Total
21799 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-51482 | 2024-04-25 | N/A | 9.9 CRITICAL | ||
Improper Authentication vulnerability in EazyPlugins Eazy Plugin Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Eazy Plugin Manager: from n/a through 4.1.2. | |||||
CVE-2023-51484 | 2024-04-25 | N/A | 9.8 CRITICAL | ||
Improper Authentication vulnerability in wp-buy Login as User or Customer (User Switching) allows Privilege Escalation.This issue affects Login as User or Customer (User Switching): from n/a through 3.8. | |||||
CVE-2024-30560 | 2024-04-25 | N/A | 9.6 CRITICAL | ||
Cross-Site Request Forgery (CSRF) vulnerability in ??WP DX-Watermark.This issue affects DX-Watermark: from n/a through 1.0.4. | |||||
CVE-2024-31380 | 2024-04-25 | N/A | 9.9 CRITICAL | ||
Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection.This issue affects Oxygen Builder: from n/a through 4.8.2. | |||||
CVE-2023-51425 | 2024-04-24 | N/A | 9.8 CRITICAL | ||
Improper Privilege Management vulnerability in Jacques Malgrange Rencontre – Dating Site allows Privilege Escalation.This issue affects Rencontre – Dating Site: from n/a through 3.10.1. | |||||
CVE-2023-51472 | 2024-04-24 | N/A | 9.8 CRITICAL | ||
Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7. | |||||
CVE-2023-31090 | 2024-04-24 | N/A | 9.9 CRITICAL | ||
Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Upload a Web Shell to a Web Server.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.60. | |||||
CVE-2023-51477 | 2024-04-24 | N/A | 9.8 CRITICAL | ||
Improper Authentication vulnerability in BUDDYBOSS DMCC BuddyBoss Theme allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyBoss Theme: from n/a through 2.4.60. | |||||
CVE-2017-18017 | 9 Arista, Canonical, Debian and 6 more | 29 Eos, Ubuntu Linux, Debian Linux and 26 more | 2024-04-24 | 10.0 HIGH | 9.8 CRITICAL |
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. | |||||
CVE-2024-32954 | 2024-04-24 | N/A | 9.1 CRITICAL | ||
Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.5. | |||||
CVE-2024-32836 | 2024-04-24 | N/A | 9.1 CRITICAL | ||
Unrestricted Upload of File with Dangerous Type vulnerability in WP Lab WP-Lister Lite for eBay.This issue affects WP-Lister Lite for eBay: from n/a through 3.5.11. | |||||
CVE-2024-32948 | 2024-04-24 | N/A | 9.1 CRITICAL | ||
Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.28. | |||||
CVE-2024-32659 | 2024-04-24 | N/A | 9.8 CRITICAL | ||
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available. | |||||
CVE-2024-32709 | 2024-04-24 | N/A | 9.3 CRITICAL | ||
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5. | |||||
CVE-2024-32658 | 2024-04-24 | N/A | 9.8 CRITICAL | ||
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available. | |||||
CVE-2024-22638 | 1 Livesite | 1 Livesite | 2024-04-23 | N/A | 9.8 CRITICAL |
liveSite v2019.1 was discovered to contain a remote code execution (RCE) vulenrabiity via the component /livesite/edit_designer_region.php or /livesite/add_email_campaign.php. | |||||
CVE-2024-3400 | 1 Paloaltonetworks | 1 Pan-os | 2024-04-23 | N/A | 10.0 CRITICAL |
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | |||||
CVE-2004-0285 | 3 Allmyguests Project, Allmylinks Project, Allmyvisitors Project | 3 Allmyguests, Allmylinks, Allmyvisitors | 2024-04-23 | 7.5 HIGH | 9.8 CRITICAL |
PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter. | |||||
CVE-2022-46966 | 1 Revenue Collection System Project | 1 Revenue Collection System | 2024-04-23 | N/A | 9.8 CRITICAL |
Revenue Collection System v1.0 was discovered to contain a SQL injection vulnerability at step1.php. | |||||
CVE-2024-32458 | 2024-04-23 | N/A | 9.8 CRITICAL | ||
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by default, require server side support). |