Latest critical severity Vulnerabilities

CVE-2024-24882
WordPress LMS by Masteriyo plugin <= 1.7.2 - Privilege Escalation vulnerability
CVE-2024-22157
WordPress SalesKing plugin <= 1.6.15 - Unauthenticated Privilege Escalation vulnerability
CVE-2023-51483
WordPress WP Frontend Profile plugin <= 1.3.1 - Unauthenticated Privilege Escalation vulnerability
CVE-2023-51481
WordPress Local Delivery Drivers for WooCommerce plugin <= 1.9.0 - Unauthenticated Account Takeover vulnerability
CVE-2023-51476
WordPress WP MLM Unilevel plugin <= 4.0 - Unauthenticated Account Takeover vulnerability
CVE-2023-51424
WordPress WebinarIgnition plugin <= 3.05.0 - Unauthenticated Privilege Escalation vulnerability
CVE-2024-33552
WordPress XStore Core plugin <= 5.3.8 - Unauthenticated Account Takeover vulnerability
CVE-2024-33567
WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.5.3 - Unauthenticated Privilege Escalation vulnerability
CVE-2024-33644
WordPress Customify Site Library plugin <= 0.0.9 - Remote Code Execution (RCE) vulnerability
CVE-2023-37999
WordPress HT Mega Absolute Addons for Elementor plugin <= 2.2.0 - Unauthenticated Privilege Escalation vulnerability
CVE-2023-32297
WordPress LWS Affiliation plugin <= 2.2.6 - Local File Inclusion vulnerability
CVE-2023-32244
WordPress Woodmart Core plugin <= 1.0.36 - Privilege Escalation
CVE-2023-26540
WordPress Houzez theme <= 2.7.1 - Privilege Escalation
CVE-2023-26009
WordPress Houzez Login Register plugin <= 2.6.3 - Privilege Escalation
CVE-2023-25701
WordPress WatchTowerHQ plugin <= 3.6.16 - Privilege Escalation
CVE-2023-25444
WordPress JS Help Desk – Best Help Desk & Support Plugin plugin <= 2.7.7 - Arbitrary File Upload vulnerability
CVE-2023-23645
WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 - Subscriber+ Arbitrary PHP Code Injection/Execution Vulnerability
CVE-2024-31351
WordPress Copymatic plugin <= 1.6 - Unauthenticated Arbitrary File Upload vulnerability
CVE-2024-3551
Penci Soledad Data Migrator <= 1.3.0 - Unauthenticated Local File Inclusion
GHSA-3783-62vc-jr7x
## ID: NFLX-2024-002 ### Impact Authenticated users can achieve limited RCE in ConsoleMe, restricted to flag inputs on a single CLI command. Due to this constraint, it is not currently known whether ...
pip/consoleme<1.4.0
CVE-2024-22476
Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.
CVE-2024-5023
Arbitrary File Read Vulnerability in ConsoleMe via Limited Git command RCE
pip/consoleme<1.4.0
CVE-2024-35187
Stalwart Mail Server has privilege escalation by design
CVE-2024-4826
SQL injection vulnerability in Simple PHP Shopping Cart
CVE-2024-4992
SQL injection vulnerability in SiAdmin
CVE-2024-4991
SQL injection vulnerability in SiAdmin
CVE-2024-30314
Git local configuration leading to Arbitrary Code Execution upon opening .ste file
CVE-2024-2361
Arbitrary Upload & Read via Path Traversal in parisneo/lollms-webui
CVE-2024-2366
Remote Code Execution in parisneo/lollms-webui
CVE-2024-4078
Arbitrary Code Execution in parisneo/lollms
CVE-2024-4326
Remote Code Execution via `/apply_settings` and `/execute_code` in parisneo/lollms-webui
CVE-2024-2358
Path Traversal leading to Remote Code Execution in parisneo/lollms-webui
CVE-2024-4223
Tutor LMS <= 2.7.0 - Missing Authorization
GHSA-qm5c-m76r-2hfr
Applications using the "cookie" session driver that were also exposing an encryption oracle via their application were vulnerable to remote code execution. An encryption oracle is a mechanism where ar...
composer/laravel/framework>=7.0.0<7.22.4
composer/laravel/framework>=4.1.0<6.18.31
CVE-2024-32047
CyberPower PowerPanel business Active Debug Code
CVE-2024-32053
CyberPower PowerPanel business Use of Hard-coded Credentials
CVE-2024-33625
CyberPower PowerPanel business Use of Hard-coded Password
CVE-2024-34025
CyberPower PowerPanel business Use of Hard-coded Password
GHSA-wxxw-5gq6-j2g5
contao/core versions 2.x prior to 2.11.17 and 3.x prior to 3.2.9 are vulnerable to arbitrary code execution on the server due to insufficient input validation. In fact, attackers can remove or change ...
composer/contao/core>=3.0.0<3.2.9
composer/contao/core>=2.0.0<2.11.17
GHSA-27qr-636m-wxg2
CodeIgniter 3.1.0 addressed a critical security issue within the ODBC database driver. This update includes crucial fixes to mitigate a SQL injection vulnerability, preventing potential exploitation b...
composer/codeigniter/framework<3.1.0
GHSA-42q7-95j7-w62m
### Impact This is a cross-site scripting vulnerability which affects every version of Mautic and could allow an attacker unauthorised administrator level access to Mautic. This vulnerability was rep...
composer/mautic/core>=3.0.0<3.2.4
composer/mautic/core<2.16.5
GHSA-x3wm-hffr-chwm
### Impact SQL injection is possible when using the non-default connection property `preferQueryMode=simple` in combination with application code which has a vulnerable SQL that negates a parameter v...
maven/com.amazon.redshift:redshift-jdbc42<2.1.0.28
CVE-2024-3319
Security implication in SailPoint Identity Security Cloud IdentityProfile API Endpoints
CVE-2024-4893
DigiWin EasyFlow .NET - SQL Injection
CVE-2024-32888
Amazon JDBC Driver for Redshift SQL Injection via line comment generation
maven/com.amazon.redshift:redshift-jdbc42<2.1.0.28
CVE-2024-31473
There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI...
CVE-2024-31472
There are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI ...
CVE-2024-31471
There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to th...
GHSA-vqc4-mpj8-jxch
Today we are releasing Grafana 9.2.4. Alongside other bug fixes, this patch release includes critical security fixes for CVE-2022-39328. Release 9.2.4, latest patch, also containing security fix: - ...
go/github.com/grafana/grafana>=9.2.0<9.2.4
CVE-2024-31470
There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted pac...

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203