Total 18194 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-48218 1 Funadmin 1 Funadmin 2024-10-31 9.8 Critical
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.
CVE-2024-7774 2 Langchain, Langchain-ai 2 Langchain, Langchain-ai\/langchainjs 2024-10-31 9.1 Critical
A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is exploited through the `setFileContent`, `getParsedFile`, and `mdelete` methods, which do not properly sanitize user input.
CVE-2024-48226 1 Funadmin 1 Funadmin 2024-10-31 9.8 Critical
Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield.
CVE-2024-48225 1 Funadmin 1 Funadmin 2024-10-31 9.1 Critical
Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile.
CVE-2024-50483 2 Meetup, Tareqhasan 2 Meetup, Meetup 2024-10-31 9.8 Critical
Authorization Bypass Through User-Controlled Key vulnerability in Meetup allows Privilege Escalation.This issue affects Meetup: from n/a through 0.1.
CVE-2024-50479 1 Mansurahamed 1 Woocommerce Quote Calculator 2024-10-31 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mansur Ahamed Woocommerce Quote Calculator allows Blind SQL Injection.This issue affects Woocommerce Quote Calculator: from n/a through 1.1.
CVE-2024-50478 2 Swoop, Swoopnow 2 1-click Login\, 1-click Login\ 2024-10-31 9.8 Critical
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5.
CVE-2024-50498 1 Lubus 2 Wp Querey Table, Wp Query Console 2024-10-31 10 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console: from n/a through 1.0.
CVE-2024-10440 2 Sun.net, Sunnet 2 Ehdr Ctms, Ehrd Ctms 2024-10-31 9.8 Critical
The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents.
CVE-2024-50477 2 Stacks, Stacksmarket 2 Stacks Mobile App Builder, Stacks Mobile App Builder 2024-10-31 9.8 Critical
Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3.
CVE-2024-50487 1 Maantheme 1 Maanstore Api 2024-10-31 9.8 Critical
Authentication Bypass Using an Alternate Path or Channel vulnerability in MaanTheme MaanStore API allows Authentication Bypass.This issue affects MaanStore API: from n/a through 1.0.1.
CVE-2024-50489 2 Realty Workstation, Realtyworkstation 2 Realty Workstation, Realty Workstation 2024-10-31 9.8 Critical
Authentication Bypass Using an Alternate Path or Channel vulnerability in Realty Workstation allows Authentication Bypass.This issue affects Realty Workstation: from n/a through 1.0.45.
CVE-2024-39205 1 Pyload-ng Project 1 Pyload-ng 2024-10-30 9.8 Critical
An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request.
CVE-2016-15042 1 Najeebmedia 3 Frontend File Manager, N-media Post Front-end Form, Post Front-end Form 2024-10-30 9.8 Critical
The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
CVE-2024-46538 2 Netgate, Pfsense 2 Pfsense, Pfsense 2024-10-30 9.3 Critical
A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php.
CVE-2024-48465 1 Mrbs 1 Mrbs 2024-10-30 9.8 Critical
The MRBS version 1.5.0 has an SQL injection vulnerability in the edit_entry_handler.php file, specifically in the rooms%5B%5D parameter
CVE-2018-25105 2 Filemanagerpro, Mndpsingh287 2 File Manager, File Manager 2024-10-30 9.8 Critical
The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary files that can be used for remote code execution.
CVE-2019-25213 2 Advanced Access Manager Project, Vasyltech 2 Advanced Access Manager, Advanced Access Manager 2024-10-30 9.8 Critical
The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive files such as wp-config.php
CVE-2021-4449 2 Digitalzoomstudio, Zoomit 2 Zoomsounds, Zoomsounds 2024-10-30 9.8 Critical
The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVE-2024-48357 1 Lylme 1 Lylme Spage 2024-10-30 9.8 Critical
LyLme Spage 1.2.0 through 1.6.0 is vulnerable to SQL Injection via /admin/apply.php.