2024-10-16
2024-10-16 14:15Z
CRIT

CVE-2024-48028 — Deserialization: of Untrusted Data vulnerability in Boyan Raichev IP Loc8 ip-loc8 allows Object Injection.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-48028

Deserialization of Untrusted Data vulnerability in Boyan Raichev IP Loc8 ip-loc8 allows Object Injection.This issue affects IP Loc8: from n/a through <= 1.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-16
2024-10-16 14:15Z
CRIT

CVE-2024-48027 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in xaraartech External featured image from

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-48027

Unrestricted Upload of File with Dangerous Type vulnerability in xaraartech External featured image from bing external-featured-image-from-bing allows Upload a Web Shell to a Web Server.This issue affects External featured image from bing: from n/a through <= 1.0.2. CVSSv3.1 9.9 (CRITICAL)

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2024-10-16
2024-10-16 14:15Z
CRIT

CVE-2024-48026 — Deserialization: of Untrusted Data vulnerability in GMRobbins Disc Golf Manager disc-golf-manager allows Object Injection.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-48026

Deserialization of Untrusted Data vulnerability in GMRobbins Disc Golf Manager disc-golf-manager allows Object Injection.This issue affects Disc Golf Manager: from n/a through <= 1.0.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-16
2024-10-16 14:15Z
CRIT

CVE-2024-47649 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in THATplugin Iconize iconize.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-47649

Unrestricted Upload of File with Dangerous Type vulnerability in THATplugin Iconize iconize.This issue affects Iconize: from n/a through <= 1.2.4. CVSSv3.1 9.1 (CRITICAL)

CWECWE 434TYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2024-10-16
2024-10-16 14:15Z
HIGH

CVE-2024-47637 — Litespeedtech Litespeed_cache: Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Path Traversal.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-47637

Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Path Traversal.This issue affects LiteSpeed Cache: from n/a through <= 6.4.1. CVSSv3.1 8.8 (HIGH)

CWECWE 22CWECWE 23VNDLitespeedtechVNDRelativeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-10-16
2024-10-16 13:15Z
CRIT

CVE-2024-49271 — Unlimited-elements Unlimited_elements_for_elementor: Deserialization of Untrusted Data vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49271

Deserialization of Untrusted Data vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) unlimited-elements-for-elementor allows Command Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through <= 1.5.121. CVSSv3.1 9.1 (CRITICAL)

CWECWE 94CWECWE 82VNDUnlimited ElementsTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2024-10-16
2024-10-16 13:15Z
CRIT

CVE-2024-49257 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting azz-anonim-posting

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49257

Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting azz-anonim-posting allows Upload a Web Shell to a Web Server.This issue affects Azz Anonim Posting: from n/a through <= 0.9. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
728 × 90 / responsive · programmatic ad slot
2024-10-16
2024-10-16 13:15Z
CRIT

CVE-2024-49247 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in SK BuddyPress Better Registration

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49247

Authentication Bypass Using an Alternate Path or Channel vulnerability in SK BuddyPress Better Registration better-bp-registration allows Authentication Bypass.This issue affects BuddyPress Better Registration: from n/a through <= 1.6. CVSSv3.1 9.8 (CRITICAL) · EPSS 21th percentile

CWECWE 288TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-16
2024-10-16 13:15Z
CRIT

CVE-2024-48042 — Deserialization: of Untrusted Data vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Command

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-48042

Deserialization of Untrusted Data vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through <= 1.7.28. CVSSv3.1 9.1 (CRITICAL)

CWECWE 82TYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2024-10-16
2024-10-16 07:15Z
CRIT

CVE-2021-4449 — Digitalzoomstudio Zoomsounds: The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2021-4449

The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. CVE-2021-4457 is a duplicate of this. CVSSv3.1 9.8 (CRITICAL)

CWECWE 434VNDDigitalzoomstudioVNDZoomsoundsTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-16
2024-10-16 07:15Z
HIGH

CVE-2020-36836 — Wpfastestcache Wp_fastest_cache: The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2020-36836

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server. CVSSv3.1 8.0 (HIGH)

CWECWE 352CWECWE 22VNDWpfastestcacheVNDFastestTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2024-10-15
2024-10-15 20:15Z
CRIT

CVE-2024-49195 — Trustedfirmware Mbed_tls: Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-49195

Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair CVSSv3.1 9.8 (CRITICAL) · EPSS 77th percentile

CWECWE 787VNDMbedVNDTrustedfirmwareTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-15
2024-10-15 19:15Z
HIGH

CVE-2024-35584 — Os4ed Opensis: SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-35584

SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community Edition 9.1 to 8.0, and possibly earlier versions. It is possible for an authenticated user to perform SQL Injection due to the lack to sanitisation. The application takes arbitrary value from "X-Forwarded-For" header and appends it to a SQL INSERT statement directly, leading to SQL Injection. CVSSv3.1 8.8 (HIGH) · EPSS 93th percentile

CWECWE 89VNDOs4edTYPVulnerability
8.8
CVSS v3.1
96
Edit Score
2024-10-14
2024-10-14 16:15Z
HIGH

CVE-2023-50780 — Apache Artemis: ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50780

Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could eventually allow an authenticated attacker to write arbitrary files to the filesystem and indirectly achieve RCE. Users are recommended to upgrade to version 2.29.0 or later, which CVSSv3.1 8.8 (HIGH) · EPSS 84th percentile

CWECWE 285VNDApacheTYPVulnerability
8.8
CVSS v3.1
95
Edit Score
2024-10-13
2024-10-13 20:40Z
INFO

v1.3.0

NetExec releases·github.com

NetExec v1.3.0 release adds significant new capabilities including NFS protocol support, SCCM LDAP reconnaissance modules, Hyper-V enumeration, pre-created computer account detection, and coercion technique consolidation via coerce_plus. The release includes 40+ bug fixes and improvements across SMB, LDAP, Kerberos, and credential handling.

SRFOsTACTA0001SRFNetworkTACTA0006TACTA0007TACTA0043VNDNetexecTYPTool
72
Edit Score
2024-10-12
2024-10-12 03:15Z
HIGH

CVE-2024-9821 — Bot: The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-9821

The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'stm_wpcfto_get_settings' AJAX action in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to view the Telegram Bot Token, a secret token used to control the bot, which can then be used to log in as any existing user on the site, such as an admi CVSSv3.1 8.8 (HIGH)

CWECWE 200VNDBotTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-10-11
2024-10-11 21:15Z
CRIT

CVE-2024-48772 — CHIP: An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive information

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-48772

An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive information via the firmware update process. CVSSv3.1 9.1 (CRITICAL) · EPSS 40th percentile

CWECWE 863VNDChipTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2024-10-11
2024-10-11 20:15Z
CRIT

CVE-2024-48787 — Revic: An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-48787

An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain sensitive information via the firmware update process. CVSSv3.1 9.1 (CRITICAL) · EPSS 38th percentile

CWECWE 863VNDRevicTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2024-10-11
2024-10-11 20:15Z
CRIT

CVE-2024-48786 — SWITCHBOT: An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker to obtain

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-48786

An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker to obtain sensitive information via the firmware update process. CVSSv3.1 9.1 (CRITICAL) · EPSS 38th percentile

CWECWE 863VNDSwitchbotTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2024-10-11
2024-10-11 20:15Z
CRIT

CVE-2024-48784 — Incorrect: An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-48784

An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker to obtain sensitive information via the firmware update process. CVSSv3.1 9.8 (CRITICAL) · EPSS 44th percentile

CWECWE 863TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-11
2024-10-11 20:15Z
CRIT

CVE-2024-48778 — GIANT: An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) 2.0.7 allows a remote attacker

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-48778

An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) 2.0.7 allows a remote attacker to obtain sensitive information via the firmware update process. CVSSv3.1 9.1 (CRITICAL) · EPSS 40th percentile

CWECWE 863VNDGiantTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2024-10-11
2024-10-11 20:15Z
HIGH

CVE-2024-48770 — Plug: An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-48770

An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain sensitive information via the firmware update process. CVSSv3.1 8.2 (HIGH) · EPSS 40th percentile

CWECWE 922VNDPlugTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2024-10-11
2024-10-11 20:15Z
CRIT

CVE-2024-48769 — BURG: An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-48769

An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process. CVSSv3.1 9.1 (CRITICAL) · EPSS 39th percentile

CWECWE 863VNDBurgTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2024-10-11
2024-10-11 19:15Z
HIGH

CVE-2024-48040 — Tainacan Tainacan: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-48040

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tainacan Tainacan tainacan allows SQL Injection.This issue affects Tainacan: from n/a through <= 0.21.8. CVSSv3.1 8.5 (HIGH)

CWECWE 89VNDTainacanTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-10-11
2024-10-11 19:15Z
CRIT

CVE-2024-48033 — Deserialization: of Untrusted Data vulnerability in baptiste.gourdin Talkback talkback-secure-linkback-protocol allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-48033

Deserialization of Untrusted Data vulnerability in baptiste.gourdin Talkback talkback-secure-linkback-protocol allows Object Injection.This issue affects Talkback: from n/a through <= 1.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score