Lucene search

K

* Security Vulnerabilities

cve
cve

CVE-2024-35735

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through...

9.8CVSS

5.4AI Score

0.001EPSS

2024-06-10 08:15 AM
22
cve
cve

CVE-2024-4328

A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick...

8.1CVSS

4.1AI Score

0.0005EPSS

2024-06-10 08:15 AM
22
cve
cve

CVE-2024-4744

Missing Authorization vulnerability in Avirtum iPages Flipbook.This issue affects iPages Flipbook: from n/a through...

7.3CVSS

5.3AI Score

0.0005EPSS

2024-06-10 08:15 AM
24
cve
cve

CVE-2024-35742

Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

7.3CVSS

5.5AI Score

0.0005EPSS

2024-06-10 08:15 AM
21
cve
cve

CVE-2024-35741

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through...

8.8CVSS

4.7AI Score

0.001EPSS

2024-06-10 08:15 AM
23
cve
cve

CVE-2024-35727

Missing Authorization vulnerability in actpro Extra Product Options for WooCommerce.This issue affects Extra Product Options for WooCommerce: from n/a through...

8.8CVSS

4.8AI Score

0.001EPSS

2024-06-10 08:15 AM
20
cve
cve

CVE-2024-35725

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through...

8.8CVSS

4.7AI Score

0.001EPSS

2024-06-10 08:15 AM
21
cve
cve

CVE-2024-35726

Missing Authorization vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through...

8.8CVSS

4.7AI Score

0.001EPSS

2024-06-10 08:15 AM
22
cve
cve

CVE-2024-35729

Missing Authorization vulnerability in Tickera.This issue affects Tickera: from n/a through...

8.8CVSS

5.4AI Score

0.001EPSS

2024-06-10 08:15 AM
22
cve
cve

CVE-2024-35722

Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through...

8.8CVSS

4.7AI Score

0.001EPSS

2024-06-10 08:15 AM
25
cve
cve

CVE-2024-35721

Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through...

8.8CVSS

4.7AI Score

0.001EPSS

2024-06-10 08:15 AM
25
cve
cve

CVE-2024-35724

Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through...

8.8CVSS

4.7AI Score

0.001EPSS

2024-06-10 08:15 AM
22
cve
cve

CVE-2024-35723

Missing Authorization vulnerability in Andrew Rapps Dashboard To-Do List.This issue affects Dashboard To-Do List: from n/a through...

8.8CVSS

4.7AI Score

0.001EPSS

2024-06-10 08:15 AM
22
cve
cve

CVE-2024-23524

Missing Authorization vulnerability in ONTRAPORT Inc. PilotPress.This issue affects PilotPress: from n/a through...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-06-10 08:15 AM
33
cve
cve

CVE-2024-22296

Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through...

4.3CVSS

4.9AI Score

0.0004EPSS

2024-06-10 08:15 AM
31
cve
cve

CVE-2024-35717

Missing Authorization vulnerability in A WP Life Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow.This issue affects Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-10 08:15 AM
24
cve
cve

CVE-2024-22298

Missing Authorization vulnerability in TMS Amelia ameliabooking.This issue affects Amelia: from n/a through...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-06-10 08:15 AM
42
cve
cve

CVE-2024-35720

Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-10 08:15 AM
23
cve
cve

CVE-2024-21751

Missing Authorization vulnerability in RabbitLoader.This issue affects RabbitLoader: from n/a through...

5.4CVSS

5.6AI Score

0.0004EPSS

2024-06-10 08:15 AM
28
cve
cve

CVE-2024-37880

The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because poly_frommsg in poly.c does not prevent Clang from.....

7.5CVSS

6.4AI Score

0.001EPSS

2024-06-10 02:15 AM
5
cve
cve

CVE-2024-5389

In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their organization. This issue arises due to the application not properly validating the ownership of dataset.....

8.1CVSS

9.2AI Score

0.001EPSS

2024-06-09 11:15 PM
24
cve
cve

CVE-2024-37570

On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending flags to the busybox ftpget command. This leads to $() command...

8.8CVSS

6.7AI Score

0.0005EPSS

2024-06-09 08:15 PM
27
cve
cve

CVE-2024-4577

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

9.8CVSS

9.5AI Score

0.932EPSS

2024-06-09 08:15 PM
97
In Wild
cve
cve

CVE-2024-37569

An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists in the hostname parameter taken in by the provis.html endpoint. The provis.html endpoint performs no sanitization on the hostname parameter (sent by an authenticated....

8.8CVSS

7.8AI Score

0.001EPSS

2024-06-09 08:15 PM
24
cve
cve

CVE-2024-2408

The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 ...

5.9CVSS

6.6AI Score

0.001EPSS

2024-06-09 08:15 PM
23
cve
cve

CVE-2024-35748

Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through...

5.3CVSS

5.3AI Score

0.0005EPSS

2024-06-09 07:15 PM
25
cve
cve

CVE-2024-37568

lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. (This is similar to CVE-2022-29217 and...

