CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2024-32081 Missing Authorization vulnerability in Websupporter Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05. | 4.3 | MEDIUM | β | 0 |
| CVE-2024-34802 Missing Authorization vulnerability in AdFoxly AdFoxly β Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly β Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5. | 5.3 | MEDIUM | β | 0 |
| CVE-2024-35661 Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.This issue affects Upload Fields for WPForms: from n/a through 1.0.2. | 5.3 | MEDIUM | β | 0 |
| CVE-2024-35662 Missing Authorization vulnerability in Andreas Sofantzis Simple COD Fees for WooCommerce.This issue affects Simple COD Fees for WooCommerce: from n/a through 2.0.2. | 5.4 | MEDIUM | β | 0 |
| CVE-2024-35748 Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through 5.0.4. | 5.3 | MEDIUM | β | 0 |
| CVE-2024-5585 In PHP versionsΒ 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix forΒ CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue:Β when using proc_open... | 7.7 | HIGH | β | 0 |
| CVE-2024-37569 An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The... | 8.8 | HIGH | β | 0 |
| CVE-2024-37570 On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending flags... | 8.8 | HIGH | β | 0 |
| CVE-2024-5389 In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organi... | 8.1 | HIGH | β | 0 |
| CVE-2022-35829 Service Fabric Explorer Spoofing Vulnerability | 6.2 | MEDIUM | β | 0 |
| CVE-2024-37880 The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM ... | 7.5 | HIGH | β | 0 |
| CVE-2024-21751 Missing Authorization vulnerability in RabbitLoader.This issue affects RabbitLoader: from n/a through 2.19.13. | 5.4 | MEDIUM | β | 0 |
| CVE-2024-22296 Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.28. | 4.3 | MEDIUM | β | 0 |
| CVE-2024-23524 Missing Authorization vulnerability in ONTRAPORT Inc. PilotPress.This issue affects PilotPress: from n/a through 2.0.30. | 5.3 | MEDIUM | β | 0 |
| CVE-2024-35717 Missing Authorization vulnerability in A WP Life Media Slider β Photo Sleder, Video Slider, Link Slider, Carousal Slideshow.This issue affects Media Slider β Photo Sleder, Video Slider, Link Slider, C... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-35720 Missing Authorization vulnerability in A WP Life Album Gallery β WordPress Gallery.This issue affects Album Gallery β WordPress Gallery: from n/a through 1.5.7. | 4.3 | MEDIUM | β | 0 |
| CVE-2024-35721 Missing Authorization vulnerability in A WP Life Image Gallery β Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery β Lightbox Gallery, Responsive Photo Galle... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-35722 Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow β Image slider, Gallery slideshow.This issue affects Slider Responsive Slideshow β Image slider, Gallery slideshow: from n/... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-35724 Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through 1.0.12. | 4.3 | MEDIUM | β | 0 |
| CVE-2024-35725 Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.6. | 4.3 | MEDIUM | β | 0 |
| CVE-2024-35726 Missing Authorization vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through 3.4.19. | 4.3 | MEDIUM | β | 0 |
| CVE-2024-35727 Missing Authorization vulnerability in actpro Extra Product Options for WooCommerce.This issue affects Extra Product Options for WooCommerce: from n/a through 3.0.6. | 4.3 | MEDIUM | β | 0 |
| CVE-2024-35735 Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.11. | 5.3 | MEDIUM | β | 0 |
| CVE-2024-35741 Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7. | 4.3 | MEDIUM | β | 0 |
| CVE-2024-35742 Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0. | 5.3 | MEDIUM | β | 0 |
| CVE-2024-4328 A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear... | 8.1 | HIGH | β | 0 |
| CVE-2024-4744 Missing Authorization vulnerability in Avirtum iPages Flipbook.This issue affects iPages Flipbook: from n/a through 1.5.1. | 5.3 | MEDIUM | β | 0 |
| CVE-2024-4745 Missing Authorization vulnerability in RafflePress Giveaways and Contests by RafflePress.This issue affects Giveaways and Contests by RafflePress: from n/a through 1.12.4. | 4.3 | MEDIUM | β | 0 |
| CVE-2024-28833 Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms. | 5.9 | MEDIUM | β | 0 |
| CVE-2024-5785 Command injection vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. This vulnerability could allow an authenticated user to execute commands inside the router by... | 8.0 | HIGH | β | 0 |
| CVE-2024-5786 Cross-Site Request Forgery vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. This vulnerability allows an attacker to force an end user to execute unwanted actio... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-45176 An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting (XSS) can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application (thro... | 5.4 | MEDIUM | β | 0 |
| CVE-2024-26507 An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, AIDA64 Network Audit v.7.00.6700 and before allows a local attacker to escalate privileges via the DeviceIoControl call associate... | 7.8 | HIGH | β | 0 |
| CVE-2024-34332 An issue in SiSoftware SANDRA v31.66 (SANDRA.sys 15.18.1.1) and before allows an attacker to escalate privileges via a crafted buffer sent to the Kernel Driver using the DeviceIoControl Windows API. | 7.8 | HIGH | β | 0 |
| CVE-2024-34761 Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code ('Code Injection') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injectio... | 8.5 | HIGH | β | 0 |
| CVE-2024-34762 Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPENGINE INC Advanced Custom Fields PRO... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-35474 A Directory Traversal vulnerability in iceice666 ResourcePack Server before v1.0.8 allows a remote attacker to disclose files on the server, via setPath in ResourcePackFileServer.kt. | 6.5 | MEDIUM | β | 0 |
| CVE-2024-35658 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.Thi... | 8.6 | HIGH | β | 0 |
| CVE-2024-35677 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.This issue affects MegaMenu: from n/a through 2.... | 9.0 | CRITICAL | β | 0 |
| CVE-2024-35712 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-59589 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This issue affects Soledad: from n/a through <= 8... | N/A | NONE | β | 0 |
| CVE-2024-37051 GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion ... | 9.3 | CRITICAL | β | 0 |
| CVE-2024-35728 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for Woo... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-35743 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Siteclean SC filechecker allows Path Traversal, File Manipulation.This issue affects SC filechecker: fro... | 8.6 | HIGH | β | 0 |
| CVE-2024-35744 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ravidhu Dissanayake Upunzipper allows Path Traversal, File Manipulation.This issue affects Upunzipper: f... | 8.6 | HIGH | β | 0 |
| CVE-2024-35745 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Gabriel Somoza / Joseph Fitzgibbons Strategery Migrations allows Path Traversal, File Manipulation.This ... | 7.5 | HIGH | β | 0 |
| CVE-2024-35746 Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through 2.1.4.2. | 10.0 | CRITICAL | β | 0 |
| CVE-2024-35747 Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Wi... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-35749 Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode from Acurax allows Authentication Bypass.This issue affects Under Construction / Maintenance Mode from A... | 3.7 | LOW | β | 0 |
| CVE-2024-36077 Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, ... | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.