2024-02-29
2024-02-29 01:43Z
HIGH

CVE-2024-1206 — Bootstrapped Wp_recipe_maker: The WP Recipe Maker plugin for WordPress is vulnerable to SQL Injection via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-1206

The WP Recipe Maker plugin for WordPress is vulnerable to SQL Injection via the 'recipes' parameter in all versions up to, and including, 9.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the CVSSv3.1 8.8 (HIGH) · EPSS 71th percentile

CWECWE 89VNDBootstrappedVNDRecipeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-02-29
2024-02-29 01:43Z
MED

CVE-2024-0590 — Microsoft Clarity: The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-0590

The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the edit_clarity_project_id() function. This makes it possible for unauthenticated attackers to change the project id and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVSSv3.1 6.1 (MEDIUM) · EPSS 96th percentile

CWECWE 352VNDMicrosoftTYPVulnerability
6.1
CVSS v3.1
88
Edit Score
2024-02-28
2024-02-28 22:15Z
HIGH

CVE-2024-22983 — Projectworlds Visitor_management_system: SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-22983

SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint. CVSSv3.1 8.1 (HIGH) · EPSS 55th percentile

CWECWE 89VNDProjectworldsTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2024-02-28
2024-02-28 09:15Z
CRIT

CVE-2024-1514 — Wp-ecommerce Wp_ecommerce: The WP eCommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-1514

The WP eCommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'cart_contents' parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. CVSSv3.1 9.8 (CRITICAL) · EPSS 72th percentile

CWECWE 89VNDWordpressVNDWp EcommerceTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-02-28
2024-02-28 09:15Z
HIGH

CVE-2024-0786 — Tatvic Conversios.io: The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-0786

The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the ee_syncProductCategory function using the parameters conditionData, valueData, productArray, exclude and include in all versions up to, and including, 7.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for au CVSSv3.1 8.8 (HIGH) · EPSS 61th percentile

CWECWE 89VNDTatvicVNDConversiosTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-02-27
2024-02-27 06:15Z
CRIT

CVE-2024-1698 — Wpdeveloper Notificationx: The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-1698

The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can b CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile

CWECWE 89VNDWpdeveloperVNDNotificationxTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2024-02-26
2024-02-26 16:27Z
HIGH

CVE-2024-23605 — Ggml Llama.cpp: A heap-based buffer overflow vulnerability exists in the GGUF library header.n_kv functionality of llama.cpp

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-23605

A heap-based buffer overflow vulnerability exists in the GGUF library header.n_kv functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. CVSSv3.1 8.8 (HIGH) · EPSS 35th percentile

CWECWE 787CWECWE 190VNDGgmlTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
728 × 90 / responsive · programmatic ad slot
2024-02-26
2024-02-26 16:27Z
HIGH

CVE-2024-23496 — Ggml Llama.cpp: A heap-based buffer overflow vulnerability exists in the GGUF library gguf_fread_str functionality of llama.cpp

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-23496

A heap-based buffer overflow vulnerability exists in the GGUF library gguf_fread_str functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. CVSSv3.1 8.8 (HIGH) · EPSS 35th percentile

CWECWE 787CWECWE 190VNDGgmlTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-02-26
2024-02-26 16:27Z
HIGH

CVE-2024-22873 — Tencent Blueking_configuration_management_database: Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-22873

Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery (SSRF) via the event subscription function (/service/subscription.go). This vulnerability allows attackers to access internal requests via a crafted POST request. CVSSv3.1 8.1 (HIGH) · EPSS 47th percentile

CWECWE 918VNDTencentTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2024-02-26
2024-02-26 16:27Z
HIGH

CVE-2024-21836 — Ggml Llama.cpp: A heap-based buffer overflow vulnerability exists in the GGUF library header.n_tensors functionality of llama.cpp

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-21836

A heap-based buffer overflow vulnerability exists in the GGUF library header.n_tensors functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. CVSSv3.1 8.8 (HIGH) · EPSS 35th percentile

CWECWE 787CWECWE 190VNDGgmlTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-02-26
2024-02-26 16:27Z
HIGH

CVE-2024-21825 — Ggml Llama.cpp: A heap-based buffer overflow vulnerability exists in the GGUF library GGUF_TYPE_ARRAY/GGUF_TYPE_STRING parsing functionality of

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-21825

A heap-based buffer overflow vulnerability exists in the GGUF library GGUF_TYPE_ARRAY/GGUF_TYPE_STRING parsing functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. CVSSv3.1 8.8 (HIGH) · EPSS 41th percentile

CWECWE 787CWECWE 190VNDGgmlTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-02-26
2024-02-26 16:27Z
HIGH

