2024-10-11
2024-10-11 19:15Z
HIGH

CVE-2024-48020 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-48020

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows SQL Injection.This issue affects Backup and Staging by WP Time Capsule: from n/a through <= 1.22.21. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-10-11
2024-10-11 19:15Z
CRIT

CVE-2024-47331 — Ninjateam Multi_step_for_contact_form_7: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-47331

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ninja Team Multi Step for Contact Form cf7-multi-step allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through <= 2.7.7. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89VNDNinjateamTYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2024-10-11
2024-10-11 18:15Z
CRIT

CVE-2024-46532 — SQL: Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-46532

SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component. CVSSv3.1 9.8 (CRITICAL) · EPSS 62th percentile

CWECWE 89TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-11
2024-10-11 16:15Z
CRIT

CVE-2024-46088 — An arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang University Entersoft Customer

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-46088

An arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 allows attackers to execute arbitrary code via uploading a crafted file. CVSSv3.1 9.8 (CRITICAL) · EPSS 47th percentile

CWECWE 434TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-10
2024-10-10 18:15Z
CRIT

CVE-2024-47636 — Eyecix Jobsearch_wp_job_board: Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-47636

Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch allows Object Injection.This issue affects JobSearch: from n/a through <= 2.5.9. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDEyecixTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-09
2024-10-09 22:28Z
INFO

Volatility 3 2.8.0

Volatility3 releases·github.com

Volatility 3 2.8.0 released with 13 new plugins for memory forensics including linux.netfilter, windows.hollowprocesses, windows.processghosting, and windows.psxview. Updates include improvements to existing plugins, smear protection on Windows, and minimum Python 3.7.3 requirement.

SRFOsTACTA0007TYPToolSTGDiscovery
45
Edit Score
2024-10-07
2024-10-07 22:15Z
CRIT

CVE-2024-45874 — DLL: A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-45874

A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Vooki.exe. CVSSv3.1 9.8 (CRITICAL) · EPSS 49th percentile

CWECWE 94VNDDllTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2024-10-07
2024-10-07 22:15Z
CRIT

CVE-2024-45873 — DLL: A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-45873

A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe. CVSSv3.1 9.8 (CRITICAL) · EPSS 49th percentile

CWECWE 94VNDDllTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-07
2024-10-07 16:15Z
CRIT

CVE-2024-46446 — Mecha-cms Mecha: CMS 3.0.0 is vulnerable to Directory Traversal.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-46446

Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the Deletion of Arbitrary Files or Website Takeover. CVSSv3.1 9.8 (CRITICAL) · EPSS 69th percentile

CWECWE 22VNDMecha CmsVNDMechaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-10-06
2024-10-06 13:15Z
CRIT

CVE-2024-47350 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-47350

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITHEMES YITH WooCommerce Ajax Search yith-woocommerce-ajax-search.This issue affects YITH WooCommerce Ajax Search: from n/a through <= 2.8.0. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2024-10-06
2024-10-06 13:15Z
HIGH

CVE-2024-47338 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-47338

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal WPExperts Square For GiveWP wpexperts-square-for-give allows SQL Injection.This issue affects WPExperts Square For GiveWP: from n/a through <= 1.3. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-10-05
2024-10-05 13:15Z
HIGH

CVE-2024-47323 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-47323

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin wp-timelines.This issue affects WP Timeline – Vertical and Horizontal timeline plugin: from n/a through <= 3.6.7. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2024-10-05
2024-10-05 13:15Z
HIGH

CVE-2024-47319 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form bit-form.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-47319

Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form bit-form.This issue affects Bit Form: from n/a through <= 2.13.10. CVSSv3.1 8.0 (HIGH)

CWECWE 434TYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2024-10-05
2024-10-05 13:15Z
HIGH

CVE-2024-44023 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-44023

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in abcapp ABCApp Creator abcapp-creator.This issue affects ABCApp Creator: from n/a through <= 1.1.2. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2024-10-05
2024-10-05 11:15Z
CRIT

