2024-08-19
2024-08-19 17:15Z
CRIT

CVE-2024-43240 — Wpindeed Ultimate_membership_pro: Improper Authentication vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro.This issue affects Ultimate Membership Pro

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-43240

Improper Authentication vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro.This issue affects Ultimate Membership Pro: from n/a through <= 12.7. CVSSv3.1 9.4 (CRITICAL)

CWECWE 287VNDWpindeedTYPVulnerability
9.4
CVSS v3.1
97
Edit Score
2024-08-16
2024-08-16 19:15Z
CRIT

CVE-2024-42850 — Silverpeas Silverpeas: An issue in the password change function of Silverpeas v6.4.2 and lower allows for

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-42850

An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements. CVSSv3.1 9.8 (CRITICAL) · EPSS 71th percentile

CWECWE 521VNDSilverpeasTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-08-13
2024-08-13 19:15Z
CRIT

CVE-2024-7593 — Ivanti Virtual_traffic_manager: Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-7593in the wild

Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel. CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile

CWECWE 287CWECWE 303VNDIvantiTYPVulnerabilitySTAitw exploited
9.8
CVSS v3.1
100
Edit Score
2024-08-13
2024-08-13 14:15Z
CRIT

CVE-2024-41623 — D3dsecurity D8801_firmware: An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-41623

An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to execute arbitrary code via a crafted payload CVSSv3.1 9.8 (CRITICAL) · EPSS 47th percentile

CWECWE 94VNDD3dsecurityVNDD3dTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-08-13
2024-08-13 12:15Z
CRIT

CVE-2024-43153 — Xtendify Woffice: Incorrect Privilege Assignment vulnerability in WofficeIO Woffice woffice.This issue affects Woffice: from n/a through

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-43153

Incorrect Privilege Assignment vulnerability in WofficeIO Woffice woffice.This issue affects Woffice: from n/a through <= 5.4.10. CVSSv3.1 9.8 (CRITICAL)

CWECWE 266VNDXtendifyTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-08-13
2024-08-13 03:15Z
CRIT

CVE-2024-7094 — Help: The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-7094

The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function. This is due to a lack of sanitization on user-supplied values, which replace values in the style.php file, along with missing capability checks. This makes it possible for unauthenticated attackers to execute code on the server. This issue was partially pa CVSSv3.1 9.8 (CRITICAL)

CWECWE 94VNDHelpTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-08-12
2024-08-12 15:15Z
CRIT

CVE-2024-6917 — Veribase Order_management: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-6917

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Veribilim Software Veribase Order Management allows OS Command Injection. This issue affects Veribase Order Management: before v4.010.2. CVSSv3.1 9.8 (CRITICAL) · EPSS 82th percentile

CWECWE 78VNDVeribaseTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2024-08-12
2024-08-12 15:15Z
CRIT

CVE-2024-42479 — Ggml Llama.cpp: provides LLM inference in C/C++.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-42479

llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address writing. This vulnerability is fixed in b3561. CVSSv3.1 10.0 (CRITICAL) · EPSS 90th percentile

CWECWE 787CWECWE 123VNDGgmlVNDLlmTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-08-12
2024-08-12 13:38Z
HIGH

CVE-2024-7399 — Samsung Magicinfo_9_server: Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-7399

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority. CVSSv3.1 8.8 (HIGH) · EPSS 99th percentile

CWECWE 434CWECWE 22VNDSamsungTYPVulnerability
8.8
CVSS v3.1
100
Edit Score
2024-08-02
2024-08-02 21:16Z
CRIT

CVE-2024-38887 — Horizoncloud Caterease: 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to expand

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-38887

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to expand control over the operating system from the database due to the execution of commands with unnecessary privileges. CVSSv3.1 9.8 (CRITICAL) · EPSS 74th percentile

CWECWE 78VNDHorizoncloudVNDHorizonTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2024-08-02
2024-08-02 20:17Z
CRIT

CVE-2024-38889 — Horizoncloud Caterease: 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-38889

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform SQL Injection due to improper neutralization of special elements used in an SQL command. CVSSv3.1 9.8 (CRITICAL) · EPSS 55th percentile

CWECWE 89CWECWE 78VNDHorizoncloudVNDHorizonTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-08-02
2024-08-02 18:16Z
CRIT

CVE-2024-38886 — Horizoncloud Caterease: 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-38886

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel. CVSSv3.1 9.8 (CRITICAL) · EPSS 51th percentile

CWECWE 940VNDHorizoncloudVNDHorizonTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-08-02
2024-08-02 18:16Z
CRIT

CVE-2024-38883 — Horizoncloud Caterease: 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-38883

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Drop Encryption Level attack due to the selection of a less-secure algorithm during negotiation. CVSSv3.1 9.1 (CRITICAL) · EPSS 33th percentile

