2024-10-24
2024-10-24 16:15Z
CRIT

CVE-2024-48538 — Incorrect: access control in the firmware update and download processes of Neye3C v4.5.2.0 allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-48538

Incorrect access control in the firmware update and download processes of Neye3C v4.5.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file. CVSSv3.1 9.8 (CRITICAL) · EPSS 42th percentile

CWECWE 862TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-24
2024-10-24 12:15Z
CRIT

CVE-2024-49681 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49681

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows SQL Injection.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through <= 1.0.9. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2024-10-23
2024-10-23 16:15Z
CRIT

CVE-2024-49671 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Dogu Pekgoz AI Image Generator

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49671

Unrestricted Upload of File with Dangerous Type vulnerability in Dogu Pekgoz AI Image Generator for Your Content & Featured Images – AI Postpix ai-postpix allows Upload a Web Shell to a Web Server.This issue affects AI Image Generator for Your Content & Featured Images – AI Postpix: from n/a through <= 1.1.8. CVSSv3.1 9.9 (CRITICAL) · EPSS 33th percentile

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-10-23
2024-10-23 16:15Z
CRIT

CVE-2024-49669 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Alexander De Ridder INK Official

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49669

Unrestricted Upload of File with Dangerous Type vulnerability in Alexander De Ridder INK Official ink-official allows Upload a Web Shell to a Web Server.This issue affects INK Official: from n/a through <= 4.1.2. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-10-23
2024-10-23 16:15Z
CRIT

CVE-2024-49668 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in christopherdewese1099 Verbalize WP verbalize-wp allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49668

Unrestricted Upload of File with Dangerous Type vulnerability in christopherdewese1099 Verbalize WP verbalize-wp allows Upload a Web Shell to a Web Server.This issue affects Verbalize WP: from n/a through <= 1.0. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-10-23
2024-10-23 16:15Z
CRIT

CVE-2024-49658 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in ecomerciar Woocommerce Custom Profile Picture

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49658

Unrestricted Upload of File with Dangerous Type vulnerability in ecomerciar Woocommerce Custom Profile Picture woo-custom-profile-picture allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Custom Profile Picture: from n/a through <= 1.0. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-10-23
2024-10-23 16:15Z
CRIT

CVE-2024-49653 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in james-eggers Portfolleo portfolleo allows Upload

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49653

Unrestricted Upload of File with Dangerous Type vulnerability in james-eggers Portfolleo portfolleo allows Upload a Web Shell to a Web Server.This issue affects Portfolleo: from n/a through <= 1.2. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
728 × 90 / responsive · programmatic ad slot
2024-10-23
2024-10-23 16:15Z
CRIT

CVE-2024-49652 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Renata Bracichowicz 3D Work In

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49652

Unrestricted Upload of File with Dangerous Type vulnerability in Renata Bracichowicz 3D Work In Progress renee-work-in-progress allows Upload a Web Shell to a Web Server.This issue affects 3D Work In Progress: from n/a through <= 1.0.3. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-10-23
2024-10-23 15:15Z
HIGH

CVE-2024-49675 — Vitaliibryl Switch_user: Authentication Bypass Using an Alternate Path or Channel vulnerability in Vitalii iBryl Switch User

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49675

Authentication Bypass Using an Alternate Path or Channel vulnerability in Vitalii iBryl Switch User ibryl-switch-user allows Authentication Bypass.This issue affects iBryl Switch User: from n/a through <= 1.0.1. CVSSv3.1 8.8 (HIGH)

CWECWE 288VNDVitaliibrylTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-10-21
2024-10-21 21:15Z
CRIT

CVE-2024-40089 — Viloliving Vilo_5_firmware: A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-40089

A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device. CVSSv3.1 9.1 (CRITICAL) · EPSS 68th percentile

CWECWE 77VNDCommandVNDVilolivingTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2024-10-21
2024-10-21 21:15Z
CRIT

CVE-2024-40087 — Viloliving Vilo_5_firmware: Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-40087

Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, unauthenticated attackers to gain administrative access over the router. CVSSv3.1 9.6 (CRITICAL) · EPSS 32th percentile

CWECWE 306VNDVilolivingVNDViloTYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2024-10-21
2024-10-21 21:15Z
CRIT

CVE-2024-40086 — Buffer: A Buffer Overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh WiFi System

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-40086

A Buffer Overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via a password field larger than 64 bytes in length. CVSSv3.1 9.6 (CRITICAL) · EPSS 50th percentile

CWECWE 120VNDBufferTYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2024-10-21
2024-10-21 21:15Z
CRIT

CVE-2024-40085 — Buffer: A Buffer Overflow vulnerability in the local_app_set_router_wan function of Vilo 5 Mesh WiFi System

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-40085

A Buffer Overflow vulnerability in the local_app_set_router_wan function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via pppoe_username and pppoe_password fields being larger than 128 bytes in length. CVSSv3.1 9.6 (CRITICAL) · EPSS 50th percentile

CWECWE 120VNDBufferTYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2024-10-21
2024-10-21 21:15Z
CRIT

