Total
4525 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-12420 | 2024-12-13 | N/A | 6.5 MEDIUM | ||
| The The WPMobile.App — Android and iOS Mobile Application plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 11.52. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | |||||
| CVE-2024-12417 | 2024-12-13 | N/A | 6.5 MEDIUM | ||
| The The Simple Link Directory plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.4.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | |||||
| CVE-2023-2359 | 1 Themepunch | 1 Slider Revolution | 2024-12-12 | N/A | 8.8 HIGH |
| The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations. | |||||
| CVE-2024-42448 | 2024-12-12 | N/A | 9.9 CRITICAL | ||
| From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. | |||||
| CVE-2024-21574 | 2024-12-12 | N/A | 10.0 CRITICAL | ||
| The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. This allows an attacker to craft a request that triggers a pip install on a user controlled package or URL, resulting in remote code execution (RCE) on the server. | |||||
| CVE-2024-12333 | 2024-12-12 | N/A | 6.5 MEDIUM | ||
| The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode through the woodmart_instagram_ajax_query AJAX action. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | |||||
| CVE-2024-10910 | 2024-12-12 | N/A | 7.3 HIGH | ||
| The The Grid Plus – Unlimited grid layout plugin for WordPress is vulnerable to arbitrary shortcode execution via grid_plus_load_by_category AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | |||||
| CVE-2024-48453 | 2024-12-12 | N/A | 9.8 CRITICAL | ||
| An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to execute arbitrary code via the ExecuteUserProgramUpgrade function | |||||
| CVE-2024-12350 | 1 Jwillber | 1 Jfinalcms | 2024-12-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in JFinalCMS 1.0. It has been rated as critical. Affected by this issue is the function update of the file \src\main\java\com\cms\controller\admin\TemplateController.java of the component Template Handler. The manipulation of the argument content leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-35853 | 1 Oisf | 1 Suricata | 2024-12-11 | N/A | 9.8 CRITICAL |
| In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section. | |||||
| CVE-2022-38946 | 2024-12-11 | N/A | 9.8 CRITICAL | ||
| Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php, allows attackers to execute arbitrary code. | |||||
| CVE-2024-12359 | 1 Code-projects | 1 Admin Dashboard | 2024-12-10 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in code-projects Admin Dashboard 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /vendor_management.php. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting product names. | |||||
| CVE-2024-12001 | 1 Anisha | 1 Wazifa System | 2024-12-10 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic has been found in code-projects Wazifa System 1.0. Affected is an unknown function of the file /controllers/updatesettings.php of the component Setting Handler. The manipulation of the argument firstname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2024-12000 | 1 Code-projects | 1 Blood Bank System | 2024-12-10 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in code-projects Blood Bank System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /controllers/updatesettings.php of the component Setting Handler. The manipulation of the argument firstname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2020-20918 | 1 Pluck-cms | 1 Pluck | 2024-12-10 | N/A | 7.2 HIGH |
| An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page. | |||||
| CVE-2024-11243 | 1 Code-projects | 1 Online Shop Store | 2024-12-10 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in code-projects Online Shop Store 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument m2 with the input <svg%20onload=alert(document.cookie)> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-12180 | 1 Dedecms | 1 Dedecms | 2024-12-10 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic has been found in DedeCMS 5.7.116. Affected is an unknown function of the file /member/article_add.php. The manipulation of the argument body leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-22123 | 1 Zabbix | 1 Zabbix | 2024-12-10 | N/A | 2.7 LOW |
| Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken with AT commands and small part for log file content will be leaked to UI. | |||||
| CVE-2024-12181 | 1 Dedecms | 1 Dedecms | 2024-12-10 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic was found in DedeCMS 5.7.116. Affected by this vulnerability is an unknown functionality of the file /member/uploads_add.php of the component SWF File Handler. The manipulation of the argument mediatype leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-12182 | 1 Dedecms | 1 Dedecms | 2024-12-10 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7.116. Affected by this issue is some unknown functionality of the file /member/soft_add.php. The manipulation of the argument body leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||