE-2024-50507 — Deserialization: of Untrusted Data vulnerability in Daschmi DS.DownloadList dsdownloadlist allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50507

Deserialization of Untrusted Data vulnerability in Daschmi DS.DownloadList dsdownloadlist allows Object Injection.This issue affects DS.DownloadList: from n/a through <= 1.3. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-30
2024-10-30 08:15Z
HIGH

CVE-2024-50506 — Incorrect: Privilege Assignment vulnerability in azexo Marketing Automation by AZEXO marketing-automation-by-azexo allows Privilege Escalation.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-50506

Incorrect Privilege Assignment vulnerability in azexo Marketing Automation by AZEXO marketing-automation-by-azexo allows Privilege Escalation.This issue affects Marketing Automation by AZEXO: from n/a through <= 1.27.80. CVSSv3.1 8.8 (HIGH)

CWECWE 266TYPVulnerability
8.8
CVSS v3.1
94
Edit Score