Total 18196 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-50420 1 Adirectory 1 Adirectory 2024-10-29 10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in adirectory aDirectory allows Upload a Web Shell to a Web Server.This issue affects aDirectory: from n/a through 1.3.
CVE-2024-50490 1 Szabolcs Szecsenyi 1 Pegapoll 2024-10-29 9.8 Critical
Missing Authorization vulnerability in Szabolcs Szecsenyi PegaPoll allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PegaPoll: from n/a through 1.0.2.
CVE-2024-50485 1 Udit Rawat 1 Exam Matrix 2024-10-29 9.8 Critical
: Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through 1.5.
CVE-2024-50480 1 Azexo 1 Marketing Automation By Azexo 2024-10-29 9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in azexo Marketing Automation by AZEXO allows Upload a Web Shell to a Web Server.This issue affects Marketing Automation by AZEXO: from n/a through 1.27.80.
CVE-2024-50427 1 Devsoft Baltic 1 Surveyjs 2024-10-29 9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Devsoft Baltic OÜ SurveyJS: Drag & Drop WordPress Form Builder.This issue affects SurveyJS: Drag & Drop WordPress Form Builder: from n/a through 1.9.136.
CVE-2024-48509 2 Learning With Texts, Learning With Texts Project 2 Learning With Texts, Learning With Texts 2024-10-29 9.8 Critical
Learning with Texts (LWT) 2.0.3 is vulnerable to SQL Injection. This occurs when the application fails to properly sanitize user inputs, allowing attackers to manipulate SQL queries by injecting malicious SQL statements into URL parameters. By exploiting this vulnerability, an attacker could gain unauthorized access to the database, retrieve sensitive information, modify or delete data, and execute arbitrary commands.
CVE-2024-48145 1 Netangular 1 Chatnet Ai 2024-10-28 9.1 Critical
A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.
CVE-2024-48144 1 Fusionchat 1 Chat Ai Assistant 2024-10-28 9.1 Critical
A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.
CVE-2024-9501 2024-10-28 9.8 Critical
The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.0.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
CVE-2024-47821 1 Pyload 1 Pyload 2024-10-28 9.1 Critical
pyLoad is a free and open-source Download Manager. The folder `/.pyload/scripts` has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved in versions prior to 0.5.0b3.dev87. A file can be downloaded to such a folder by changing the download folder to a folder in `/scripts` path and using the `/flashgot` API to download the file. This vulnerability allows an attacker with access to change the settings on a pyload server to execute arbitrary code and completely compromise the system. Version 0.5.0b3.dev87 fixes this issue.
CVE-2024-9931 1 Jurre De Klijn 1 Wux Blog Editor 2024-10-28 9.8 Critical
The Wux Blog Editor plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.0. This is due to missing validation on the token being supplied during the autologin through the plugin. This makes it possible for unauthenticated attackers to log in to the first administrator user.
CVE-2024-9933 1 Watchtowerhq 1 Watchtower 2024-10-28 9.8 Critical
The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.6. This is due to the 'watchtower_ota_token' default value is empty, and the not empty check is missing in the 'Password_Less_Access::login' function. This makes it possible for unauthenticated attackers to log in to the WatchTowerHQ client administrator user.
CVE-2024-9932 1 Jurre De Klijn 1 Wux Blog Editor 2024-10-28 9.8 Critical
The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbt_insertImageNew' function in versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVE-2024-9930 1 Hocwp 1 Extensions 2024-10-28 9.8 Critical
The Extensions by HocWP Team plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2.3.2. This is due to missing validation on the user being supplied in the 'verify_email' action. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator. The vulnerability is in the Account extension.
CVE-2022-30355 1 Ovaledge 1 Ovaledge 2024-10-28 9.8 Critical
OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required.
CVE-2024-48581 1 Php 1 Best Courier Management System 2024-10-28 9.8 Critical
File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the admin_class.php component.
CVE-2024-48579 1 Php 1 Best House Rental Management System 2024-10-28 9.8 Critical
SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a remote attacker to execute arbitrary code via the username parameter of the login request.
CVE-2024-48204 1 Hanzhou Haboo 1 Network Management System 2024-10-28 9.8 Critical
SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote attacker to execute arbitrary code via a crafted script.
CVE-2024-48580 1 Php 1 Best Courier Management System 2024-10-28 9.8 Critical
SQL Injection vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the email parameter of the login request.
CVE-2024-20329 1 Cisco 1 Adaptive Security Appliance Software 2024-10-26 9.9 Critical
A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by submitting crafted input when executing remote CLI commands over SSH. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. An attacker with limited user privileges could use this vulnerability to gain complete control over the system.