SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 24ISSUE 46
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Apple Fixes Two Exploited Vulnerabilities
Published: 2024-11-19.
Last Updated: 2024-11-19 21:56:52 UTC
by Johannes Ullrich (Version: 1)
Today, Apple released updates patching two vulnerabilities that have already been exploited. Interestingly, according to Apple, the vulnerabilities have only been exploited against Intel-based systems, but they appear to affect ARM (M"x") systems as well.
CVE-2024-44308
A vulnerability in JavaScriptCore. It could be triggered by the user visiting a malicious web page and may lead to arbitrary code execution.
CVE-2024-44309
This vulnerability affects WebKit. A vulnerability in the cookie management system may lead to cross-site scripting. The description is sparse, but it may indicate that an attacker could set a malicious cookie that will inject JavaScript or HTML into a web page.
Patches have been released for Safari and all of Apple's operating systems (including iOS/iPadOS/VisionOS, which is not used on Intel-based systems).
https://isc.sans.edu/diary/Apple+Fixes+Two+Exploited+Vulnerabilities/31452/
Exploit attempts for unpatched Citrix vulnerability
Published: 2024-11-18.
Last Updated: 2024-11-18 05:59:56 UTC
by Johannes Ullrich (Version: 1)
illustration showing citrix logo on top of exploit code.Last week, Watchtowr Labs released details describing a new and so far unpatched vulnerability in Citrix's remote access solution (https://labs.watchtowr.com/visionaries-at-citrix-have-democratised-remote-network-access-citrix-virtual-apps-and-desktops-cve-unknown/). Specifically, the vulnerability affects the "Virtual Apps and Desktops." This solution allows "secure" remote access to desktop applications. It is commonly used for remote work, and I have seen it used in call center setups to isolate individual workstations from the actual desktop. The Watchtowr blog describes it as:
"This is a tech stack that enables end-users (and likely, your friendly neighbourhood ransomware gang) to access their full desktop environment from just about anywhere, whether they’re using a laptop, tablet, or even a phone."
One fundamental problem with this solution is that all desktops run on the same server, and a privilege escalation vulnerability will not just "root" the particular desktop, but the server and all sessions connected to it.
Citrix also includes the ability to record sessions and store these recordings for an administrator to review. Sadly, the review process uses a .Net function subject to deserialization vulnerabilities. Watchtowr published sample exploit code on GitHub. The exploit is triggered without the need to authenticate first.
So here is a sample exploit I have seen today ...
Read the full entry: https://isc.sans.edu/diary/Exploit+attempts+for+unpatched+Citrix+vulnerability/31446/
Internet Storm Center Entries
Detecting the Presence of a Debugger in Linux (2024.11.19)
https://isc.sans.edu/diary/Detecting+the+Presence+of+a+Debugger+in+Linux/31450/
Ancient TP-Link Backdoor Discovered by Attackers (2024.11.17)
https://isc.sans.edu/diary/Ancient+TPLink+Backdoor+Discovered+by+Attackers/31442/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2024-0012 - Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability
Product: Palo Alto Networks PAN-OS
CVSS Score: 9.8
** KEV since 2024-11-18 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0012
ISC Podcast: https://isc.sans.edu/podcastdetail/9226
NVD References: https://security.paloaltonetworks.com/CVE-2024-0012
CVE-2024-9474 - Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability
Product: Palo Alto Networks PAN-OS
CVSS Score: 7.2
** KEV since 2024-11-18 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9474
ISC Podcast: https://isc.sans.edu/podcastdetail/9226
NVD References: https://security.paloaltonetworks.com/CVE-2024-9474
CVE-2024-23113 - Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 are vulnerable to a use of externally-controlled format string, enabling an attacker to execute unauthorized code or commands via specially crafted packets.
Product: Fortinet (multiple products)
CVSS Score: 0
** KEV since 2024-10-09 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23113
ISC Podcast: https://isc.sans.edu/podcastdetail/9222
CVE-2024-47575 - FortiManager versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.12, Fortinet FortiManager Cloud versions 7.4.1 through 7.4.4, 7.2.1 through 7.2.7, and 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 are vulnerable to a missing authentication flaw that allows an attacker to execute arbitrary code or commands via specially crafted requests.
Product: Fortinet FortiManager
CVSS Score: 0
** KEV since 2024-10-23 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47575
ISC Podcast: https://isc.sans.edu/podcastdetail/9222
CVE-2024-49039 - Windows Task Scheduler Elevation of Privilege Vulnerability
Product: Microsoft Windows 10 1507
CVSS Score: 8.8
** KEV since 2024-11-12 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49039
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49039
CVE-2024-43093 - ExternalStorageProvider.java in Android allows for a possible bypass of a file path filter, leading to local privilege escalation without requiring additional execution privileges, due to incorrect unicode normalization.
Product: Google Android
CVSS Score: 7.8
** KEV since 2024-11-07 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43093
NVD References: https://android.googlesource.com/platform/frameworks/base/+/67d6e08322019f7ed8e3f80bd6cd16f8bcb809ed
NVD References: https://source.android.com/security/bulletin/2024-11-01
CVE-2024-43451 - NTLM Hash Disclosure Spoofing Vulnerability
Product: Microsoft Windows 10 1507
CVSS Score: 6.5
** KEV since 2024-11-12 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43451
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451
CVE-2024-1212 - Progress Kemp LoadMaster OS Command Injection Vulnerability
Product: Kemp LoadMaster
CVSS Score: 0
** KEV since 2024-11-18 **
CVE-2024-49574 - Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.
Product: Zohocorp ManageEngine ADAudit Plus
CVSS Score: 8.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49574
ISC Podcast: https://isc.sans.edu/podcastdetail/9224
NVD References: https://www.manageengine.com/products/active-directory-audit/cve-2024-49574.html
CVE-2024-11099 - Code-projects Job Recruitment 1.0 is vulnerable to a critical SQL injection flaw in the /login.php file, allowing for remote attacks using a manipulated email argument.
Product: Anisha Job Recruitment
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11099
NVD References:
- https://github.com/Kenton868/CVE/blob/main/sqlInjection1.md
CVE-2024-11100, CVE-2024-11101, CVE-2024-11257, & CVE-2024-11258 - 1000 Projects Beauty Parlour Management System 1.0 Critical SQL injection vulnerabilities
Product: 1000Projects Beauty Parlour Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11100
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11101
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11257
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11258
NVD References: https://1000projects.org/
NVD References: https://github.com/Hacker0xone/CVE/issues/6
NVD References: https://github.com/Hacker0xone/CVE/issues/7
NVD References: https://github.com/Hacker0xone/CVE/issues/10
NVD References: https://github.com/Hacker0xone/CVE/issues/11
CVE-2024-11256 - 1000 Projects Portfolio Management System MCA 1.0 is vulnerable to remote sql injection via manipulation of the username argument in /login.php.
Product: 1000Projects Portfolio Management System MCA
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11256
NVD References: https://1000projects.org/
NVD References: https://github.com/Hacker0xone/CVE/issues/8
CVE-2024-44102 - PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) and other versions with redundancy configured allow remote attackers to execute arbitrary code with SYSTEM privileges.
Product: Siemens Telecontrol_Server_Basic
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44102
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-454789.html
CVE-2024-46888 - SINEC INS (All versions < V1.0 SP2 Update 3) is vulnerable to file manipulation and arbitrary code execution by authenticated remote attackers due to improper path sanitization in SFTP file transfers.
Product: Siemens Sinec_Ins 1.0
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46888
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-915275.html
CVE-2024-46890 - SINEC INS is vulnerable to a remote code execution attack due to insufficient input validation in its web API endpoints.
Product: Siemens Sinec_Ins 1.0
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46890
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-915275.html
CVE-2024-50557 - RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL-Router, SCALANCE M816-1 ADSL-Router, SCALANCE M826-2 SHDSL-Router, SCALANCE M874-2, SCALANCE M874-3, SCALANCE M876-3, SCALANCE M876-4, SCALANCE MUM853-1, SCALANCE MUM856-1, SCALANCE S615 EEC LAN-Router, SCALANCE S615 LAN-Router are affected by a vulnerability that could allow remote attackers to execute arbitrary code.
Product: Siemens Scalance_S615_Firmware
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50557
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-354112.html
CVE-2024-43415 - Decidim_awesome-module <= v0.11.1 (> 0.9.0) allows authenticated admin users to manipulate sql queries and execute commands, due to improper neutralization of special elements in SQL commands.
Product: decidim_awesome-module
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43415
NVD References:
- https://pentest.ait.ac.at/security-advisory/decidim-awesome-sql-injection-in-adminaccountability
CVE-2024-50330 - Ivanti Endpoint Manager is vulnerable to SQL injection before the 2024 November Security Update, allowing a remote unauthenticated attacker to achieve remote code execution.
Product: Ivanti Endpoint Manager
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50330
NVD References: https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022
CVE-2024-11005, CVE-2024-11006, & CVE-2024-38656 - Ivanti Connect Secure and Ivanti Policy Secure command injection (
Product: Ivanti Connect Secure
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11005
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11006
CVE-2024-52297 - Tolgee 3.81.1 publicly exposed all configuration properties in the PublicConfigurationDTO, but this vulnerability is fixed in v3.81.2.
Product: Tolgee
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52297
NVD References:
- https://github.com/tolgee/tolgee-platform/pull/2689/files
- https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-3wr3-889v-pgcj
CVE-2024-10943 - Rockwell Automation FactoryTalk® Updater – Web Client is vulnerable to an authentication bypass due to shared secrets, allowing a threat actor to impersonate a user by enumerating additional information during authentication.
