Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-54292 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Appsplate Appsplate allows SQL Injection.This issue affects Appsplate: from n/a through 2.1.3.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
December 14th, 2024 (6 months ago)
|
|
CVE-2024-54273 |
Description: Deserialization of Untrusted Data vulnerability in PickPlugins Mail Picker allows Object Injection.This issue affects Mail Picker: from n/a through 1.0.14.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 14th, 2024 (6 months ago)
|
|
CVE-2024-54262 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Siddharth Nagar Import Export For WooCommerce allows Upload a Web Shell to a Web Server.This issue affects Import Export For WooCommerce: from n/a through 1.5.
CVSS: CRITICAL (9.9) EPSS Score: 0.04%
December 14th, 2024 (6 months ago)
|
|
CVE-2024-54261 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK Digital Agency LLC TAX SERVICE Electronic HDM allows SQL Injection.This issue affects TAX SERVICE Electronic HDM: from n/a through 1.1.2.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
December 14th, 2024 (6 months ago)
|
|
CVE-2024-54239 |
Description: Missing Authorization vulnerability in dugudlabs Eyewear prescription form allows Privilege Escalation.This issue affects Eyewear prescription form: from n/a through 4.0.18.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 14th, 2024 (6 months ago)
|
|
CVE-2024-54234 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wp-buy Limit Login Attempts allows SQL Injection.This issue affects Limit Login Attempts: from n/a through 5.5.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
December 14th, 2024 (6 months ago)
|
|
CVE-2024-11015 |
Description: The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the 'authenticate_user' user function not implementing sufficient null value checks when setting the access token and user information. This makes it possible for unauthenticated attackers to log in as the first user who has signed in using Google OAuth, which could be the site administrator.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
December 13th, 2024 (6 months ago)
|
|
CVE-2024-10124 |
Description: The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. This vulnerability was partially patched in version 1.1.1.
CVSS: CRITICAL (9.8) EPSS Score: 0.1%
December 13th, 2024 (6 months ago)
|
|
CVE-2024-54215 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Envato Security Team Revy.This issue affects Revy: from n/a through 1.18.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2024-53822 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|