CVE-2024-40084 — Viloliving Vilo_5_firmware: A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <=

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-40084

A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths. CVSSv3.1 9.6 (CRITICAL) · EPSS 50th percentile

CWECWE 120VNDBufferVNDVilolivingTYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2024-10-21
2024-10-21 21:15Z
CRIT

CVE-2024-40083 — Buffer: A Buffer Overflow vulnerabilty in the local_app_set_router_token function of Vilo 5 Mesh WiFi System

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-40083

A Buffer Overflow vulnerabilty in the local_app_set_router_token function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via sscanf reading the token and timezone JSON fields into a fixed-length buffer. CVSSv3.1 9.6 (CRITICAL) · EPSS 38th percentile

CWECWE 120VNDBufferTYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2024-10-21
2024-10-21 12:15Z
CRIT

CVE-2024-47685 — Debian Debian_linux: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-47685

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four reserved tcp bits (th->res1) Use skb_put_zero() to clear the whole TCP header, as done in nf_reject_ip_tcphdr_put() BUG: KMSAN: uninit-value in nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255 nf_reject_ip6_tcphdr_put+0x688/0x6c0 n CVSSv3.1 9.1 (CRITICAL) · EPSS 23th percentile

CWECWE 908TYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2024-10-20
2024-10-20 12:15Z
CRIT

CVE-2024-44000 — Litespeedtech Litespeed_cache: Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-44000

Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through < 6.5.0.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 522VNDInsufficientlyVNDLitespeedtechTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-20
2024-10-20 10:15Z
HIGH

CVE-2024-49620 — Naudinvladimir Ferma.ru.net: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49620

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mrcheck116 FERMA.ru.net ferma-ru-net-checkout allows Blind SQL Injection.This issue affects FERMA.ru.net: from n/a through <= 1.3.3. CVSSv3.1 8.5 (HIGH)

CWECWE 89VNDNaudinvladimirTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-10-20
2024-10-20 10:15Z
HIGH

CVE-2024-49619 — Acespritech Social_link_groups: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49619

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in acespritech Social Link Groups social-link-groups allows Blind SQL Injection.This issue affects Social Link Groups: from n/a through <= 1.1.0. CVSSv3.1 8.5 (HIGH)

CWECWE 89VNDAcespritechTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-10-20
2024-10-20 10:15Z
HIGH

CVE-2024-49618 — Jordanlyall Mytweetlinks: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49618

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordan Lyall MyTweetLinks mytweetlinks allows Blind SQL Injection.This issue affects MyTweetLinks: from n/a through <= 1.1.1. CVSSv3.1 8.5 (HIGH)

CWECWE 89VNDJordanlyallTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-10-20
2024-10-20 10:15Z
HIGH

CVE-2024-49617 — Bhaskardhote Back_link_tracker: Cross-Site Request Forgery (CSRF) vulnerability in anciwasim Back Link Tracker back-link-tracker allows Blind SQL

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49617

Cross-Site Request Forgery (CSRF) vulnerability in anciwasim Back Link Tracker back-link-tracker allows Blind SQL Injection.This issue affects Back Link Tracker: from n/a through <= 1.0.0. CVSSv3.1 8.2 (HIGH)

CWECWE 352VNDBhaskardhoteTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2024-10-20
2024-10-20 10:15Z
HIGH

CVE-2024-49616 — Nyasro Rate_own_post: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49616

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in nyasro Rate Own Post rate-own-post allows Blind SQL Injection.This issue affects Rate Own Post: from n/a through <= 1.0. CVSSv3.1 8.5 (HIGH)

CWECWE 89VNDNyasroTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-10-20
2024-10-20 10:15Z
HIGH

CVE-2024-49615 — Henriquerodrigues Safetyforms: Cross-Site Request Forgery (CSRF) vulnerability in Henrique Rodrigues SafetyForms safetymails-forms allows Blind SQL Injection.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49615

Cross-Site Request Forgery (CSRF) vulnerability in Henrique Rodrigues SafetyForms safetymails-forms allows Blind SQL Injection.This issue affects SafetyForms: from n/a through <= 1.0.0. CVSSv3.1 8.2 (HIGH)

CWECWE 352VNDHenriquerodriguesTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2024-10-20
2024-10-20 10:15Z
HIGH

CVE-2024-49614 — Sermonaudio Sermonaudio_widgets: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49614

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SermonAudio SermonAudio Widgets sermonaudio-widgets allows SQL Injection.This issue affects SermonAudio Widgets: from n/a through <= 1.9.3. CVSSv3.1 8.5 (HIGH)

CWECWE 89VNDSermonaudioTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-10-20
2024-10-20 10:15Z
HIGH

CVE-2024-49613 — Lodelgeraldo Simple_code_insert_shortcode: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49613

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in developersnote Simple Code Insert Shortcode simple-code-insert-shortcode allows SQL Injection.This issue affects Simple Code Insert Shortcode: from n/a through <= 1.0. CVSSv3.1 8.5 (HIGH)

CWECWE 89VNDLodelgeraldoTYPVulnerability
8.5
CVSS v3.1
93
Edit Score