Total
21864 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-51472 | 2024-04-24 | N/A | 9.8 CRITICAL | ||
Improper Authentication vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through 7.1.9.7. | |||||
CVE-2023-31090 | 2024-04-24 | N/A | 9.9 CRITICAL | ||
Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Upload a Web Shell to a Web Server.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.60. | |||||
CVE-2023-51477 | 2024-04-24 | N/A | 9.8 CRITICAL | ||
Improper Authentication vulnerability in BUDDYBOSS DMCC BuddyBoss Theme allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyBoss Theme: from n/a through 2.4.60. | |||||
CVE-2017-18017 | 9 Arista, Canonical, Debian and 6 more | 29 Eos, Ubuntu Linux, Debian Linux and 26 more | 2024-04-24 | 10.0 HIGH | 9.8 CRITICAL |
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. | |||||
CVE-2024-32954 | 2024-04-24 | N/A | 9.1 CRITICAL | ||
Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.5. | |||||
CVE-2024-32836 | 2024-04-24 | N/A | 9.1 CRITICAL | ||
Unrestricted Upload of File with Dangerous Type vulnerability in WP Lab WP-Lister Lite for eBay.This issue affects WP-Lister Lite for eBay: from n/a through 3.5.11. | |||||
CVE-2024-32948 | 2024-04-24 | N/A | 9.1 CRITICAL | ||
Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.28. | |||||
CVE-2024-32659 | 2024-04-24 | N/A | 9.8 CRITICAL | ||
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available. | |||||
CVE-2024-32709 | 2024-04-24 | N/A | 9.3 CRITICAL | ||
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5. | |||||
CVE-2024-32658 | 2024-04-24 | N/A | 9.8 CRITICAL | ||
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available. | |||||
CVE-2024-22638 | 1 Livesite | 1 Livesite | 2024-04-23 | N/A | 9.8 CRITICAL |
liveSite v2019.1 was discovered to contain a remote code execution (RCE) vulenrabiity via the component /livesite/edit_designer_region.php or /livesite/add_email_campaign.php. | |||||
CVE-2024-3400 | 1 Paloaltonetworks | 1 Pan-os | 2024-04-23 | N/A | 10.0 CRITICAL |
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. | |||||
CVE-2004-0285 | 3 Allmyguests Project, Allmylinks Project, Allmyvisitors Project | 3 Allmyguests, Allmylinks, Allmyvisitors | 2024-04-23 | 7.5 HIGH | 9.8 CRITICAL |
PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter. | |||||
CVE-2022-46966 | 1 Revenue Collection System Project | 1 Revenue Collection System | 2024-04-23 | N/A | 9.8 CRITICAL |
Revenue Collection System v1.0 was discovered to contain a SQL injection vulnerability at step1.php. | |||||
CVE-2024-32458 | 2024-04-23 | N/A | 9.8 CRITICAL | ||
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by default, require server side support). | |||||
CVE-2024-32459 | 2024-04-23 | N/A | 9.8 CRITICAL | ||
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available. | |||||
CVE-2024-32041 | 2024-04-23 | N/A | 9.8 CRITICAL | ||
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead. | |||||
CVE-2024-32039 | 2024-04-23 | N/A | 9.8 CRITICAL | ||
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default). | |||||
CVE-2024-21511 | 2024-04-23 | N/A | 9.8 CRITICAL | ||
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function. | |||||
CVE-2023-33584 | 1 Enrollment System Project | 1 Enrollment System | 2024-04-22 | N/A | 9.8 CRITICAL |
Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code. |