CWECWE 757VNDHorizoncloudVNDHorizonTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2024-08-02
2024-08-02 18:16Z
CRIT

CVE-2024-38882 — Horizoncloud Caterease: 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-38882

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform command line execution through SQL Injection due to improper neutralization of special elements used in an OS command. CVSSv3.1 9.8 (CRITICAL) · EPSS 57th percentile

CWECWE 78VNDHorizoncloudVNDHorizonTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-08-01
2024-08-01 21:15Z
HIGH

CVE-2024-39624 — Cridio Listingpro: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-39624

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through <= 2.9.4. CVSSv3.1 8.5 (HIGH)

CWECWE 22VNDCridioTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2024-08-01
2024-08-01 21:15Z
HIGH

CVE-2024-39621 — Cridio Listingpro: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-39621

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro-plugin allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through <= 2.9.4. CVSSv3.1 8.0 (HIGH)

CWECWE 22VNDCridioTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2024-08-01
2024-08-01 21:15Z
CRIT

CVE-2024-39619 — Cridio Listingpro: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-39619

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro-plugin allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through <= 2.9.4. CVSSv3.1 9.0 (CRITICAL)

CWECWE 22VNDCridioTYPVulnerability
9.0
CVSS v3.1
95
Edit Score
2024-07-30
2024-07-30 20:15Z
CRIT

CVE-2024-39011 — Chargeover Chargeover\/redoc: Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-39011

Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the function mergeObjects. CVSSv3.1 9.8 (CRITICAL) · EPSS 64th percentile

CWECWE 1321VNDPrototypeVNDChargeoverTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-07-30
2024-07-30 14:15Z
CRIT

CVE-2024-38909 — Std42 Elfinder: Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-38909

Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc. CVSSv3.1 9.8 (CRITICAL) · EPSS 38th percentile

CWECWE 284VNDStudioVNDStd42TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-07-30
2024-07-30 13:15Z
CRIT

CVE-2024-6699 — Mikafon Ma7_firmware: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-6699

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mikafon Electronic Inc. Mikafon MA7 allows SQL Injection. This issue affects Mikafon MA7: from v3.0 before v3.1. CVSSv3.1 9.8 (CRITICAL) · EPSS 34th percentile

CWECWE 89VNDMikafonTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-07-29
2024-07-29 19:15Z
CRIT

CVE-2024-37858 — Oretnom23 Lost_and_found_information_system: SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-37858

SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 89CWECWE 269VNDOretnom23TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-07-29
2024-07-29 19:15Z
HIGH

CVE-2024-37857 — Oretnom23 Lost_and_found_information_system: SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-37857

SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via id parameter to php-lfis/admin/categories/view_category.php. CVSSv3.1 8.8 (HIGH) · EPSS 54th percentile

CWECWE 89VNDOretnom23TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-07-25
2024-07-25 21:46Z
CRIT

Softaculous Webuzo Authentication Bypass

Exodus Intel·blog.exodusintel.comCVE-2024-24621

Softaculous Webuzo contains a critical authentication bypass vulnerability in its password reset functionality (CVE-2024-24621, CVSS 10.0) that allows unauthenticated remote attackers to gain root-level server access. The vendor patched the issue within 24 hours of disclosure on July 12, 2024, with public disclosure following on July 25, 2024.

SRFApplicationTACTA0001SRFWebVNDSoftaculousVNDWebuzoTYPVulnerabilityTYPAdvisorySTGInitial Access
78
Edit Score
2024-07-25
2024-07-25 21:46Z
CRIT

Softaculous Webuzo FTP Management Command Injection

Exodus Intel·blog.exodusintel.comCVE-2024-24623

Softaculous Webuzo contains a command injection vulnerability in FTP management functionality (CVE-2024-24623) allowing authenticated remote attackers to execute arbitrary code. The vendor patched the issue within 24 hours of disclosure on July 12, 2024, with public disclosure following on July 25, 2024.

SRFApplicationTACTA0002SRFWebTACTA0003VNDSoftaculousVNDWebuzoTYPVulnerabilityTYPAdvisory
72
Edit Score
2024-07-25
2024-07-25 21:46Z
CRIT

Softaculous Webuzo Password Reset Command Injection

Exodus Intel·blog.exodusintel.comCVE-2024-24622

Softaculous Webuzo contains a command injection vulnerability in its password reset functionality (CVE-2024-24622) that allows authenticated remote attackers to execute arbitrary code with CVSS 9.0. The vendor patched the issue on July 12, 2024, one day after disclosure.

SRFApplicationTACTA0002SRFWebTACTA0003VNDSoftaculousVNDWebuzoTYPVulnerabilityTYPAdvisory
72
Edit Score