Product: Rockwell Automation FactoryTalk® Updater – Web ClientCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10943NVD References: - https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD%201710.html- https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1710.htmlCVE-2024-49369 - Icinga's TLS certificate validation flaw in versions 2.4.0 and above allows attackers to impersonate trusted cluster nodes and API users, but has been fixed in versions 2.14.3, 2.13.10, 2.12.11, and 2.11.12.Product: Icinga 2CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49369NVD References: - https://github.com/Icinga/icinga2/security/advisories/GHSA-j7wq-r9mg-9wpv- https://icinga.com/blog/2024/11/12/critical-icinga-2-security-releases-2-14-3CVE-2024-43498 - .NET and Visual Studio Remote Code Execution VulnerabilityProduct: Microsoft .NetCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43498NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43498CVE-2024-43602 - Azure CycleCloud Remote Code Execution VulnerabilityProduct: Microsoft Azure CyclecloudCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43602NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43602CVE-2024-43639 - Windows Kerberos Remote Code Execution VulnerabilityProduct: Microsoft Windows Server 2012CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43639NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43639CVE-2024-8068 & CVE-2024-8069 - Citrix Session Recording vulnerabilities allow privilege escalation to NetworkService Account access (CVE-2024-8068) and Limited remote code execution with privilege of a NetworkService Account access (CVE-2024-8069)Product: Citrix Session RecordingCVSS Score: 8.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8068NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8069ISC Podcast: https://isc.sans.edu/podcastdetail/9224NVD References: https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_USCVE-2023-52268 - FreeScout's End-User Portal module before version 1.0.65 allows attackers to authenticate as any user by sending a session token to the /auth endpoint.Product: FreeScout End-User PortalCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52268NVD References: - https://freescout.net/module/end-user-portal/- https://freescout.net/modules-faq/- https://github.com/squ1dw3rm/CVE-2023-52268CVE-2024-10575 - Schneider-Electric EcoStruxure IT Gateway has a missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices.Product: Schneider-Electric EcoStruxure IT GatewayCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10575NVD References: https://download.schneider-electric.com/doc/SEVD-2024-317-04/SEVD-2024-317-04.pdfCVE-2024-21541 - Dom-iterator is vulnerable to Arbitrary Code Execution by using the Function constructor without thorough input sanitization, leading to risks similar to allowing attacker-controlled input to reach eval.Product: Matthewmueller Dom-IteratorCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21541NVD References: https://security.snyk.io/vuln/SNYK-JS-DOMITERATOR-6157199CVE-2022-45157 - Rancher is storing vSphere CPI and CSI passwords in plaintext, exposing them to potential security risks for users deploying clusters in vSphere environments.Product: Rancher vSphereCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-45157NVD References: - https://bugzilla.suse.com/show_bug.cgi?id=CVE-2022-45157- https://github.com/rancher/rancher/security/advisories/GHSA-xj7w-r753-vj8vCVE-2024-48510 - DotNetZip v.1.16.0 and before is susceptible to a Directory Traversal vulnerability, potentially allowing a remote attacker to execute arbitrary code.Product: Dotnetzip.Semverd_Project Dotnetzip.Semverd CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48510NVD References: - https://gist.github.com/thomas-chauchefoin-bentley-systems/855218959116f870f08857cce2aec731- https://github.com/haf/DotNetZip.Semverd- https://github.com/haf/DotNetZip.Semverd/blob/e487179b33a9a0f2631eed5fb04d2c952ea5377a/src/- https://www.nuget.org/packages/DotNetZip/CVE-2024-52300 - Macro-pdfviewer is susceptible to XSS attacks through the width parameter, allowing a user with page editing capabilities to compromise the XWiki installation.Product: Xwiki PDF Viewer MacroCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52300NVD References: https://github.com/xwikisas/macro-pdfviewer/security/advisories/GHSA-84wx-6vfp-5m6gCVE-2024-52306 - FileManager allows remote code execution through deserialization of untrusted data from the mimes parameter in versions prior to 3.0.9.Product: Backpackforlaravel FilemanagerCVSS Score: 9.8NVD: htt…
CVE-2024-43498 - .NET and Visual Studio Remote Code Execution Vulnerability
Product: Microsoft .Net
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43498
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43498
CVE-2024-43602 - Azure CycleCloud Remote Code Execution Vulnerability
Product: Microsoft Azure Cyclecloud
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43602
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43602
CVE-2024-43639 - Windows Kerberos Remote Code Execution Vulnerability
Product: Microsoft Windows Server 2012
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43639
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43639
CVE-2024-8068 & CVE-2024-8069 - Citrix Session Recording vulnerabilities allow privilege escalation to NetworkService Account access (
Product: Citrix Session Recording
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8068
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8069
ISC Podcast: https://isc.sans.edu/podcastdetail/9224
NVD References: https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US
CVE-2023-52268 - FreeScout's End-User Portal module before version 1.0.65 allows attackers to authenticate as any user by sending a session token to the /auth endpoint.
Product: FreeScout End-User Portal
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-52268
NVD References:
- https://freescout.net/module/end-user-portal/
CVE-2024-10575 - Schneider-Electric EcoStruxure IT Gateway has a missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices.
Product: Schneider-Electric EcoStruxure IT Gateway
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10575
NVD References: https://download.schneider-electric.com/doc/SEVD-2024-317-04/SEVD-2024-317-04.pdf
CVE-2024-21541 - Dom-iterator is vulnerable to Arbitrary Code Execution by using the Function constructor without thorough input sanitization, leading to risks similar to allowing attacker-controlled input to reach eval.
Product: Matthewmueller Dom-Iterator
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21541
NVD References: https://security.snyk.io/vuln/SNYK-JS-DOMITERATOR-6157199
CVE-2022-45157 - Rancher is storing vSphere CPI and CSI passwords in plaintext, exposing them to potential security risks for users deploying clusters in vSphere environments.
Product: Rancher vSphereCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-45157NVD References: - https://bugzilla.suse.com/show_bug.cgi?id=CVE-2022-45157- https://github.com/rancher/rancher/security/advisories/GHSA-xj7w-r753-vj8vCVE-2024-48510 - DotNetZip v.1.16.0 and before is susceptible to a Directory Traversal vulnerability, potentially allowing a remote attacker to execute arbitrary code.Product: Dotnetzip.Semverd_Project Dotnetzip.Semverd CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48510NVD References: - https://gist.github.com/thomas-chauchefoin-bentley-systems/855218959116f870f08857cce2aec731- https://github.com/haf/DotNetZip.Semverd- https://github.com/haf/DotNetZip.Semverd/blob/e487179b33a9a0f2631eed5fb04d2c952ea5377a/src/- https://www.nuget.org/packages/DotNetZip/CVE-2024-52300 - Macro-pdfviewer is susceptible to XSS attacks through the width parameter, allowing a user with page editing capabilities to compromise the XWiki installation.Product: Xwiki PDF Viewer MacroCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52300NVD References: https://github.com/xwikisas/macro-pdfviewer/security/advisories/GHSA-84wx-6vfp-5m6gCVE-2024-52306 - FileManager allows remote code execution through deserialization of untrusted data from the mimes parameter in versions prior to 3.0.9.Product: Backpackforlaravel FilemanagerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52306NVD References: - https://github.com/Laravel-Backpack/FileManager/commit/2830498b85e05fb3c92179053b4d7c4a0fdb880b- https://github.com/Laravel-Backpack/FileManager/security/advisories/GHSA-8237-957h-h2c2CVE-2024-50306 - Apache Traffic Server is vulnerable to privilege retention on startup due to unchecked return values in versions 9.2.0 through 9.2.5 and 10.0.0 through 10.0.1, prompting users to upgrade to versions 9.2.6 or 10.0.2 for a fix.Product: Apache Traffic ServerCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50306NVD References: https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0yCVE-2024-47208 - Apache OFBiz is vulnerable to SSRF and Code Injection attacks before version 18.12.17, prompting users to upgrade to the latest release for a fix.Product: Apache OFBizCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47208NVD References: - https://issues.apache.org/jira/browse/OFBIZ-13158- https://lists.apache.org/thread/022r19skfofhv3lzql33vowlrvqndh11- https://ofbiz.apache.org/download.html- https://ofbiz.apache.org/security.htmlCVE-2024-52316 - Apache Tomcat is vulnerable to an Unchecked Error Condition that may allow users to bypass authentication in certain configurations.Product: Apache TomcatCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52316NVD References: https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928CVE-2024-11209 - Apereo CAS 6.6 has a critical vulnerability in the 2FA component that allows for improper authentication through remote attack initiation, despite vendor notification.Product: Apereo Central Authentication ServiceCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11209NVD References: https://gist.github.com/0xArthurSouza/281e8ea8a797abc8371a8ced31dc5562CVE-2024-37285 - Kibana is vulnerable to a deserialization issue that can allow arbitrary code execution under specific Elasticsearch indices and Kibana privileges.Product: Elastic KibanaCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37285NVD References: https://discuss.elastic.co/t/kibana-8-15-1-security-update-esa-2024-27-esa-2024-28/366119CVE-2024-50823 & CVE-2024-50833 - KASHIPARA E-learning Management System Project 1.0 SQL Injection VulnerabilitiesProduct: Lopalopa E-Learning Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50823NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50833NVD References: https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/SQL%20Injection%20-%20login%20page.pdfNVD References: https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/SQL%20Injection%20-%20admin%20login.pdfCVE-2024-4343 - The `SagemakerLLM` class's `complete()` method within `./private_gpt/components/llm/custom/sagemaker.py` of the imartinez/privategpt application, versions up to and including 0.3.0, is susceptible to a Python command injection vulnerability that can allow an attacker to execute arbitrary commands on the system hosting the application.Product: imartinez privategptCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4343NVD References: - https://github.com/imartinez/privategpt/commit/86368c61760c9cee5d977131d23ad2a3e063cbe9- https://huntr.com/bounties/1d1e8f06-ec45-4b17-ae24-b83a41304c15CVE-2024-9832 - Ventilator allows unlimited failed login attempts, potentially enabling unauthorized access and disruption of device function or information disclosure through a brute-force attack.Product: Medtronic Newport HT70 and HT70 Plus…
CVE-2024-48510 - DotNetZip v.1.16.0 and before is susceptible to a Directory Traversal vulnerability, potentially allowing a remote attacker to execute arbitrary code.
Product: Dotnetzip.Semverd_Project Dotnetzip.Semverd
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48510
NVD References:
- https://gist.github.com/thomas-chauchefoin-bentley-systems/855218959116f870f08857cce2aec731
- https://github.com/haf/DotNetZip.Semverd
- https://github.com/haf/DotNetZip.Semverd/blob/e487179b33a9a0f2631eed5fb04d2c952ea5377a/src/
CVE-2024-52300 - Macro-pdfviewer is susceptible to XSS attacks through the width parameter, allowing a user with page editing capabilities to compromise the XWiki installation.
Product: Xwiki PDF Viewer Macro
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52300
NVD References: https://github.com/xwikisas/macro-pdfviewer/security/advisories/GHSA-84wx-6vfp-5m6g
CVE-2024-52306 - FileManager allows remote code execution through deserialization of untrusted data from the mimes parameter in versions prior to 3.0.9.
