CVE Database

9306+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2024-49400
9.8 CRITICAL

Tacquito prior to commit 07b49d1358e6ec0b5aa482fcd284f509191119e2 was not properly performing regex matches on authorized commands and arguments. Configured allowed commands/arguments were intended to require a match …

Oct 17, 2024
CVE-2024-49322
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress jemployee allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through …

Oct 17, 2024
CVE-2024-49318
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Scott My Reading Library my-reading-library allows Object Injection.This issue affects My Reading Library: from n/a through <= 1.0.

Oct 17, 2024
CVE-2024-49314
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in jiangqie JiangQie Free Mini Program jiangqie-free-mini-program allows Upload a Web Shell to a Web Server.This issue …

Oct 17, 2024
CVE-2024-49305
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Email Verification for WooCommerce emails-verification-for-woocommerce allows SQL Injection.This issue affects …

Oct 17, 2024
CVE-2024-49291
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0.

Oct 17, 2024
CVE-2024-49246
9.3 CRITICAL

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anand23 Ajax Rating with Custom Login ajax-rating-with-custom-login allows SQL Injection.This issue …

Oct 17, 2024
CVE-2024-49217
9.8 CRITICAL

Incorrect Privilege Assignment vulnerability in madiriaashish Adding drop down roles in registration user-drop-down-roles-in-registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from …

Oct 17, 2024
CVE-2024-48920
9.1 CRITICAL

PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users …

Oct 17, 2024
CVE-2024-10025
9.1 CRITICAL

A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, …

Oct 17, 2024
CVE-2024-9263
9.8 CRITICAL

The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference …

Oct 17, 2024
CVE-2024-9863
9.8 CRITICAL

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure …

Oct 17, 2024
CVE-2024-9862
9.8 CRITICAL

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. This is …

Oct 17, 2024
CVE-2024-48180
9.8 CRITICAL

ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code.

Oct 16, 2024
CVE-2024-9893
9.8 CRITICAL

The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to …

Oct 16, 2024
CVE-2024-49260
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Limbcode WordPress Gallery Plugin – Limb Image Gallery limb-gallery allows Code Injection.This issue affects WordPress Gallery …

Oct 16, 2024
CVE-2024-49254
10.0 CRITICAL

Improper Control of Generation of Code ('Code Injection') vulnerability in sunjianle ajax-extend ajax-extend allows Code Injection.This issue affects ajax-extend: from n/a through <= 1.0.

Oct 16, 2024
CVE-2024-49242
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery digital-lottery allows Upload a Web Shell to a Web Server.This issue affects Digital …

Oct 16, 2024
CVE-2024-49227
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in foter Free Stock Photos Foter free-stock-photos-foter allows Object Injection.This issue affects Free Stock Photos Foter: from n/a through <= …

Oct 16, 2024
CVE-2024-49218
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Al Imran Akash Recently recently-viewed-most-viewed-and-sold-products-for-woocommerce allows Object Injection.This issue affects Recently: from n/a through <= 1.1.

Oct 16, 2024
CVE-2024-49216
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in jclay06 Feed Comments Number feed-comments-number allows Upload a Web Shell to a Web Server.This issue affects …

Oct 16, 2024
CVE-2024-48035
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in takayukii ACF Images Search And Insert acf-images-search-and-insert allows Upload a Web Shell to a Web Server.This …

Oct 16, 2024
CVE-2024-48034
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in fliperrr Creates 3D Flipbook, PDF Flipbook create-flipbook-from-pdf allows Upload a Web Shell to a Web Server.This …

Oct 16, 2024
CVE-2024-48030
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Webextends Telecash Ricaricaweb telecash-ricaricaweb allows Object Injection.This issue affects Telecash Ricaricaweb: from n/a through <= 2.2.

Oct 16, 2024
CVE-2024-48028
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in Boyan Raichev IP Loc8 ip-loc8 allows Object Injection.This issue affects IP Loc8: from n/a through <= 1.1.

Oct 16, 2024
CVE-2024-48027
9.9 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in xaraartech External featured image from bing external-featured-image-from-bing allows Upload a Web Shell to a Web Server.This …

Oct 16, 2024
CVE-2024-48026
9.8 CRITICAL

Deserialization of Untrusted Data vulnerability in GMRobbins Disc Golf Manager disc-golf-manager allows Object Injection.This issue affects Disc Golf Manager: from n/a through <= 1.0.0.

Oct 16, 2024
CVE-2024-47649
9.1 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in THATplugin Iconize iconize.This issue affects Iconize: from n/a through <= 1.2.4.

Oct 16, 2024
CVE-2024-49271
9.1 CRITICAL

Deserialization of Untrusted Data vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) unlimited-elements-for-elementor allows Command Injection.This issue affects Unlimited Elements For …

Oct 16, 2024
CVE-2024-49257
10.0 CRITICAL

Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting azz-anonim-posting allows Upload a Web Shell to a Web Server.This issue affects …

Oct 16, 2024
CVE-2024-49247
9.8 CRITICAL

Authentication Bypass Using an Alternate Path or Channel vulnerability in SK BuddyPress Better Registration better-bp-registration allows Authentication Bypass.This issue affects BuddyPress Better Registration: from n/a …

Oct 16, 2024
CVE-2024-48042
9.1 CRITICAL

Deserialization of Untrusted Data vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through <= …

Oct 16, 2024
CVE-2023-32191
9.9 CRITICAL

When RKE provisions a cluster, it stores the cluster state in a configmap called `full-cluster-state` inside the `kube-system` namespace of the cluster itself. The information …

Oct 16, 2024
CVE-2024-45216
9.8 CRITICAL

Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication …

Oct 16, 2024
CVE-2016-15042
9.8 CRITICAL

The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to …

Oct 16, 2024
CVE-2021-4449
9.8 CRITICAL

The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, …

Oct 16, 2024
CVE-2021-4443
9.8 CRITICAL

The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. …

Oct 16, 2024
CVE-2020-36837
9.9 CRITICAL

The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 …

Oct 16, 2024
CVE-2020-36832
9.8 CRITICAL

The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. This makes it possible for …

Oct 16, 2024
CVE-2019-25217
9.8 CRITICAL

The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and …

Oct 16, 2024
CVE-2019-25213
9.8 CRITICAL

The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation …

Oct 16, 2024
CVE-2018-25105
9.8 CRITICAL

The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, …

Oct 16, 2024
CVE-2016-15040
9.8 CRITICAL

The Kento Post View Counter plugin for WordPress is vulnerable to SQL Injection via the 'kento_pvc_geo' parameter in versions up to, and including, 2.8 due …

Oct 16, 2024
CVE-2024-10018
9.8 CRITICAL

Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead to the launch of any unexported component.

Oct 16, 2024
CVE-2024-9634
9.8 CRITICAL

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.3 …

Oct 16, 2024
CVE-2024-9105
9.8 CRITICAL

The UltimateAI plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.8.3. This is due to insufficient verification on the …

Oct 16, 2024
CVE-2024-10004
9.1 CRITICAL

Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result …

Oct 15, 2024
CVE-2024-9486
9.8 CRITICAL

A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Virtual machine …

Oct 15, 2024
CVE-2024-48782
9.8 CRITICAL

File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to execute arbitrary code via the application only detecting the extension of image …

Oct 15, 2024
CVE-2024-48781
9.8 CRITICAL

An issue in Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 allows a remote attacker to execute arbitrary code via a specially constructed so file/opt/EdrawProj-2/plugins/imageformat.

Oct 15, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.