Total
18204 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49271 | 1 Unlimited-elements | 1 Unlimited Elements For Elementor \(free Widgets\, Addons\, Templates\) | 2024-10-16 | 9.1 Critical |
| : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows : Command Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.121. | ||||
| CVE-2024-48026 | 1 Grayson Robbins | 1 Disc Golf Manager | 2024-10-16 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Grayson Robbins Disc Golf Manager allows Object Injection.This issue affects Disc Golf Manager: from n/a through 1.0.0. | ||||
| CVE-2024-49260 | 1 Limb | 1 Limb Image Gallery | 2024-10-16 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery allows Code Injection.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7. | ||||
| CVE-2024-49242 | 1 Shafiq | 1 Digital Library | 2024-10-16 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through 3.0.5. | ||||
| CVE-2024-49218 | 1 Recently Project | 1 Recently | 2024-10-16 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Al Imran Akash Recently allows Object Injection.This issue affects Recently: from n/a through 1.1. | ||||
| CVE-2024-49216 | 1 Joshua Clayton | 1 Feed Comments Number | 2024-10-16 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Clayton Feed Comments Number allows Upload a Web Shell to a Web Server.This issue affects Feed Comments Number: from n/a through 0.2.1. | ||||
| CVE-2023-32191 | 1 Suse | 1 Rke | 2024-10-16 | 9.9 Critical |
| When RKE provisions a cluster, it stores the cluster state in a configmap called `full-cluster-state` inside the `kube-system` namespace of the cluster itself. The information available in there allows non-admin users to escalate to admin. | ||||
| CVE-2024-9893 | 1 Nextendweb | 1 Nextend Social Login Pro | 2024-10-16 | 9.8 Critical |
| The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token. | ||||
| CVE-2024-47649 | 1 Thatplugin | 1 Iconize | 2024-10-16 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in THATplugin Iconize.This issue affects Iconize: from n/a through 1.2.4. | ||||
| CVE-2024-47849 | 2 Mediawiki, Wikimedia | 2 Cargo, Mediawiki-cargo | 2024-10-16 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1. | ||||
| CVE-2024-47656 | 1 Shilpisoft | 1 Client Dashboard | 2024-10-16 | 9.8 Critical |
| This vulnerability exists in Shilpi Client Dashboard due to missing restrictions for incorrect login attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on password, which could lead to gain unauthorized access to other user accounts. | ||||
| CVE-2024-49388 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-10-16 | 9.1 Critical |
| Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | ||||
| CVE-2024-8630 | 1 Alisonic | 2 Sibylla, Sibylla Firmware | 2024-10-16 | 9.4 Critical |
| Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete access to the database. | ||||
| CVE-2024-27114 | 2 So Planning, Soplanning | 2 Simple Online Planning, Soplanning | 2024-10-16 | 9.8 Critical |
| A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the underlying system. The vulnerability has been remediated in version 1.52.02. | ||||
| CVE-2024-38175 | 1 Microsoft | 1 Azure Managed Instance For Apache Cassandra | 2024-10-16 | 9.6 Critical |
| An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network. | ||||
| CVE-2024-38109 | 1 Microsoft | 1 Azure Health Bot | 2024-10-16 | 9.1 Critical |
| An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network. | ||||
| CVE-2024-38063 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2024-10-16 | 9.8 Critical |
| Windows TCP/IP Remote Code Execution Vulnerability | ||||
| CVE-2024-38199 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2024-10-16 | 9.8 Critical |
| Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability | ||||
| CVE-2024-38160 | 1 Microsoft | 2 Windows 10 1607, Windows Server 2016 | 2024-10-16 | 9.1 Critical |
| Windows Network Virtualization Remote Code Execution Vulnerability | ||||
| CVE-2024-38159 | 1 Microsoft | 2 Windows 10 1607, Windows Server 2016 | 2024-10-16 | 9.1 Critical |
| Windows Network Virtualization Remote Code Execution Vulnerability | ||||