Product: Backpackforlaravel Filemanager
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52306
NVD References:
- https://github.com/Laravel-Backpack/FileManager/commit/2830498b85e05fb3c92179053b4d7c4a0fdb880b
- https://github.com/Laravel-Backpack/FileManager/security/advisories/GHSA-8237-957h-h2c2
CVE-2024-50306 - Apache Traffic Server is vulnerable to privilege retention on startup due to unchecked return values in versions 9.2.0 through 9.2.5 and 10.0.0 through 10.0.1, prompting users to upgrade to versions 9.2.6 or 10.0.2 for a fix.
Product: Apache Traffic Server
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50306
NVD References: https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y
CVE-2024-47208 - Apache OFBiz is vulnerable to SSRF and Code Injection attacks before version 18.12.17, prompting users to upgrade to the latest release for a fix.
Product: Apache OFBiz
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47208
NVD References:
- https://issues.apache.org/jira/browse/OFBIZ-13158
- https://lists.apache.org/thread/022r19skfofhv3lzql33vowlrvqndh11
CVE-2024-52316 - Apache Tomcat is vulnerable to an Unchecked Error Condition that may allow users to bypass authentication in certain configurations.
Product: Apache Tomcat
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52316
NVD References: https://lists.apache.org/thread/lopzlqh91jj9n334g02om08sbysdb928
CVE-2024-11209 - Apereo CAS 6.6 has a critical vulnerability in the 2FA component that allows for improper authentication through remote attack initiation, despite vendor notification.
Product: Apereo Central Authentication ServiceCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11209NVD References: https://gist.github.com/0xArthurSouza/281e8ea8a797abc8371a8ced31dc5562CVE-2024-37285 - Kibana is vulnerable to a deserialization issue that can allow arbitrary code execution under specific Elasticsearch indices and Kibana privileges.Product: Elastic KibanaCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37285NVD References: https://discuss.elastic.co/t/kibana-8-15-1-security-update-esa-2024-27-esa-2024-28/366119CVE-2024-50823 & CVE-2024-50833 - KASHIPARA E-learning Management System Project 1.0 SQL Injection VulnerabilitiesProduct: Lopalopa E-Learning Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50823NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50833NVD References: https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/SQL%20Injection%20-%20login%20page.pdfNVD References: https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/SQL%20Injection%20-%20admin%20login.pdfCVE-2024-4343 - The `SagemakerLLM` class's `complete()` method within `./private_gpt/components/llm/custom/sagemaker.py` of the imartinez/privategpt application, versions up to and including 0.3.0, is susceptible to a Python command injection vulnerability that can allow an attacker to execute arbitrary commands on the system hosting the application.Product: imartinez privategptCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4343NVD References: - https://github.com/imartinez/privategpt/commit/86368c61760c9cee5d977131d23ad2a3e063cbe9- https://huntr.com/bounties/1d1e8f06-ec45-4b17-ae24-b83a41304c15CVE-2024-9832 - Ventilator allows unlimited failed login attempts, potentially enabling unauthorized access and disruption of device function or information disclosure through a brute-force attack.Product: Medtronic Newport HT70 and HT70 Plus VentilatorsCVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9832NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01CVE-2024-9834 - Ventilator's serial interface lacks proper data protection, allowing attackers to access and manipulate device settings and leak confidential information.Product: Medtronic VentilatorCVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9834NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01CVE-2024-48966 - The ventilator's software tools lack user authentication, allowing an attacker with access to the Service PC to obtain diagnostic information or manipulate settings without authentication, potentially leading to unauthorized disclosure or unintended impacts on device performance.Product: Medtronic VentilatorCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48966NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01CVE-2024-48967 - The ventilator and Service PC have inadequate audit logging, enabling attackers to modify settings without detection and potentially compromise patient data and device functionality.Product: Philips Respironics Trilogy ventilator CVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48967NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01CVE-2024-48970 - The ventilator has a vulnerability where an attacker could access the internal JTAG interface to disrupt its function and potentially disclose sensitive information.Product: Philips Respironics V60 Ventilator CVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48970NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01CVE-2024-48971 - Ventilator's hard-coded Clinician Password and Serial Number Clinician Password could be exploited by attackers to gain unauthorized access with clinician privileges.Product: Medtronic PB560 VentilatorCVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48971NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01CVE-2024-48973 - The ventilator's debug port is enabled by default, potentially exposing sensitive information and allowing for unauthorized access and manipulation of device settings.Product: Medtronic VentilatorCVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48973NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01CVE-2024-48974 - The ventilator is vulnerable to unauthorized changes and compromised functionality due to a lack of proper file integrity checks when adopting firmware updates.Product: Medtronic Ventilator CVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48974NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01CVE-2024-11120 - GeoVision devices are vulnerable to OS Command Injection, allowing remote attackers to execute arbitrary commands, with confirmed report…
CVE-2024-50823 & CVE-2024-50833 - KASHIPARA E-learning Management System Project 1.0 SQL Injection Vulnerabilities
Product: Lopalopa E-Learning Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50823
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50833
NVD References: https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/SQL%20Injection%20-%20login%20page.pdf
NVD References: https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/SQL%20Injection%20-%20admin%20login.pdf
CVE-2024-4343 - The `SagemakerLLM` class's `complete()` method within `./private_gpt/components/llm/custom/sagemaker.py` of the imartinez/privategpt application, versions up to and including 0.3.0, is susceptible to a Python command injection vulnerability that can allow an attacker to execute arbitrary commands on the system hosting the application.
Product: imartinez privategpt
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4343
NVD References:
- https://github.com/imartinez/privategpt/commit/86368c61760c9cee5d977131d23ad2a3e063cbe9
- https://huntr.com/bounties/1d1e8f06-ec45-4b17-ae24-b83a41304c15
CVE-2024-9832 - Ventilator allows unlimited failed login attempts, potentially enabling unauthorized access and disruption of device function or information disclosure through a brute-force attack.
Product: Medtronic Newport HT70 and HT70 Plus Ventilators
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9832
NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
CVE-2024-9834 - Ventilator's serial interface lacks proper data protection, allowing attackers to access and manipulate device settings and leak confidential information.
Product: Medtronic Ventilator
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9834
NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
CVE-2024-48966 - The ventilator's software tools lack user authentication, allowing an attacker with access to the Service PC to obtain diagnostic information or manipulate settings without authentication, potentially leading to unauthorized disclosure or unintended impacts on device performance.
Product: Medtronic Ventilator
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48966
NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
CVE-2024-48967 - The ventilator and Service PC have inadequate audit logging, enabling attackers to modify settings without detection and potentially compromise patient data and device functionality.
Product: Philips Respironics Trilogy ventilator
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48967
NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
CVE-2024-48970 - The ventilator has a vulnerability where an attacker could access the internal JTAG interface to disrupt its function and potentially disclose sensitive information.
Product: Philips Respironics V60 Ventilator
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48970
NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
CVE-2024-48971 - Ventilator's hard-coded Clinician Password and Serial Number Clinician Password could be exploited by attackers to gain unauthorized access with clinician privileges.
Product: Medtronic PB560 Ventilator
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48971
NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
CVE-2024-48973 - The ventilator's debug port is enabled by default, potentially exposing sensitive information and allowing for unauthorized access and manipulation of device settings.
Product: Medtronic Ventilator
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48973
NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
CVE-2024-48974 - The ventilator is vulnerable to unauthorized changes and compromised functionality due to a lack of proper file integrity checks when adopting firmware updates.
Product: Medtronic Ventilator
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48974
NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
CVE-2024-11120 - GeoVision devices are vulnerable to OS Command Injection, allowing remote attackers to execute arbitrary commands, with confirmed reports of exploitation.
Product: GeoVision EOL GeoVision devices
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11120
NVD References:
CVE-2021-3838 - DomPDF before version 2.0.0 is vulnerable to PHAR deserialization, allowing for remote code execution by passing in the phar:// protocol to unserialize uploaded files.
Product: Dompdf Project
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-3838
NVD References:
- https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a
- https://huntr.com/bounties/0bdddc12-ff67-4815-ab9f-6011a974f48e
CVE-2021-3902 - dompdf/dompdf's SVG parser is vulnerable to XXE, allowing attackers to exploit SSRF and deserialization attacks, affecting all versions before 2.0.0.
Product: Dompdf Project
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-3902
NVD References:
- https://github.com/dompdf/dompdf/commit/f56bc8e40be6c0ae0825e6c7396f4db80620b799
- https://huntr.com/bounties/a6071c07-806f-429a-8656-a4742e4191b1
CVE-2022-1884 - Gogs/gogs versions <=0.12.7 on Windows servers is vulnerable to remote command execution through improper validation of the `tree_path` parameter during file uploads.
Product: Gogs
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-1884
NVD References: https://huntr.com/bounties/9cd4e7b7-0979-4e5e-9a1c-388b58dea76b
CVE-2024-10443 - Synology BeePhotos and Synology Photos are vulnerable to remote code execution due to improper neutralization of special elements, allowing attackers to execute arbitrary code through unspecified vectors.
Product: Synology Photos
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10443
NVD References:
- https://www.synology.com/en-global/security/advisory/Synology_SA_24_18
- https://www.synology.com/en-global/security/advisory/Synology_SA_24_19
CVE-2024-10534 - Dataprom Informatics Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS) are vulnerable to Traffic Injection before 2024.
Product: Dataprom Personnel Attendance Control Systems \\/ Access Control Security Systems
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10534
NVD References: https://www.usom.gov.tr/bildirim/tr-24-1856
CVE-2024-11237 - TP-Link VN020 F3v(T) TT_V6.2.1021 has a critical stack-based buffer overflow vulnerability in its DHCP DISCOVER Packet Parser component, allowing for remote attacks using a manipulated hostname argument.
Product: TP-Link VN020 F3v(T)
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11237
NVD References:
- https://github.com/Zephkek/TP-Thumper
CVE-2023-20154 - Cisco Modeling Labs has a vulnerability in its external authentication mechanism allowing unauthenticated attackers to access the web interface with administrative privileges.
Product: Cisco Modeling Labs
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-20154
NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cml-auth-bypass-4fUCCeG5
CVE-2023-20036 - Cisco IND contains a vulnerability in the web UI that could allow an attacker to execute arbitrary commands with administrative privileges on an affected device.
Product: Cisco IND
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-20036
NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-CAeLFk6V
CVE-2024-45970 & CVE-2024-45971 - MZ Automation LibIEC61850 is vulnerable to multiple buffer overflows in the MMS Client, allowing a malicious server to trigger a stack-based buffer overflow through the MMS FileDirResponse message.