CVE-2024-21802 — Ggml Llama.cpp: A heap-based buffer overflow vulnerability exists in the GGUF library info->ne functionality of llama.cpp

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-21802

A heap-based buffer overflow vulnerability exists in the GGUF library info->ne functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. CVSSv3.1 8.8 (HIGH) · EPSS 65th percentile

CWECWE 787CWECWE 122VNDGgmlTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-02-26
2024-02-26 16:27Z
HIGH

CVE-2024-1710 — Unlimited-elements Addon_library: The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-1710

The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions including uploading arbitrary files. CVSSv3.1 8.8 (HIGH) · EPSS 55th percentile

CWECWE 862VNDUnlimited ElementsVNDAddonTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-02-21
2024-02-21 16:15Z
HIGH

CVE-2024-1708 — Connectwise Screenconnect: 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-1708

ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems. CVSSv3.1 8.4 (HIGH) · EPSS 98th percentile

CWECWE 22VNDConnectwiseTYPVulnerability
8.4
CVSS v3.1
100
Edit Score
2024-02-17
2024-02-17 08:15Z
CRIT

CVE-2024-1512 — Stylemixthemes Masterstudy_lms: The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-1512

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing q CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile

CWECWE 89VNDStylemixthemesVNDMasterstudyTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2024-02-17
2024-02-17 08:15Z
CRIT

CVE-2024-0610 — Papaki Piraeus_bank_woocommerce_payment_gateway: The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-0610

The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive infor CVSSv3.1 9.8 (CRITICAL) · EPSS 70th percentile

CWECWE 89VNDPapakiVNDPiraeusTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-02-15
2024-02-15 16:15Z
CRIT

CVE-2023-7081 — Postahsil Online_payment_system: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-7081

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSTAHSİL Online Payment System allows SQL Injection. This issue affects Online Payment System: before 14.02.2024. CVSSv3.1 9.8 (CRITICAL) · EPSS 22th percentile

CWECWE 89VNDPostahsilTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-02-15
2024-02-15 16:15Z
CRIT

CVE-2023-5155 — Utarit Solipay_mobile: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5155

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection. This issue affects SoliPay Mobile App: before 5.0.8. CVSSv3.1 9.8 (CRITICAL) · EPSS 20th percentile

CWECWE 89VNDUtaritTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-02-14
2024-02-14 14:16Z
CRIT

CVE-2023-6441 — Unipa University_information_system: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-6441

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UNI-PA University Marketing & Computer Internet Trade Inc. University Information System allows SQL Injection. This issue affects University Information System: before 12.12.2023. CVSSv3.1 9.8 (CRITICAL) · EPSS 37th percentile

CWECWE 89VNDUnipaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-02-12
2024-02-12 07:15Z
CRIT

CVE-2024-25100 — Wpswings Coupon_referral_program: Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program coupon-referral-program allows Object

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-25100

Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program coupon-referral-program allows Object Injection.This issue affects Coupon Referral Program: from n/a through < 1.8.4. CVSSv3.1 10.0 (CRITICAL)

CWECWE 502VNDWpswingsTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2024-02-10
2024-02-10 07:15Z
HIGH

CVE-2024-0594 — Getawesomesupport Awesome_support: The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-0594

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to union-based SQL Injection via the 'q' parameter of the wpas_get_users action in all versions up to, and including, 6.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already ex CVSSv3.1 8.8 (HIGH) · EPSS 48th percentile

CWECWE 89VNDGetawesomesupportVNDAwesomeTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-02-09
2024-02-09 14:15Z
CRIT

CVE-2023-6677 — Oduyo Online_collection: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-6677

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Financial Technology Online Collection allows SQL Injection. This issue affects Online Collection: before v.1.0.2. CVSSv3.1 9.8 (CRITICAL) · EPSS 20th percentile

CWECWE 89VNDOduyoTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-02-09
2024-02-09 13:15Z
HIGH

CVE-2023-6724 — Simgesel Hearing_tracking_system: Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-6724

Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse. This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release 1.0. CVSSv3.1 8.8 (HIGH) · EPSS 13th percentile

CWECWE 639VNDSimgeselTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2024-02-09
2024-02-09 09:15Z
CRIT

CVE-2024-25675 — Misp-project Misp: An issue was discovered in MISP before 2.4.184.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-25675

An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp. CVSSv3.1 9.8 (CRITICAL) · EPSS 52th percentile

CWECWE 749VNDMispVNDMisp ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2024-02-09
2024-02-09 09:15Z
CRIT

CVE-2024-25674 — Misp-project Misp: An issue was discovered in MISP before 2.4.184.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-25674

An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type. CVSSv3.1 9.8 (CRITICAL) · EPSS 51th percentile

CWECWE 434VNDMispVNDMisp ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score