CVE-2024-44014 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vmax

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-44014

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vmax Studio Vmax Project Manager vmax-project-manager allows PHP Local File Inclusion.This issue affects Vmax Project Manager: from n/a through <= 1.0. CVSSv3.1 9.6 (CRITICAL)

CWECWE 22TYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2024-10-03
2024-10-03 18:15Z
HIGH

CVE-2023-37822 — Eufy Homebase_2_firmware: This vulnerability allows an attacker in proximity to the dedicated wireless network to gain

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-37822

The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user's primary network. The WPA2-PSK generation of this dedicated network is flawed and solely based on the serial number. Due to the flawed generation process, the WPA2-PSK can be brute forced offline within seconds. This vulnerability allows an attacker in proximity to the dedicated wireless network to gain unauthorized access to th CVSSv3.1 8.2 (HIGH) · EPSS 20th percentile

CWECWE 331VNDEufyTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2024-10-01
2024-10-01 21:15Z
HIGH

CVE-2024-46084 — Scriptcase Scriptcase: 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-46084

Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function. CVSSv3.1 8.0 (HIGH) · EPSS 51th percentile

CWECWE 77VNDScriptcaseTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2024-10-01
2024-10-01 08:15Z
HIGH

CVE-2024-8548 — Logon Kb_support: The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-8548

The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the /includes/ajax-functions.php file all versions up to, and including, 1.6.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple administrative actions, such as replying to arbitrary tickets, updating the status of any pos CVSSv3.1 8.1 (HIGH)

CWECWE 862VNDLogonVNDSupportTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2024-10-01
2024-10-01 08:15Z
HIGH

CVE-2024-7434 — Ultrapress Ultrapress: The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-7434

The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, r CVSSv3.1 8.8 (HIGH)

CWECWE 502VNDUltrapressTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-09-28
2024-09-28 02:15Z
CRIT

CVE-2024-8353 — Givewp Givewp: The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-8353

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'give_title' and 'card_address'. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files and achieve remote code execution. This is essentially the same CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDGivewpTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-09-27
2024-09-27 12:15Z
CRIT

CVE-2024-8643 — Oceanicsoft Valeapp: Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-8643

Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking. This issue affects ValeApp: before v2.0.0. CVSSv3.1 9.8 (CRITICAL) · EPSS 48th percentile

CWECWE 384VNDOceanicsoftTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-09-27
2024-09-27 12:15Z
CRIT

CVE-2024-8607 — Oceanicsoft Valeapp: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-8607

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oceanic Software ValeApp allows SQL Injection. This issue affects ValeApp: before v2.0.0. CVSSv3.1 9.8 (CRITICAL) · EPSS 24th percentile

CWECWE 89VNDOceanicsoftTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-09-26
2024-09-26 12:15Z
CRIT

CVE-2024-7108 — Nationalkeep Cybermath: Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows Accessing Functionality Not

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-7108

Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects CyberMath: before CYBM.240816253. CVSSv3.1 9.8 (CRITICAL) · EPSS 27th percentile

CWECWE 863VNDNationalkeepTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-09-25
2024-09-25 03:15Z
CRIT

CVE-2024-8485 — Jianbo Rest_api_to_miniprogram: The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-8485

The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo() due to missing validation on the 'openid' user controlled key that determines what user will be updated. This makes it possible for unauthenticated attackers to update arbitrary user's accounts, including their email to a @weixin.com email, which can the be leveraged to reset the password of the user's CVSSv3.1 9.8 (CRITICAL)

CWECWE 639VNDJianboVNDRestTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-09-25
2024-09-25 01:15Z
CRIT

CVE-2024-9142 — External: Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-9142

External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource vulnerability in Olgu Computer Systems e-Belediye allows Manipulating Web Input to File System Calls. This issue affects e-Belediye: before 2.0.642. CVSSv3.1 9.8 (CRITICAL) · EPSS 25th percentile

CWECWE 73CWECWE 732TYPVulnerability
9.8
CVSS v3.1
99
Edit Score