Product: MZ Automation LibIEC61850
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45970
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45971
NVD References:
- https://encs.eu/news/critical-security-vulnerabilities-discovered-in-mz-automations-mms-client/
- https://github.com/mz-automation/libiec61850/commit/ac925fae8e281ac6defcd630e9dd756264e9c5bc
- https://github.com/mz-automation/libiec61850/commit/1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0
CVE-2024-10934 - OpenBSD may experience mbuf double free issues and uninitialized variables in NFS client and server implementation.
Product: OpenBSD
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10934
NVD References:
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/021_nfs.patch.sig
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/008_nfs.patch.sig
CVE-2024-11263 - Vulnerable product enables Global Pointer relative addressing, causing the gp reg to point at 0x800 bytes past start of the .sdata section for linker relaxation.
Product: RISC-V
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11263
NVD References: https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jjf3-7x72-pqm9
CVE-2023-43091 - GNOME Maps is vulnerable to a code injection attack via its service.json configuration file, allowing for the execution of arbitrary code if the configuration file is malicious.
Product: GNOME Maps
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-43091
NVD References:
- https://bugzilla.redhat.com/show_bug.cgi?id=2239091
- https://gitlab.gnome.org/GNOME/gnome-maps/-/commit/d26cd774d524404ef7784e6808f551de83de4bea
CVE-2015-20111 - Bitcoin Core before 0.12 and other products are vulnerable to buffer overflows due to lack of checks for snprintf return values, potentially leading to significant data leaks and remote code execution.
Product: miniupnp Bitcoin Core
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2015-20111
NVD References:
- https://bitcoincore.org/en/2024/07/03/disclose_upnp_rce/
- https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures
- https://github.com/miniupnp/miniupnp/commit/4c90b87ce3d2517097880279e8c3daa7731100e6
CVE-2024-11311 through CVE-2024-11315 - The DVC from TRCore is vulnerable to path traversal and unrestricted file uploads, allowing remote attackers to upload arbitrary files for potential code execution.
Product: TRCore DVC
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11311
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11312
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11313
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11314
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11315
NVD References: https://www.twcert.org.tw/en/cp-139-8247-83457-2.html
NVD References: https://www.twcert.org.tw/tw/cp-132-8246-d462a-1.html
NVD References: https://www.twcert.org.tw/en/cp-139-8249-65252-2.html
NVD References: https://www.twcert.org.tw/en/cp-139-8251-3455e-2.html
NVD References: https://www.twcert.org.tw/tw/cp-132-8250-1837b-1.html
NVD References: https://www.twcert.org.tw/en/cp-139-8253-bc363-2.html
NVD References: https://www.twcert.org.tw/tw/cp-132-8252-91d6a-1.html
NVD References: https://www.twcert.org.tw/en/cp-139-8255-0bb1a-2.html
NVD References: https://www.twcert.org.tw/tw/cp-132-8254-8daa2-1.html
CVE-2024-42383 - Cesanta Mongoose Web Server v7.14 allows attackers to write a NULL byte value beyond the memory space dedicated for the hostname field.
Product: Cesanta Mongoose
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42383
NVD References: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42383
CVE-2024-11319 - django-cms Association django-cms is vulnerable to XSS due to improper neutralization of input during web page generation, impacting versions 3.11.7, 3.11.8, 4.1.2, and 4.1.3.
Product: django CMS Association
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11319
NVD References:
- https://github.com/django-cms/django-cms/commit/241d1cbe47a68f5d271ce4d27ad5e32e2c360ec3
- https://www.django-cms.org/en/blog/2024/11/13/django-cms-security-update/
CVE-2024-47533 - Cobbler has an improper authentication vulnerability in versions 3.0.0 and prior, allowing unauthorized access to the server.
Product: Cobbler
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47533
NVD References:
- https://github.com/cobbler/cobbler/commit/32c5cada013dc8daa7320a8eda9932c2814742b0
- https://github.com/cobbler/cobbler/commit/e19717623c10b29e7466ed4ab23515a94beb2dda
- https://github.com/cobbler/cobbler/security/advisories/GHSA-m26c-fcgh-cp6h
CVE-2024-50919 - Jpress v5.1.1 allows for arbitrary file uploads and non-standard file format execution on Windows platforms.
Product: JPress
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50919
NVD References:
- https://gist.github.com/microvorld/516552dcef65acc2d1ab0fb969cd34a3
- https://github.com/JPressProjects/jpress
- https://github.com/microvorld/CVE-2024/blob/main/jpress.md
CVE-2024-51053 - AVSCMS v8.2.0 is vulnerable to arbitrary file upload, allowing attackers to execute arbitrary code by uploading a crafted file.
Product: AVSCMS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51053
NVD References: https://binqqer.com/posts/CVE-2024-51053/
CVE-2024-51051 - AVSCMS v8.2.0 was discovered to contain weak default credentials for the Administrator account.
Product: No vendor name provided AVSCMS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51051
NVD References:
- https://binqqer.com/posts/CVE-2024-51051/
- https://github.com/avscms/avscms/blob/main/include/config.local.php
CVE-2024-42450 - The Versa Director vulnerability allows unauthenticated attackers to access and administer the database or read local filesystem contents, potentially escalating privileges on the system.
Product: Versa Networks Versa DirectorCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42450NVD References: https://security-portal.versa-networks.com/emailbulletins/6735a300415abb89e9a8a9d3CVE-2024-10820 - The WooCommerce Upload Files plugin for WordPress allows unauthenticated attackers to upload arbitrary files on the affected site's server, leading to potential remote code execution.Product: Vanquish Woocommerce Upload FilesActive Installations: unknownCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10820NVD References: - https://codecanyon.net/item/woocommerce-upload-files/11442983- https://www.wordfence.com/threat-intel/vulnerabilities/id/b9371b37-53c5-4a4f-a500-c6d58d4d3c5a?source=cveCVE-2024-10828 - The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.5.5, allowing unauthenticated attackers to inject a PHP Object and potentially execute remote code.Product: Algolplus Advanced Order Export For WoocommerceActive Installations: 100,000+CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10828NVD References: - https://plugins.trac.wordpress.org/browser/woo-order-export-lite/trunk/classes/PHPExcel/Shared/XMLWriter.php#L83- https://plugins.trac.wordpress.org/browser/woo-order-export-lite/trunk/classes/core/trait-woe-core-extractor.php#L996- https://www.wordfence.com/threat-intel/vulnerabilities/id/a1c6eed6-7b3f-4b37-85f8-6613527daa54?source=cveCVE-2024-11150 - The WordPress User Extra Fields plugin is vulnerable to arbitrary file deletion leading to possible remote code execution.Product: Vanquish User Extra FieldsActive Installations: unknownCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11150NVD References: - https://codecanyon.net/item/user-extra-fields/12949844- https://www.wordfence.com/threat-intel/vulnerabilities/id/ad39d797-9230-41d9-a335-864845b56aa0?source=cveCVE-2024-11028 - The MultiManager WP plugin for WordPress is vulnerable to Authentication Bypass, allowing unauthenticated attackers to impersonate any existing user up to version 1.0.5.Product: Icdsoft Multimanager WPActive Installations: 1,000+CVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11028NVD References: - https://plugins.trac.wordpress.org/changeset/3184657/multimanager-wp- https://plugins.trac.wordpress.org/changeset/3184678/multimanager-wp- https://plugins.trac.wordpress.org/changeset/3184826/multimanager-wp- https://www.wordfence.com/threat-intel/vulnerabilities/id/de8e7adc-3777-4fb1-a708-68da950e3d4f?source=cveCVE-2024-10571 - The Chartify WordPress Chart Plugin is vulnerable to Local File Inclusion up to version 2.9.5, allowing unauthenticated attackers to execute arbitrary files on the server and potentially access sensitive data or gain code execution.Product: Ays-Pro ChartifyActive Installations: 2,000+CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10571NVD References: - https://plugins.trac.wordpress.org/browser/chart-builder/tags/2.9.6/admin/partials/charts/actions/chart-builder-charts-actions-options.php?rev=3184238- https://www.wordfence.com/threat-intel/vulnerabilities/id/d4837258-c749-4194-926c-22b67e20c1fc?source=cveCVE-2024-10924 - The Really Simple Security plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1, allowing unauthenticated attackers to log in as any existing user on the site.Product: Really Simple Plugins Really Simple SecurityActive Installations: 4+ millionCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10924NVD References: - https://plugins.trac.wordpress.org/browser/really-simple-ssl/tags/9.1.1.1/security/wordpress/two-fa/class-rsssl-two-factor-on-board-api.php#L277- https://plugins.trac.wordpress.org/browser/really-simple-ssl/tags/9.1.1.1/security/wordpress/two-fa/class-rsssl-two-factor-on-board-api.php#L278- https://plugins.trac.wordpress.org/browser/really-simple-ssl/tags/9.1.1.1/security/wordpress/two-fa/class-rsssl-two-factor-on-board-api.php#L67- https://plugins.trac.wordpress.org/changeset/3188431/really-simple-ssl- https://www.wordfence.com/blog/2024/11/really-simple-security-vulnerability/- https://www.wordfence.com/threat-intel/vulnerabilities/id/7d5d05ad-1a7a-43d2-bbbf-597e975446be?source=cveCVE-2024-8856 - The Backup and Staging by WP Time Capsule plugin for WordPress allows unauthenticated attackers to upload arbitrary files and potentially execute remote code due to missing file type validation and direct file access prevention.Product: WP Time Capsule Backup and StagingActive Installations: 20,000+CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8856NVD References: - https://plugins.trac.wordpress.org/browser/wp-time-capsule/trunk/wp-tcapsule-bridge/upload/php/UploadHandler.php- https://plugins.trac.wordpress.org/changeset/3188325/- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3153289%40wp-time-capsule&new=3153289%40wp-time-capsul…
CVE-2024-10828 - The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.5.5, allowing unauthenticated attackers to inject a PHP Object and potentially execute remote code.
Product: Algolplus Advanced Order Export For Woocommerce
Active Installations: 100,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10828
NVD References:
CVE-2024-11150 - The WordPress User Extra Fields plugin is vulnerable to arbitrary file deletion leading to possible remote code execution.
Product: Vanquish User Extra Fields
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11150
NVD References:
CVE-2024-11028 - The MultiManager WP plugin for WordPress is vulnerable to Authentication Bypass, allowing unauthenticated attackers to impersonate any existing user up to version 1.0.5.
