Total
18194 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-48218 | 1 Funadmin | 1 Funadmin | 2024-10-31 | 9.8 Critical |
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list. | ||||
CVE-2024-7774 | 2 Langchain, Langchain-ai | 2 Langchain, Langchain-ai\/langchainjs | 2024-10-31 | 9.1 Critical |
A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is exploited through the `setFileContent`, `getParsedFile`, and `mdelete` methods, which do not properly sanitize user input. | ||||
CVE-2024-48226 | 1 Funadmin | 1 Funadmin | 2024-10-31 | 9.8 Critical |
Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield. | ||||
CVE-2024-48225 | 1 Funadmin | 1 Funadmin | 2024-10-31 | 9.1 Critical |
Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile. | ||||
CVE-2024-50483 | 2 Meetup, Tareqhasan | 2 Meetup, Meetup | 2024-10-31 | 9.8 Critical |
Authorization Bypass Through User-Controlled Key vulnerability in Meetup allows Privilege Escalation.This issue affects Meetup: from n/a through 0.1. | ||||
CVE-2024-50479 | 1 Mansurahamed | 1 Woocommerce Quote Calculator | 2024-10-31 | 9.3 Critical |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mansur Ahamed Woocommerce Quote Calculator allows Blind SQL Injection.This issue affects Woocommerce Quote Calculator: from n/a through 1.1. | ||||
CVE-2024-50478 | 2 Swoop, Swoopnow | 2 1-click Login\, 1-click Login\ | 2024-10-31 | 9.8 Critical |
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication: 1.4.5. | ||||
CVE-2024-50498 | 1 Lubus | 2 Wp Querey Table, Wp Query Console | 2024-10-31 | 10 Critical |
Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console: from n/a through 1.0. | ||||
CVE-2024-10440 | 2 Sun.net, Sunnet | 2 Ehdr Ctms, Ehrd Ctms | 2024-10-31 | 9.8 Critical |
The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents. | ||||
CVE-2024-50477 | 2 Stacks, Stacksmarket | 2 Stacks Mobile App Builder, Stacks Mobile App Builder | 2024-10-31 | 9.8 Critical |
Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3. | ||||
CVE-2024-50487 | 1 Maantheme | 1 Maanstore Api | 2024-10-31 | 9.8 Critical |
Authentication Bypass Using an Alternate Path or Channel vulnerability in MaanTheme MaanStore API allows Authentication Bypass.This issue affects MaanStore API: from n/a through 1.0.1. | ||||
CVE-2024-50489 | 2 Realty Workstation, Realtyworkstation | 2 Realty Workstation, Realty Workstation | 2024-10-31 | 9.8 Critical |
Authentication Bypass Using an Alternate Path or Channel vulnerability in Realty Workstation allows Authentication Bypass.This issue affects Realty Workstation: from n/a through 1.0.45. | ||||
CVE-2024-39205 | 1 Pyload-ng Project | 1 Pyload-ng | 2024-10-30 | 9.8 Critical |
An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request. | ||||
CVE-2016-15042 | 1 Najeebmedia | 3 Frontend File Manager, N-media Post Front-end Form, Post Front-end Form | 2024-10-30 | 9.8 Critical |
The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | ||||
CVE-2024-46538 | 2 Netgate, Pfsense | 2 Pfsense, Pfsense | 2024-10-30 | 9.3 Critical |
A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php. | ||||
CVE-2024-48465 | 1 Mrbs | 1 Mrbs | 2024-10-30 | 9.8 Critical |
The MRBS version 1.5.0 has an SQL injection vulnerability in the edit_entry_handler.php file, specifically in the rooms%5B%5D parameter | ||||
CVE-2018-25105 | 2 Filemanagerpro, Mndpsingh287 | 2 File Manager, File Manager | 2024-10-30 | 9.8 Critical |
The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary files that can be used for remote code execution. | ||||
CVE-2019-25213 | 2 Advanced Access Manager Project, Vasyltech | 2 Advanced Access Manager, Advanced Access Manager | 2024-10-30 | 9.8 Critical |
The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive files such as wp-config.php | ||||
CVE-2021-4449 | 2 Digitalzoomstudio, Zoomit | 2 Zoomsounds, Zoomsounds | 2024-10-30 | 9.8 Critical |
The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
CVE-2024-48357 | 1 Lylme | 1 Lylme Spage | 2024-10-30 | 9.8 Critical |
LyLme Spage 1.2.0 through 1.6.0 is vulnerable to SQL Injection via /admin/apply.php. |