CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-54370 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows Upload a Web Shell to a Web Server.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through 1.1.0.
CVSS: CRITICAL (9.9) EPSS Score: 0.04%
December 17th, 2024 (7 months ago)
|
|
CVE-2024-54369 |
Description: Missing Authorization vulnerability in ThemeHunk Zita Site Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through 1.0.2.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
December 17th, 2024 (7 months ago)
|
|
CVE-2024-54368 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garza, Jr. GitSync allows Code Injection.This issue affects GitSync: from n/a through 1.1.0.
CVSS: CRITICAL (9.6) EPSS Score: 0.04%
December 17th, 2024 (7 months ago)
|
|
CVE-2024-54367 |
Description: Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 17th, 2024 (7 months ago)
|
|
CVE-2024-54363 |
Description: Incorrect Privilege Assignment vulnerability in nssTheme Wp NssUser Register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through 1.0.0.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 17th, 2024 (7 months ago)
|
|
CVE-2024-54361 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in outstrip Instant Appointment allows SQL Injection.This issue affects Instant Appointment: from n/a through 1.2.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
December 17th, 2024 (7 months ago)
|
|
CVE-2024-54285 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in SeedProd LLC SeedProd Pro allows Upload a Web Shell to a Web Server.This issue affects SeedProd Pro: from n/a through 6.18.10.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
December 17th, 2024 (7 months ago)
|
|
CVE-2024-54280 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WPBookit allows SQL Injection.This issue affects WPBookit: from n/a through 1.6.0.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
December 17th, 2024 (7 months ago)
|
|
CVE-2024-54229 |
Description: Incorrect Privilege Assignment vulnerability in Straightvisions GmbH SV100 Companion allows Privilege Escalation.This issue affects SV100 Companion: from n/a through 2.0.02.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 17th, 2024 (7 months ago)
|
|
CVE-2024-9290 |
Description: The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibk_restore_migrate_check() function in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
December 14th, 2024 (7 months ago)
|