Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-56059
WordPress Partners plugin <= 0.2.0 - PHP Object Injection vulnerability
Description: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Mighty Digital Partners allows Object Injection.This issue affects Partners: from n/a through 0.2.0.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
December 19th, 2024 (6 months ago)

CVE-2024-56058
WordPress VRPConnector plugin <= 2.0.1 - PHP Object Injection vulnerability
Description: Deserialization of Untrusted Data vulnerability in Gueststream VRPConnector allows Object Injection.This issue affects VRPConnector: from n/a through 2.0.1.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
December 19th, 2024 (6 months ago)

CVE-2024-56057
WordPress WPLMS plugin < 1.9.9.5.2 - Arbitrary File Upload vulnerability
Description: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2.

CVSS: CRITICAL (9.9)

EPSS Score: 0.04%

Source: CVE
December 19th, 2024 (6 months ago)

CVE-2024-56054
WordPress WPLMS plugin < 1.9.9.5.2 - Instructor+ Arbitrary File Upload vulnerability
Description: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2.

CVSS: CRITICAL (9.1)

EPSS Score: 0.04%

Source: CVE
December 19th, 2024 (6 months ago)

CVE-2024-56052
WordPress WPLMS plugin < 1.9.9.5.2 - Student+ Arbitrary File Upload vulnerability
Description: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2.

CVSS: CRITICAL (9.9)

EPSS Score: 0.04%

Source: CVE
December 19th, 2024 (6 months ago)

CVE-2024-56050
WordPress WPLMS plugin < 1.9.9.5.3 - Subscriber+ Arbitrary File Upload vulnerability
Description: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.3.

CVSS: CRITICAL (9.9)

EPSS Score: 0.04%

Source: CVE
December 19th, 2024 (6 months ago)

CVE-2024-54383
WordPress WooCommerce - PDF Vouchers plugin < 4.9.9 - Broken Authentication vulnerability
Description: Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
December 19th, 2024 (6 months ago)

CVE-2024-4996
Hardcoded Password in Wapro ERP Desktop
Description: Use of a hard-coded password for a database administrator account created during Wapro ERP&nbsp;installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Wapro ERP&nbsp;installations.&nbsp;This issue affects Wapro ERP Desktop versions before 8.90.0.

CVSS: CRITICAL (9.3)

EPSS Score: 0.05%

Source: CVE
December 19th, 2024 (6 months ago)

CVE-2024-4995
Protocol Downgrade in Wapro ERP Desktop
Description: Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification.&nbsp;This issue affects Wapro ERP Desktop versions before 9.00.0.

CVSS: CRITICAL (9.1)

EPSS Score: 0.05%

Source: CVE
December 19th, 2024 (6 months ago)

CVE-2024-49147
Microsoft Update Catalog Elevation of Privilege Vulnerability
Description: Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver.

CVSS: CRITICAL (9.3)

EPSS Score: 0.21%

Source: CVE
December 19th, 2024 (6 months ago)