Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2024-48538 — Incorrect: access control in the firmware update and download processes of Neye3C v4.5.2.0 allows
Incorrect access control in the firmware update and download processes of Neye3C v4.5.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file. CVSSv3.1 9.8 (CRITICAL) · EPSS 42th percentile
CVE-2024-49681 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows SQL Injection.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through <= 1.0.9. CVSSv3.1 9.3 (CRITICAL)
CVE-2024-49671 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Dogu Pekgoz AI Image Generator
Unrestricted Upload of File with Dangerous Type vulnerability in Dogu Pekgoz AI Image Generator for Your Content & Featured Images – AI Postpix ai-postpix allows Upload a Web Shell to a Web Server.This issue affects AI Image Generator for Your Content & Featured Images – AI Postpix: from n/a through <= 1.1.8. CVSSv3.1 9.9 (CRITICAL) · EPSS 33th percentile
CVE-2024-49669 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Alexander De Ridder INK Official
Unrestricted Upload of File with Dangerous Type vulnerability in Alexander De Ridder INK Official ink-official allows Upload a Web Shell to a Web Server.This issue affects INK Official: from n/a through <= 4.1.2. CVSSv3.1 9.9 (CRITICAL)
CVE-2024-49668 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in christopherdewese1099 Verbalize WP verbalize-wp allows
Unrestricted Upload of File with Dangerous Type vulnerability in christopherdewese1099 Verbalize WP verbalize-wp allows Upload a Web Shell to a Web Server.This issue affects Verbalize WP: from n/a through <= 1.0. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-49658 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in ecomerciar Woocommerce Custom Profile Picture
Unrestricted Upload of File with Dangerous Type vulnerability in ecomerciar Woocommerce Custom Profile Picture woo-custom-profile-picture allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Custom Profile Picture: from n/a through <= 1.0. CVSSv3.1 9.9 (CRITICAL)
CVE-2024-49653 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in james-eggers Portfolleo portfolleo allows Upload
Unrestricted Upload of File with Dangerous Type vulnerability in james-eggers Portfolleo portfolleo allows Upload a Web Shell to a Web Server.This issue affects Portfolleo: from n/a through <= 1.2. CVSSv3.1 9.9 (CRITICAL)
CVE-2024-49652 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Renata Bracichowicz 3D Work In
Unrestricted Upload of File with Dangerous Type vulnerability in Renata Bracichowicz 3D Work In Progress renee-work-in-progress allows Upload a Web Shell to a Web Server.This issue affects 3D Work In Progress: from n/a through <= 1.0.3. CVSSv3.1 9.9 (CRITICAL)
CVE-2024-49675 — Vitaliibryl Switch_user: Authentication Bypass Using an Alternate Path or Channel vulnerability in Vitalii iBryl Switch User
Authentication Bypass Using an Alternate Path or Channel vulnerability in Vitalii iBryl Switch User ibryl-switch-user allows Authentication Bypass.This issue affects iBryl Switch User: from n/a through <= 1.0.1. CVSSv3.1 8.8 (HIGH)
CVE-2024-40089 — Viloliving Vilo_5_firmware: A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote
A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device. CVSSv3.1 9.1 (CRITICAL) · EPSS 68th percentile
CVE-2024-40087 — Viloliving Vilo_5_firmware: Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions.
Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, unauthenticated attackers to gain administrative access over the router. CVSSv3.1 9.6 (CRITICAL) · EPSS 32th percentile
CVE-2024-40086 — Buffer: A Buffer Overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh WiFi System
A Buffer Overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via a password field larger than 64 bytes in length. CVSSv3.1 9.6 (CRITICAL) · EPSS 50th percentile
CVE-2024-40085 — Buffer: A Buffer Overflow vulnerability in the local_app_set_router_wan function of Vilo 5 Mesh WiFi System
A Buffer Overflow vulnerability in the local_app_set_router_wan function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via pppoe_username and pppoe_password fields being larger than 128 bytes in length. CVSSv3.1 9.6 (CRITICAL) · EPSS 50th percentile
CVE-2024-40084 — Viloliving Vilo_5_firmware: A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <=
A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths. CVSSv3.1 9.6 (CRITICAL) · EPSS 50th percentile
CVE-2024-40083 — Buffer: A Buffer Overflow vulnerabilty in the local_app_set_router_token function of Vilo 5 Mesh WiFi System
A Buffer Overflow vulnerabilty in the local_app_set_router_token function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via sscanf reading the token and timezone JSON fields into a fixed-length buffer. CVSSv3.1 9.6 (CRITICAL) · EPSS 38th percentile
CVE-2024-47685 — Debian Debian_linux: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four reserved tcp bits (th->res1) Use skb_put_zero() to clear the whole TCP header, as done in nf_reject_ip_tcphdr_put() BUG: KMSAN: uninit-value in nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255 nf_reject_ip6_tcphdr_put+0x688/0x6c0 n CVSSv3.1 9.1 (CRITICAL) · EPSS 23th percentile
CVE-2024-44000 — Litespeedtech Litespeed_cache: Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through < 6.5.0.1. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-49620 — Naudinvladimir Ferma.ru.net: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mrcheck116 FERMA.ru.net ferma-ru-net-checkout allows Blind SQL Injection.This issue affects FERMA.ru.net: from n/a through <= 1.3.3. CVSSv3.1 8.5 (HIGH)
CVE-2024-49619 — Acespritech Social_link_groups: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in acespritech Social Link Groups social-link-groups allows Blind SQL Injection.This issue affects Social Link Groups: from n/a through <= 1.1.0. CVSSv3.1 8.5 (HIGH)
CVE-2024-49618 — Jordanlyall Mytweetlinks: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordan Lyall MyTweetLinks mytweetlinks allows Blind SQL Injection.This issue affects MyTweetLinks: from n/a through <= 1.1.1. CVSSv3.1 8.5 (HIGH)
CVE-2024-49617 — Bhaskardhote Back_link_tracker: Cross-Site Request Forgery (CSRF) vulnerability in anciwasim Back Link Tracker back-link-tracker allows Blind SQL
Cross-Site Request Forgery (CSRF) vulnerability in anciwasim Back Link Tracker back-link-tracker allows Blind SQL Injection.This issue affects Back Link Tracker: from n/a through <= 1.0.0. CVSSv3.1 8.2 (HIGH)
CVE-2024-49616 — Nyasro Rate_own_post: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in nyasro Rate Own Post rate-own-post allows Blind SQL Injection.This issue affects Rate Own Post: from n/a through <= 1.0. CVSSv3.1 8.5 (HIGH)
CVE-2024-49615 — Henriquerodrigues Safetyforms: Cross-Site Request Forgery (CSRF) vulnerability in Henrique Rodrigues SafetyForms safetymails-forms allows Blind SQL Injection.This
Cross-Site Request Forgery (CSRF) vulnerability in Henrique Rodrigues SafetyForms safetymails-forms allows Blind SQL Injection.This issue affects SafetyForms: from n/a through <= 1.0.0. CVSSv3.1 8.2 (HIGH)
CVE-2024-49614 — Sermonaudio Sermonaudio_widgets: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SermonAudio SermonAudio Widgets sermonaudio-widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through <= 1.9.3. CVSSv3.1 8.5 (HIGH)
CVE-2024-49613 — Lodelgeraldo Simple_code_insert_shortcode: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in developersnote Simple Code Insert Shortcode simple-code-insert-shortcode allows SQL Injection.This issue affects Simple Code Insert Shortcode: from n/a through <= 1.0. CVSSv3.1 8.5 (HIGH)