Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-54261 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK Digital Agency LLC TAX SERVICE Electronic HDM allows SQL Injection.This issue affects TAX SERVICE Electronic HDM: from n/a through 1.1.2.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
December 14th, 2024 (4 months ago)
|
|
CVE-2024-54239 |
Description: Missing Authorization vulnerability in dugudlabs Eyewear prescription form allows Privilege Escalation.This issue affects Eyewear prescription form: from n/a through 4.0.18.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 14th, 2024 (4 months ago)
|
|
CVE-2024-54234 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wp-buy Limit Login Attempts allows SQL Injection.This issue affects Limit Login Attempts: from n/a through 5.5.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
December 14th, 2024 (4 months ago)
|
|
CVE-2024-11015 |
Description: The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the 'authenticate_user' user function not implementing sufficient null value checks when setting the access token and user information. This makes it possible for unauthenticated attackers to log in as the first user who has signed in using Google OAuth, which could be the site administrator.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
December 13th, 2024 (4 months ago)
|
|
CVE-2024-10124 |
Description: The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. This vulnerability was partially patched in version 1.1.1.
CVSS: CRITICAL (9.8) EPSS Score: 0.1%
December 13th, 2024 (4 months ago)
|
|
CVE-2024-54215 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Envato Security Team Revy.This issue affects Revy: from n/a through 1.18.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-53822 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-43222 |
Description: Missing Authorization vulnerability in Envato Security Team Sweet Date.This issue affects Sweet Date: from n/a through 3.7.3.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 10th, 2024 (4 months ago)
|
|
CVE-2023-32117 |
Description: Missing Authorization vulnerability in SoftLab Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through 1.1.99.
CVSS: CRITICAL (9.8) EPSS Score: 0.25%
December 10th, 2024 (4 months ago)
|
|
CVE-2024-12209 |
Description: The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
CVSS: CRITICAL (9.8) EPSS Score: 2.91%
December 9th, 2024 (4 months ago)
|