7.5CVSS

7.4AI Score

0.001EPSS

2024-06-09 07:15 PM
28
cve
cve

CVE-2024-5585

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command....

8.8CVSS

9.1AI Score

0.001EPSS

2024-06-09 07:15 PM
74
cve
cve

CVE-2024-5458

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs)....

5.3CVSS

7.4AI Score

0.001EPSS

2024-06-09 07:15 PM
53
cve
cve

CVE-2024-32081

Missing Authorization vulnerability in Websupporter Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through...

8.8CVSS

4.7AI Score

0.001EPSS

2024-06-09 07:15 PM
41
cve
cve

CVE-2024-35662

Missing Authorization vulnerability in Andreas Sofantzis Simple COD Fees for WooCommerce.This issue affects Simple COD Fees for WooCommerce: from n/a through...

8.8CVSS

5.6AI Score

0.001EPSS

2024-06-09 07:15 PM
21
cve
cve

CVE-2024-35661

Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.This issue affects Upload Fields for WPForms: from n/a through...

9.8CVSS

5.4AI Score

0.001EPSS

2024-06-09 07:15 PM
23
cve
cve

CVE-2024-34802

Missing Authorization vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through...

9.8CVSS

5.4AI Score

0.001EPSS

2024-06-09 07:15 PM
28
cve
cve

CVE-2024-31304

Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through...

8.8CVSS

6.9AI Score

0.001EPSS

2024-06-09 07:15 PM
34
cve
cve

CVE-2024-31276

Missing Authorization vulnerability in WPFactory Products, Order & Customers Export for WooCommerce.This issue affects Products, Order & Customers Export for WooCommerce: from n/a through...

9.8CVSS

5.4AI Score

0.001EPSS

2024-06-09 07:15 PM
23
cve
cve

CVE-2024-31283

Missing Authorization vulnerability in zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through...

9.8CVSS

7.6AI Score

0.001EPSS

2024-06-09 07:15 PM
30
cve
cve

CVE-2024-31275

Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through...

9.8CVSS

8.3AI Score

0.001EPSS

2024-06-09 07:15 PM
34
cve
cve

CVE-2024-31284

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through...

9.8CVSS

6.5AI Score

0.001EPSS

2024-06-09 07:15 PM
26
cve
cve

CVE-2024-32704

Missing Authorization vulnerability in reputeinfosystems ARForms.This issue affects ARForms: from n/a through...

7.1CVSS

6.9AI Score

0.0004EPSS

2024-06-09 06:15 PM
30
cve
cve

CVE-2024-32705

Missing Authorization vulnerability in reputeinfosystems ARForms.This issue affects ARForms: from n/a through...

8.8CVSS

6.9AI Score

0.001EPSS

2024-06-09 06:15 PM
33
cve
cve

CVE-2024-32713

Missing Authorization vulnerability in AutoWriter AI Post Generator | AutoWriter.This issue affects AI Post Generator | AutoWriter: from n/a through...

8.8CVSS

5.5AI Score

0.001EPSS

2024-06-09 06:15 PM
23
cve
cve

CVE-2024-32703

Missing Authorization vulnerability in reputeinfosystems ARForms.This issue affects ARForms: from n/a through...

7.7CVSS

7.6AI Score

0.0004EPSS

2024-06-09 06:15 PM
29
cve
cve

CVE-2024-31359

Missing Authorization vulnerability in Premmerce Premmerce Product Filter for WooCommerce.This issue affects Premmerce Product Filter for WooCommerce: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-09 06:15 PM
33
cve
cve

CVE-2024-32701

Missing Authorization vulnerability in InstaWP Team InstaWP Connect.This issue affects InstaWP Connect: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-09 06:15 PM
27
cve
cve

CVE-2024-31423

Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH).This issue affects WP Accessibility Helper (WAH): from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-09 06:15 PM
31
cve
cve

CVE-2024-31307

Missing Authorization vulnerability in appscreo Easy Social Share Buttons.This issue affects Easy Social Share Buttons: from n/a through...

6.3CVSS

6.3AI Score

0.0004EPSS

2024-06-09 06:15 PM
30
cve
cve

CVE-2024-31347

Missing Authorization vulnerability in Data443 Tracking Code Manager.This issue affects Tracking Code Manager: from n/a through...

4.3CVSS

4.8AI Score

0.0004EPSS

2024-06-09 06:15 PM
21
cve
cve

CVE-2024-31350

Missing Authorization vulnerability in AWP Classifieds Team AWP Classifieds.This issue affects AWP Classifieds: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-09 06:15 PM
26
cve
cve

CVE-2024-32714

Missing Authorization vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-09 05:15 PM
30
cve
cve

CVE-2024-32715

Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through...

6.6AI Score

0.0004EPSS

2024-06-09 05:15 PM
24
Total number of security vulnerabilities236850