Product: Icdsoft Multimanager WP
Active Installations: 1,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11028
NVD References:
- https://plugins.trac.wordpress.org/changeset/3184657/multimanager-wp
- https://plugins.trac.wordpress.org/changeset/3184678/multimanager-wp
- https://plugins.trac.wordpress.org/changeset/3184826/multimanager-wp
CVE-2024-10571 - The Chartify WordPress Chart Plugin is vulnerable to Local File Inclusion up to version 2.9.5, allowing unauthenticated attackers to execute arbitrary files on the server and potentially access sensitive data or gain code execution.
Product: Ays-Pro Chartify
Active Installations: 2,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10571
NVD References:
CVE-2024-10924 - The Really Simple Security plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1, allowing unauthenticated attackers to log in as any existing user on the site.
Product: Really Simple Plugins Really Simple Security
Active Installations: 4+ million
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10924
NVD References:
- https://plugins.trac.wordpress.org/changeset/3188431/really-simple-ssl
- https://www.wordfence.com/blog/2024/11/really-simple-security-vulnerability/
CVE-2024-8856 - The Backup and Staging by WP Time Capsule plugin for WordPress allows unauthenticated attackers to upload arbitrary files and potentially execute remote code due to missing file type validation and direct file access prevention.
Product: WP Time Capsule Backup and Staging
Active Installations: 20,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8856
NVD References:
CVE-2024-52372 - WebTechGlobal Easy CSV Importer BETA allows for unrestricted upload of dangerous file types, putting web servers at risk of being compromised by uploading web shells.
Product: WebTechGlobal Easy CSV Importer BETA
Active Installations: unknown
CVSS Score: 10.0
CVE-2024-52373 - Devexhub Gallery allows unrestricted upload of dangerous file types, enabling malicious users to upload a web shell to a web server.
Product: Team Devexhub Gallery
Active Installations: This plugin has been closed as of November 8, 2024 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 10.0
CVE-2024-52374 - Do That Task allows for the unrestricted upload of dangerous file types, posing a risk of uploading a web shell to a web server.
Product: DoThatTask Do That Task
Active Installations: unknown
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52374
NVD References: https://patchstack.com/database/vulnerability/do-that-task/wordpress-do-that-task-plugin-1-5-5-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-52375 - Arttia Creative Datasets Manager by Arttia Creative allows for unrestricted upload of files with dangerous types, making it vulnerable from n/a through 1.5.
Product: Arttia Creative Datasets Manager
Active Installations: unknown
CVSS Score: 10.0
CVE-2024-52376 - Boat Rental Plugin for WordPress allows unrestricted upload of dangerous file types, enabling attackers to upload web shells to a web server.
Product: cmsMinds Boat Rental Plugin
Active Installations: unknown
CVSS Score: 10.0
CVE-2024-52379 - kineticPay for WooCommerce allows for unrestricted upload of dangerous file types, potentially enabling the upload of a web shell to a web server.
Product: Kinetic Innovative Technologies Sdn Bhd kineticPay for WooCommerce
Active Installations: unknown
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52379
CVE-2024-52380 - Picsmize by Softpulse Infotech allows attackers to upload a web shell onto a web server due to a vulnerability in file upload functionality.
Product: Softpulse Infotech Picsmize
******Active Installations: unknown
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52380
NVD References: https://patchstack.com/database/vulnerability/picsmize/wordpress-picsmize-plugin-1-0-0-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-52382 - Matix Popup Builder by Medma Technologies allows Privilege Escalation through Missing Authorization, affecting versions from n/a to 1.0.0.
Product: Medma Technologies Matix Popup Builder
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52382
CVE-2024-52384 - Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation allows unrestricted upload of dangerous file types, enabling attackers to upload a web shell to a web server.
Product: Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation
Active Installations: This plugin has been closed as of November 6, 2024 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52384
CVE-2024-52393 - Podlove Podcast Publisher is vulnerable to improper neutralization of special elements used in a template engine, impacting versions from n/a through 4.1.15.
Product: Podlove Podcast Publisher
Active Installations: 5,000+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52393
CVE-2024-52369 - Optimal Access Inc. KBucket allows attackers to upload a malicious web shell to a web server due to an unrestricted file upload vulnerability.
Product: Optimal Access Inc. KBucket
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52369
NVD References: https://patchstack.com/database/vulnerability/kbucket/wordpress-kbucket-plugin-4-1-6-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-52399 - Clarisse K. Writer Helper allows unrestricted file upload of dangerous types, potentially enabling attackers to upload a web shell onto a web server.
Product: Clarisse Writer Helper
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52399
NVD References: https://patchstack.com/database/vulnerability/writer-helper/wordpress-writer-helper-plugin-3-1-6-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-52400 - Gallerio allows unrestricted upload of dangerous file types, enabling attackers to upload a web shell to a web server, impacting versions from n/a through 1.01.
Product: Subhasis Laha Gallerio
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52400
NVD References: https://patchstack.com/database/vulnerability/gallerio/wordpress-gallerio-plugin-1-01-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-52403 - WPExperts User Management is vulnerable to unrestricted upload of dangerous file types, allowing attackers to upload web shells onto a web server from version n/a through 1.1.
Product: WPExperts User Management
Active Installations: This plugin has been closed as of November 4, 2024 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52403
NVD References: https://patchstack.com/database/vulnerability/user-management/wordpress-user-management-plugin-1-1-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-52404 - Bigfive CF7 Reply Manager allows for the unrestricted upload of files with dangerous types, affecting versions n/a through 1.2.3.
Product: Bigfive CF7 Reply Manager
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52404
CVE-2024-52405 - B-Banner Slider allows unrestricted upload of dangerous file types, enabling attackers to upload a web shell to a web server.
Product: Bikram Joshi B-Banner Slider
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52405
NVD References: https://patchstack.com/database/vulnerability/b-banner-slider/wordpress-b-banner-slider-plugin-1-1-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-52406 - Wibergs Web CSV to html allows unauthorized upload of dangerous files, posing a risk of web shell installation on the server from version n/a through 3.04.
Product: Wibergs Web CSV to html
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52406
NVD References: https://patchstack.com/database/vulnerability/csv-to-html/wordpress-csv-to-html-plugin-3-04-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-52407 - BasePress Migration Tools allows for unrestricted upload of dangerous file types that could potentially lead to a web server being compromised.
Product: codeSavory BasePress Migration Tools
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52407
CVE-2024-52408 - Push Notifications for WordPress by PushAssist allows unauthorized users to upload dangerous files, potentially leading to the execution of malicious code on the web server.
Product: PushAssist Team PushAssist Push Notifications for WordPress
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52408
CVE-2024-52409 - AJAX Random Posts is vulnerable to Deserialization of Untrusted Data, allowing Object Injection through version 0.3.3.
Product: Phan An AJAX Random Posts
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52409
CVE-2024-52410 - Deserialization of Untrusted Data vulnerability in Phoenixheart Referrer Detector allows Object Injection.This issue affects Referrer Detector: from n/a through 4.2.1.0.
Product: Phoenixheart Referrer Detector
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52410
CVE-2024-52411 - Flowcraft UX Design Studio Advanced Personalization is vulnerable to Object Injection through the deserialization of untrusted data, affecting versions from n/a to 1.1.2.
Product: Flowcraft UX Design Studio Advanced Personalization
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52411
CVE-2024-52412 - Deserialization of Untrusted Data vulnerability in Stephen Cui Xin allows Object Injection.This issue affects Xin: from n/a through 1.0.8.1.
Product: Stephen Cui Xin
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52412
NVD References: https://patchstack.com/database/vulnerability/xin/wordpress-xin-theme-1-0-8-1-php-object-injection-vulnerability?_s_id=cve
CVE-2024-52414 - Anthony Carbon WDES Responsive Mobile Menu is vulnerable to deserialization of untrusted data, allowing object injection from n/a through 5.3.18.
Product: Anthony Carbon WDES Responsive Mobile Menu
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52414
CVE-2024-52416 - Eugen Bobrowski Debug Tool allows unauthorized uploading of a web shell to a web server, impacting versions from n/a through 2.2.
Product: Eugen Bobrowski Debug Tool
Active Installations: unknown
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52416
NVD References: https://patchstack.com/database/vulnerability/debug-tool/wordpress-debug-tool-plugin-2-2-remote-code-execution-vulnerability?_s_id=cve
CVE-2024-52397 - Davor Zeljkovic Convert Docx2post allows malicious users to upload a web shell on a web server, putting it at risk of unauthorized access.
Product: Davor Zeljkovic Convert Docx2post
Active Installations: unknown
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52397
CVE-2024-52427 - Saso Nikolov Event Tickets with Ticket Scanner, versions 2.3.11 and earlier, is vulnerable to Server Side Include (SSI) Injection due to improper neutralization of special elements in the template engine, potentially exposing sensitive information.
Product: Saso Nikolov Event Tickets with Ticket Scanner
Active Installations: 1,000+
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52427
CVE-2024-52429 - Anton Hoelstad WP Quick Setup allows unrestricted upload of dangerous file types, potentially enabling attackers to upload web shells to vulnerable web servers.
Product: Anton Hoelstad WP Quick Setup
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52429
CVE-2024-52430 - Lis Video Gallery is vulnerable to Deserialization of Untrusted Data, allowing Object Injection from n/a through 0.2.1.
Product: Lis Video Gallery
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52430
CVE-2024-52431 - Pressaholic WordPress Video Robot - The Ultimate Video Importer is vulnerable to SQL Injection from version n/a through 1.20.0.
Product: Pressaholic WordPress Video Robot
Active Installations: unknown
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52431
NVD References: https://patchstack.com/database/vulnerability/wp-video-robot/wordpress-wp-video-robot-plugin-1-20-0-sql-injection-vulnerability?_s_id=cve
CVE-2024-52434 - Popup by Supsystic is vulnerable to Command Injection due to improper neutralization of special elements in the template engine, affecting versions from n/a through 1.10.29.
Product: Popup by Supsystic
Active Installations: 10,000+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52434
CVE-2024-52401 - Hacklog DownloadManager allows a Web Shell to be uploaded to a Web Server via a Cross-Site Request Forgery (CSRF) vulnerability.
Product: Hacklog DownloadManager
Active Installations: unknown
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52401
CVE-2024-52402 - Exclusive Content Password Protect in Cliconomics is vulnerable to CSRF, allowing an attacker to upload a web shell to a web server.
