Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-56145 |
Description: Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 4.13.2 or 5.5.2. Users unable to upgrade should disable `register_argc_argv` to mitigate the issue.
CVSS: CRITICAL (9.3) EPSS Score: 0.15%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-56059 |
Description: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Mighty Digital Partners allows Object Injection.This issue affects Partners: from n/a through 0.2.0.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-56058 |
Description: Deserialization of Untrusted Data vulnerability in Gueststream VRPConnector allows Object Injection.This issue affects VRPConnector: from n/a through 2.0.1.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-56057 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2.
CVSS: CRITICAL (9.9) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-56054 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-56052 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2.
CVSS: CRITICAL (9.9) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-56050 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.3.
CVSS: CRITICAL (9.9) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-54383 |
Description: Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-4996 |
Description: Use of a hard-coded password for a database administrator account created during Wapro ERP installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Wapro ERP installations. This issue affects Wapro ERP Desktop versions before 8.90.0.
CVSS: CRITICAL (9.3) EPSS Score: 0.05%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-4995 |
Description: Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects Wapro ERP Desktop versions before 9.00.0.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
December 19th, 2024 (4 months ago)
|