Product: Cliconomics Exclusive Content Password Protect
Active Installations: unknown
CVSS Score: 9.6
CVE-2024-52382 - Matix Popup Builder by Medma Technologies allows Privilege Escalation through Missing Authorization, affecting versions from n/a to 1.0.0.
Product: Medma Technologies Matix Popup Builder
Active Installations: unknown
CVSS Score: 9.8
CVE-2024-52384 - Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation allows unrestricted upload of dangerous file types, enabling attackers to upload a web shell to a web server.
Product: Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation
Active Installations: This plugin has been closed as of November 6, 2024 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52384
CVE-2024-52393 - Podlove Podcast Publisher is vulnerable to improper neutralization of special elements used in a template engine, impacting versions from n/a through 4.1.15.
Product: Podlove Podcast Publisher
Active Installations: 5,000+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52393
CVE-2024-52369 - Optimal Access Inc. KBucket allows attackers to upload a malicious web shell to a web server due to an unrestricted file upload vulnerability.
Product: Optimal Access Inc. KBucket
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52369
NVD References: https://patchstack.com/database/vulnerability/kbucket/wordpress-kbucket-plugin-4-1-6-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-52399 - Clarisse K. Writer Helper allows unrestricted file upload of dangerous types, potentially enabling attackers to upload a web shell onto a web server.
Product: Clarisse Writer Helper
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52399
NVD References: https://patchstack.com/database/vulnerability/writer-helper/wordpress-writer-helper-plugin-3-1-6-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-52400 - Gallerio allows unrestricted upload of dangerous file types, enabling attackers to upload a web shell to a web server, impacting versions from n/a through 1.01.
Product: Subhasis Laha Gallerio
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52400
NVD References: https://patchstack.com/database/vulnerability/gallerio/wordpress-gallerio-plugin-1-01-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-52403 - WPExperts User Management is vulnerable to unrestricted upload of dangerous file types, allowing attackers to upload web shells onto a web server from version n/a through 1.1.
Product: WPExperts User Management
Active Installations: This plugin has been closed as of November 4, 2024 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52403
NVD References: https://patchstack.com/database/vulnerability/user-management/wordpress-user-management-plugin-1-1-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-52404 - Bigfive CF7 Reply Manager allows for the unrestricted upload of files with dangerous types, affecting versions n/a through 1.2.3.
Product: Bigfive CF7 Reply Manager
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52404
CVE-2024-52405 - B-Banner Slider allows unrestricted upload of dangerous file types, enabling attackers to upload a web shell to a web server.
Product: Bikram Joshi B-Banner Slider
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52405
NVD References: https://patchstack.com/database/vulnerability/b-banner-slider/wordpress-b-banner-slider-plugin-1-1-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-52406 - Wibergs Web CSV to html allows unauthorized upload of dangerous files, posing a risk of web shell installation on the server from version n/a through 3.04.
Product: Wibergs Web CSV to html
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52406
NVD References: https://patchstack.com/database/vulnerability/csv-to-html/wordpress-csv-to-html-plugin-3-04-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-52407 - BasePress Migration Tools allows for unrestricted upload of dangerous file types that could potentially lead to a web server being compromised.
Product: codeSavory BasePress Migration Tools
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52407
CVE-2024-52408 - Push Notifications for WordPress by PushAssist allows unauthorized users to upload dangerous files, potentially leading to the execution of malicious code on the web server.
Product: PushAssist Team PushAssist Push Notifications for WordPress
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52408
CVE-2024-52409 - AJAX Random Posts is vulnerable to Deserialization of Untrusted Data, allowing Object Injection through version 0.3.3.
Product: Phan An AJAX Random Posts
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52409
CVE-2024-52410 - Deserialization of Untrusted Data vulnerability in Phoenixheart Referrer Detector allows Object Injection.This issue affects Referrer Detector: from n/a through 4.2.1.0.
Product: Phoenixheart Referrer Detector
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52410
CVE-2024-52411 - Flowcraft UX Design Studio Advanced Personalization is vulnerable to Object Injection through the deserialization of untrusted data, affecting versions from n/a to 1.1.2.
Product: Flowcraft UX Design Studio Advanced Personalization
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52411
CVE-2024-52412 - Deserialization of Untrusted Data vulnerability in Stephen Cui Xin allows Object Injection.This issue affects Xin: from n/a through 1.0.8.1.
Product: Stephen Cui Xin
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52412
NVD References: https://patchstack.com/database/vulnerability/xin/wordpress-xin-theme-1-0-8-1-php-object-injection-vulnerability?_s_id=cve
CVE-2024-52414 - Anthony Carbon WDES Responsive Mobile Menu is vulnerable to deserialization of untrusted data, allowing object injection from n/a through 5.3.18.
Product: Anthony Carbon WDES Responsive Mobile Menu
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52414
CVE-2024-52416 - Eugen Bobrowski Debug Tool allows unauthorized uploading of a web shell to a web server, impacting versions from n/a through 2.2.
Product: Eugen Bobrowski Debug Tool
Active Installations: unknown
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52416
NVD References: https://patchstack.com/database/vulnerability/debug-tool/wordpress-debug-tool-plugin-2-2-remote-code-execution-vulnerability?_s_id=cve
CVE-2024-52397 - Davor Zeljkovic Convert Docx2post allows malicious users to upload a web shell on a web server, putting it at risk of unauthorized access.
Product: Davor Zeljkovic Convert Docx2post
Active Installations: unknown
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52397
CVE-2024-52427 - Saso Nikolov Event Tickets with Ticket Scanner, versions 2.3.11 and earlier, is vulnerable to Server Side Include (SSI) Injection due to improper neutralization of special elements in the template engine, potentially exposing sensitive information.
Product: Saso Nikolov Event Tickets with Ticket Scanner
Active Installations: 1,000+
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52427
CVE-2024-52429 - Anton Hoelstad WP Quick Setup allows unrestricted upload of dangerous file types, potentially enabling attackers to upload web shells to vulnerable web servers.
Product: Anton Hoelstad WP Quick Setup
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52429
CVE-2024-52430 - Lis Video Gallery is vulnerable to Deserialization of Untrusted Data, allowing Object Injection from n/a through 0.2.1.
Product: Lis Video Gallery
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52430
CVE-2024-52431 - Pressaholic WordPress Video Robot - The Ultimate Video Importer is vulnerable to SQL Injection from version n/a through 1.20.0.
Product: Pressaholic WordPress Video Robot
Active Installations: unknown
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52431
NVD References: https://patchstack.com/database/vulnerability/wp-video-robot/wordpress-wp-video-robot-plugin-1-20-0-sql-injection-vulnerability?_s_id=cve
CVE-2024-52434 - Popup by Supsystic is vulnerable to Command Injection due to improper neutralization of special elements in the template engine, affecting versions from n/a through 1.10.29.
Product: Popup by Supsystic
Active Installations: 10,000+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52434
CVE-2024-52401 - Hacklog DownloadManager allows a Web Shell to be uploaded to a Web Server via a Cross-Site Request Forgery (CSRF) vulnerability.
Product: Hacklog DownloadManager
Active Installations: unknown
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52401
CVE-2024-52402 - Exclusive Content Password Protect in Cliconomics is vulnerable to CSRF, allowing an attacker to upload a web shell to a web server.
Product: Cliconomics Exclusive Content Password Protect
Active Installations: unknown
CVSS Score: 9.6
CVE-2024-52369 - Optimal Access Inc. KBucket allows attackers to upload a malicious web shell to a web server due to an unrestricted file upload vulnerability.
Product: Optimal Access Inc. KBucket
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52369
NVD References: https://patchstack.com/database/vulnerability/kbucket/wordpress-kbucket-plugin-4-1-6-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-52399 - Clarisse K. Writer Helper allows unrestricted file upload of dangerous types, potentially enabling attackers to upload a web shell onto a web server.
Product: Clarisse Writer Helper
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52399
NVD References: https://patchstack.com/database/vulnerability/writer-helper/wordpress-writer-helper-plugin-3-1-6-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-52400 - Gallerio allows unrestricted upload of dangerous file types, enabling attackers to upload a web shell to a web server, impacting versions from n/a through 1.01.
Product: Subhasis Laha Gallerio
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52400
NVD References: https://patchstack.com/database/vulnerability/gallerio/wordpress-gallerio-plugin-1-01-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-52403 - WPExperts User Management is vulnerable to unrestricted upload of dangerous file types, allowing attackers to upload web shells onto a web server from version n/a through 1.1.
Product: WPExperts User Management
Active Installations: This plugin has been closed as of November 4, 2024 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52403
NVD References: https://patchstack.com/database/vulnerability/user-management/wordpress-user-management-plugin-1-1-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-52404 - Bigfive CF7 Reply Manager allows for the unrestricted upload of files with dangerous types, affecting versions n/a through 1.2.3.
Product: Bigfive CF7 Reply Manager
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52404
CVE-2024-52405 - B-Banner Slider allows unrestricted upload of dangerous file types, enabling attackers to upload a web shell to a web server.
Product: Bikram Joshi B-Banner Slider
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52405
NVD References: https://patchstack.com/database/vulnerability/b-banner-slider/wordpress-b-banner-slider-plugin-1-1-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-52406 - Wibergs Web CSV to html allows unauthorized upload of dangerous files, posing a risk of web shell installation on the server from version n/a through 3.04.
Product: Wibergs Web CSV to html
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52406
NVD References: https://patchstack.com/database/vulnerability/csv-to-html/wordpress-csv-to-html-plugin-3-04-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-52407 - BasePress Migration Tools allows for unrestricted upload of dangerous file types that could potentially lead to a web server being compromised.
Product: codeSavory BasePress Migration Tools
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52407
CVE-2024-52408 - Push Notifications for WordPress by PushAssist allows unauthorized users to upload dangerous files, potentially leading to the execution of malicious code on the web server.
Product: PushAssist Team PushAssist Push Notifications for WordPress
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52408
CVE-2024-52409 - AJAX Random Posts is vulnerable to Deserialization of Untrusted Data, allowing Object Injection through version 0.3.3.
Product: Phan An AJAX Random Posts
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52409
CVE-2024-52410 - Deserialization of Untrusted Data vulnerability in Phoenixheart Referrer Detector allows Object Injection.This issue affects Referrer Detector: from n/a through 4.2.1.0.
Product: Phoenixheart Referrer Detector
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52410
CVE-2024-52411 - Flowcraft UX Design Studio Advanced Personalization is vulnerable to Object Injection through the deserialization of untrusted data, affecting versions from n/a to 1.1.2.
Product: Flowcraft UX Design Studio Advanced Personalization
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52411
CVE-2024-52412 - Deserialization of Untrusted Data vulnerability in Stephen Cui Xin allows Object Injection.This issue affects Xin: from n/a through 1.0.8.1.
Product: Stephen Cui Xin
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52412
NVD References: https://patchstack.com/database/vulnerability/xin/wordpress-xin-theme-1-0-8-1-php-object-injection-vulnerability?_s_id=cve
CVE-2024-52414 - Anthony Carbon WDES Responsive Mobile Menu is vulnerable to deserialization of untrusted data, allowing object injection from n/a through 5.3.18.
Product: Anthony Carbon WDES Responsive Mobile Menu
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52414
CVE-2024-52416 - Eugen Bobrowski Debug Tool allows unauthorized uploading of a web shell to a web server, impacting versions from n/a through 2.2.
Product: Eugen Bobrowski Debug Tool
Active Installations: unknown
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52416
NVD References: https://patchstack.com/database/vulnerability/debug-tool/wordpress-debug-tool-plugin-2-2-remote-code-execution-vulnerability?_s_id=cve
CVE-2024-52397 - Davor Zeljkovic Convert Docx2post allows malicious users to upload a web shell on a web server, putting it at risk of unauthorized access.
Product: Davor Zeljkovic Convert Docx2post
Active Installations: unknown
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52397
CVE-2024-52427 - Saso Nikolov Event Tickets with Ticket Scanner, versions 2.3.11 and earlier, is vulnerable to Server Side Include (SSI) Injection due to improper neutralization of special elements in the template engine, potentially exposing sensitive information.
Product: Saso Nikolov Event Tickets with Ticket Scanner
Active Installations: 1,000+
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52427
CVE-2024-52429 - Anton Hoelstad WP Quick Setup allows unrestricted upload of dangerous file types, potentially enabling attackers to upload web shells to vulnerable web servers.
Product: Anton Hoelstad WP Quick Setup
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52429
CVE-2024-52430 - Lis Video Gallery is vulnerable to Deserialization of Untrusted Data, allowing Object Injection from n/a through 0.2.1.
Product: Lis Video Gallery
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52430
CVE-2024-52431 - Pressaholic WordPress Video Robot - The Ultimate Video Importer is vulnerable to SQL Injection from version n/a through 1.20.0.
Product: Pressaholic WordPress Video Robot
Active Installations: unknown
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52431
NVD References: https://patchstack.com/database/vulnerability/wp-video-robot/wordpress-wp-video-robot-plugin-1-20-0-sql-injection-vulnerability?_s_id=cve
CVE-2024-52434 - Popup by Supsystic is vulnerable to Command Injection due to improper neutralization of special elements in the template engine, affecting versions from n/a through 1.10.29.
Product: Popup by Supsystic
Active Installations: 10,000+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52434
CVE-2024-52401 - Hacklog DownloadManager allows a Web Shell to be uploaded to a Web Server via a Cross-Site Request Forgery (CSRF) vulnerability.
Product: Hacklog DownloadManager
Active Installations: unknown
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52401
CVE-2024-52402 - Exclusive Content Password Protect in Cliconomics is vulnerable to CSRF, allowing an attacker to upload a web shell to a web server.
Product: Cliconomics Exclusive Content Password Protect
Active Installations: unknown
CVSS Score: 9.6
CVE-2024-52400 - Gallerio allows unrestricted upload of dangerous file types, enabling attackers to upload a web shell to a web server, impacting versions from n/a through 1.01.
Product: Subhasis Laha Gallerio
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52400
NVD References: https://patchstack.com/database/vulnerability/gallerio/wordpress-gallerio-plugin-1-01-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-52403 - WPExperts User Management is vulnerable to unrestricted upload of dangerous file types, allowing attackers to upload web shells onto a web server from version n/a through 1.1.
Product: WPExperts User Management
Active Installations: This plugin has been closed as of November 4, 2024 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52403
NVD References: https://patchstack.com/database/vulnerability/user-management/wordpress-user-management-plugin-1-1-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-52404 - Bigfive CF7 Reply Manager allows for the unrestricted upload of files with dangerous types, affecting versions n/a through 1.2.3.
Product: Bigfive CF7 Reply Manager
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52404
CVE-2024-52405 - B-Banner Slider allows unrestricted upload of dangerous file types, enabling attackers to upload a web shell to a web server.
Product: Bikram Joshi B-Banner Slider
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52405
NVD References: https://patchstack.com/database/vulnerability/b-banner-slider/wordpress-b-banner-slider-plugin-1-1-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-52406 - Wibergs Web CSV to html allows unauthorized upload of dangerous files, posing a risk of web shell installation on the server from version n/a through 3.04.
Product: Wibergs Web CSV to html
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52406
NVD References: https://patchstack.com/database/vulnerability/csv-to-html/wordpress-csv-to-html-plugin-3-04-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-52407 - BasePress Migration Tools allows for unrestricted upload of dangerous file types that could potentially lead to a web server being compromised.
Product: codeSavory BasePress Migration Tools
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52407
CVE-2024-52408 - Push Notifications for WordPress by PushAssist allows unauthorized users to upload dangerous files, potentially leading to the execution of malicious code on the web server.
Product: PushAssist Team PushAssist Push Notifications for WordPress
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52408
CVE-2024-52409 - AJAX Random Posts is vulnerable to Deserialization of Untrusted Data, allowing Object Injection through version 0.3.3.
Product: Phan An AJAX Random Posts
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52409
CVE-2024-52410 - Deserialization of Untrusted Data vulnerability in Phoenixheart Referrer Detector allows Object Injection.This issue affects Referrer Detector: from n/a through 4.2.1.0.
Product: Phoenixheart Referrer Detector
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52410
CVE-2024-52411 - Flowcraft UX Design Studio Advanced Personalization is vulnerable to Object Injection through the deserialization of untrusted data, affecting versions from n/a to 1.1.2.
Product: Flowcraft UX Design Studio Advanced Personalization
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52411
CVE-2024-52412 - Deserialization of Untrusted Data vulnerability in Stephen Cui Xin allows Object Injection.This issue affects Xin: from n/a through 1.0.8.1.
Product: Stephen Cui Xin
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52412
NVD References: https://patchstack.com/database/vulnerability/xin/wordpress-xin-theme-1-0-8-1-php-object-injection-vulnerability?_s_id=cve
CVE-2024-52414 - Anthony Carbon WDES Responsive Mobile Menu is vulnerable to deserialization of untrusted data, allowing object injection from n/a through 5.3.18.
Product: Anthony Carbon WDES Responsive Mobile Menu
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52414
CVE-2024-52416 - Eugen Bobrowski Debug Tool allows unauthorized uploading of a web shell to a web server, impacting versions from n/a through 2.2.
Product: Eugen Bobrowski Debug Tool
Active Installations: unknown
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52416
NVD References: https://patchstack.com/database/vulnerability/debug-tool/wordpress-debug-tool-plugin-2-2-remote-code-execution-vulnerability?_s_id=cve
CVE-2024-52397 - Davor Zeljkovic Convert Docx2post allows malicious users to upload a web shell on a web server, putting it at risk of unauthorized access.
Product: Davor Zeljkovic Convert Docx2post
Active Installations: unknown
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52397
CVE-2024-52427 - Saso Nikolov Event Tickets with Ticket Scanner, versions 2.3.11 and earlier, is vulnerable to Server Side Include (SSI) Injection due to improper neutralization of special elements in the template engine, potentially exposing sensitive information.
Product: Saso Nikolov Event Tickets with Ticket Scanner
Active Installations: 1,000+
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52427
CVE-2024-52429 - Anton Hoelstad WP Quick Setup allows unrestricted upload of dangerous file types, potentially enabling attackers to upload web shells to vulnerable web servers.
Product: Anton Hoelstad WP Quick Setup
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52429
CVE-2024-52430 - Lis Video Gallery is vulnerable to Deserialization of Untrusted Data, allowing Object Injection from n/a through 0.2.1.
Product: Lis Video Gallery
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52430
CVE-2024-52431 - Pressaholic WordPress Video Robot - The Ultimate Video Importer is vulnerable to SQL Injection from version n/a through 1.20.0.
Product: Pressaholic WordPress Video Robot
Active Installations: unknown
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52431
NVD References: https://patchstack.com/database/vulnerability/wp-video-robot/wordpress-wp-video-robot-plugin-1-20-0-sql-injection-vulnerability?_s_id=cve
CVE-2024-52434 - Popup by Supsystic is vulnerable to Command Injection due to improper neutralization of special elements in the template engine, affecting versions from n/a through 1.10.29.
Product: Popup by Supsystic
Active Installations: 10,000+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52434
CVE-2024-52401 - Hacklog DownloadManager allows a Web Shell to be uploaded to a Web Server via a Cross-Site Request Forgery (CSRF) vulnerability.
Product: Hacklog DownloadManager
Active Installations: unknown
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52401
CVE-2024-52402 - Exclusive Content Password Protect in Cliconomics is vulnerable to CSRF, allowing an attacker to upload a web shell to a web server.
Product: Cliconomics Exclusive Content Password Protect
Active Installations: unknown
CVSS Score: 9.6
CVE-2024-52405 - B-Banner Slider allows unrestricted upload of dangerous file types, enabling attackers to upload a web shell to a web server.
Product: Bikram Joshi B-Banner Slider
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52405
NVD References: https://patchstack.com/database/vulnerability/b-banner-slider/wordpress-b-banner-slider-plugin-1-1-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-52406 - Wibergs Web CSV to html allows unauthorized upload of dangerous files, posing a risk of web shell installation on the server from version n/a through 3.04.
Product: Wibergs Web CSV to html
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52406
NVD References: https://patchstack.com/database/vulnerability/csv-to-html/wordpress-csv-to-html-plugin-3-04-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-52407 - BasePress Migration Tools allows for unrestricted upload of dangerous file types that could potentially lead to a web server being compromised.
Product: codeSavory BasePress Migration Tools
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52407
CVE-2024-52408 - Push Notifications for WordPress by PushAssist allows unauthorized users to upload dangerous files, potentially leading to the execution of malicious code on the web server.
Product: PushAssist Team PushAssist Push Notifications for WordPress
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52408
CVE-2024-52409 - AJAX Random Posts is vulnerable to Deserialization of Untrusted Data, allowing Object Injection through version 0.3.3.
Product: Phan An AJAX Random Posts
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52409
CVE-2024-52410 - Deserialization of Untrusted Data vulnerability in Phoenixheart Referrer Detector allows Object Injection.This issue affects Referrer Detector: from n/a through 4.2.1.0.
Product: Phoenixheart Referrer Detector
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52410
CVE-2024-52411 - Flowcraft UX Design Studio Advanced Personalization is vulnerable to Object Injection through the deserialization of untrusted data, affecting versions from n/a to 1.1.2.
Product: Flowcraft UX Design Studio Advanced Personalization
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52411
CVE-2024-52412 - Deserialization of Untrusted Data vulnerability in Stephen Cui Xin allows Object Injection.This issue affects Xin: from n/a through 1.0.8.1.
Product: Stephen Cui Xin
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52412
NVD References: https://patchstack.com/database/vulnerability/xin/wordpress-xin-theme-1-0-8-1-php-object-injection-vulnerability?_s_id=cve
CVE-2024-52414 - Anthony Carbon WDES Responsive Mobile Menu is vulnerable to deserialization of untrusted data, allowing object injection from n/a through 5.3.18.
Product: Anthony Carbon WDES Responsive Mobile Menu
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52414
CVE-2024-52416 - Eugen Bobrowski Debug Tool allows unauthorized uploading of a web shell to a web server, impacting versions from n/a through 2.2.
Product: Eugen Bobrowski Debug Tool
Active Installations: unknown
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52416
NVD References: https://patchstack.com/database/vulnerability/debug-tool/wordpress-debug-tool-plugin-2-2-remote-code-execution-vulnerability?_s_id=cve
CVE-2024-52397 - Davor Zeljkovic Convert Docx2post allows malicious users to upload a web shell on a web server, putting it at risk of unauthorized access.
Product: Davor Zeljkovic Convert Docx2post
Active Installations: unknown
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52397
CVE-2024-52427 - Saso Nikolov Event Tickets with Ticket Scanner, versions 2.3.11 and earlier, is vulnerable to Server Side Include (SSI) Injection due to improper neutralization of special elements in the template engine, potentially exposing sensitive information.
Product: Saso Nikolov Event Tickets with Ticket Scanner
Active Installations: 1,000+
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52427
CVE-2024-52429 - Anton Hoelstad WP Quick Setup allows unrestricted upload of dangerous file types, potentially enabling attackers to upload web shells to vulnerable web servers.
Product: Anton Hoelstad WP Quick Setup
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52429
CVE-2024-52430 - Lis Video Gallery is vulnerable to Deserialization of Untrusted Data, allowing Object Injection from n/a through 0.2.1.
Product: Lis Video Gallery
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52430
CVE-2024-52431 - Pressaholic WordPress Video Robot - The Ultimate Video Importer is vulnerable to SQL Injection from version n/a through 1.20.0.
Product: Pressaholic WordPress Video Robot
Active Installations: unknown
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52431
NVD References: https://patchstack.com/database/vulnerability/wp-video-robot/wordpress-wp-video-robot-plugin-1-20-0-sql-injection-vulnerability?_s_id=cve
CVE-2024-52434 - Popup by Supsystic is vulnerable to Command Injection due to improper neutralization of special elements in the template engine, affecting versions from n/a through 1.10.29.
Product: Popup by Supsystic
Active Installations: 10,000+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52434
CVE-2024-52401 - Hacklog DownloadManager allows a Web Shell to be uploaded to a Web Server via a Cross-Site Request Forgery (CSRF) vulnerability.
Product: Hacklog DownloadManager
Active Installations: unknown
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52401
CVE-2024-52402 - Exclusive Content Password Protect in Cliconomics is vulnerable to CSRF, allowing an attacker to upload a web shell to a web server.
Product: Cliconomics Exclusive Content Password Protect
Active Installations: unknown
CVSS Score: 9.6
CVE-2024-52409 - AJAX Random Posts is vulnerable to Deserialization of Untrusted Data, allowing Object Injection through version 0.3.3.
Product: Phan An AJAX Random Posts
Active Installations: unknown
CVSS Score: 9.8
CVE-2024-52410 - Deserialization of Untrusted Data vulnerability in Phoenixheart Referrer Detector allows Object Injection.This issue affects Referrer Detector: from n/a through 4.2.1.0.
Product: Phoenixheart Referrer Detector
Active Installations: unknown
CVSS Score: 9.8
CVE-2024-52411 - Flowcraft UX Design Studio Advanced Personalization is vulnerable to Object Injection through the deserialization of untrusted data, affecting versions from n/a to 1.1.2.
Product: Flowcraft UX Design Studio Advanced Personalization
Active Installations: unknown
CVSS Score: 9.8
CVE-2024-52412 - Deserialization of Untrusted Data vulnerability in Stephen Cui Xin allows Object Injection.This issue affects Xin: from n/a through 1.0.8.1.
Product: Stephen Cui Xin
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52412
NVD References: https://patchstack.com/database/vulnerability/xin/wordpress-xin-theme-1-0-8-1-php-object-injection-vulnerability?_s_id=cve
CVE-2024-52414 - Anthony Carbon WDES Responsive Mobile Menu is vulnerable to deserialization of untrusted data, allowing object injection from n/a through 5.3.18.
Product: Anthony Carbon WDES Responsive Mobile Menu
Active Installations: unknown
CVSS Score: 9.8
CVE-2024-52416 - Eugen Bobrowski Debug Tool allows unauthorized uploading of a web shell to a web server, impacting versions from n/a through 2.2.
Product: Eugen Bobrowski Debug Tool
Active Installations: unknown
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52416
NVD References: https://patchstack.com/database/vulnerability/debug-tool/wordpress-debug-tool-plugin-2-2-remote-code-execution-vulnerability?_s_id=cve
CVE-2024-52397 - Davor Zeljkovic Convert Docx2post allows malicious users to upload a web shell on a web server, putting it at risk of unauthorized access.
Product: Davor Zeljkovic Convert Docx2post
Active Installations: unknown
CVSS Score: 9.1
CVE-2024-52427 - Saso Nikolov Event Tickets with Ticket Scanner, versions 2.3.11 and earlier, is vulnerable to Server Side Include (SSI) Injection due to improper neutralization of special elements in the template engine, potentially exposing sensitive information.
Product: Saso Nikolov Event Tickets with Ticket Scanner
Active Installations: 1,000+
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52427
CVE-2024-52429 - Anton Hoelstad WP Quick Setup allows unrestricted upload of dangerous file types, potentially enabling attackers to upload web shells to vulnerable web servers.
Product: Anton Hoelstad WP Quick Setup
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52429
CVE-2024-52430 - Lis Video Gallery is vulnerable to Deserialization of Untrusted Data, allowing Object Injection from n/a through 0.2.1.
Product: Lis Video Gallery
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52430
CVE-2024-52431 - Pressaholic WordPress Video Robot - The Ultimate Video Importer is vulnerable to SQL Injection from version n/a through 1.20.0.
Product: Pressaholic WordPress Video Robot
Active Installations: unknown
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52431
NVD References: https://patchstack.com/database/vulnerability/wp-video-robot/wordpress-wp-video-robot-plugin-1-20-0-sql-injection-vulnerability?_s_id=cve
CVE-2024-52434 - Popup by Supsystic is vulnerable to Command Injection due to improper neutralization of special elements in the template engine, affecting versions from n/a through 1.10.29.
Product: Popup by Supsystic
Active Installations: 10,000+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52434
CVE-2024-52401 - Hacklog DownloadManager allows a Web Shell to be uploaded to a Web Server via a Cross-Site Request Forgery (CSRF) vulnerability.
Product: Hacklog DownloadManager
Active Installations: unknown
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52401
CVE-2024-52402 - Exclusive Content Password Protect in Cliconomics is vulnerable to CSRF, allowing an attacker to upload a web shell to a web server.
Product: Cliconomics Exclusive Content Password Protect
Active Installations: unknown
CVSS Score: 9.6
CVE-2024-52431 - Pressaholic WordPress Video Robot - The Ultimate Video Importer is vulnerable to SQL Injection from version n/a through 1.20.0.
Product: Pressaholic WordPress Video Robot
Active Installations: unknown
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-52431
NVD References: https://patchstack.com/database/vulnerability/wp-video-robot/wordpress-wp-video-robot-plugin-1-20-0-sql-injection-vulnerability?_s_id=cve
CVE-2024-52434 - Popup by Supsystic is vulnerable to Command Injection due to improper neutralization of special elements in the template engine, affecting versions from n/a through 1.10.29.
Product: Popup by Supsystic
Active Installations: 10,000+
CVSS Score: 9.1
CVE-2024-52401 - Hacklog DownloadManager allows a Web Shell to be uploaded to a Web Server via a Cross-Site Request Forgery (CSRF) vulnerability.
Product: Hacklog DownloadManager
Active Installations: unknown
CVSS Score: 9.6
CVE-2024-52402 - Exclusive Content Password Protect in Cliconomics is vulnerable to CSRF, allowing an attacker to upload a web shell to a web server.
Product: Cliconomics Exclusive Content Password Protect
Active Installations: unknown
CVSS Score: 9.6
Sponsors
Sevco Security
Hampered by incomplete visibility of your assets? Inundated with a high volume of vulnerabilities? Overwhelmed with manual prioritization processes? You’re not alone. A staggering 60% of breaches happen because vulnerabilities go unpatched—even when a fix is available. Learn how to shift to a more proactive, risk-based approach to vulnerability management in this white paper.
SANS
Virtual Event: Cloud Security Convergence: How Control Models for A Robust Cloud Security Stack Are Changing | December 6, 1:00 PM ET | As cloud security controls mature, it’s common to find that a wide variety of security controls and configuration capabilities are melding into a single platform or service fabric. What does cloud security look like in 2024 and beyond? Chances are, you are talking to a set of providers that offer many of these features.
SANS
Virtual Event: Cloud Security Convergence: How Control Models for A Robust Cloud Security Stack Are Changing | December 6, 1:00 PM ET | As cloud security controls mature, it’s common to find that a wide variety of security controls and configuration capabilities are melding into a single platform or service fabric. What does cloud security look like in 2024 and beyond? Chances are, you are talking to a set of providers that offer many of these features.
SANS
Virtual Event: Cloud Security Convergence: How Control Models for A Robust Cloud Security Stack Are Changing | December 6, 1:00 PM ET | As cloud security controls mature, it’s common to find that a wide variety of security controls and configuration capabilities are melding into a single platform or service fabric. What does cloud security look like in 2024 and beyond? Chances are, you are talking to a set of providers that offer many of these features.