CVEs from 2024
Total
9,633
critical
critical 114
high
high 1,043
medium
medium 1,991
low
low 40
% Critical
1.2%
% with KEV
1.7%
% with exploit
1.7%
Top vendors
Top products
- checkmk 10
- office 8
- profilegrid 8
- office_long_term_servicing_channel 6
- glibc 5
- virtual_traffic_manager 5
- element_pack 5
- propertyhive 5
Top packages
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2024-53822 | critical | 10.0 | 10.0 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3. | |
| CVE-2024-49314 | critical | 10.0 | 10.0 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in jiangqie JiangQie Free Mini Program jiangqie-free-mini-program allows Upload a Web Shell to a Web Server.This issue affects JiangQie F… | |
| CVE-2024-49291 | critical | 10.0 | 10.0 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0. | |
| CVE-2024-49242 | critical | 10.0 | 10.0 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery digital-lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through … | |
| CVE-2024-49216 | critical | 10.0 | 10.0 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in jclay06 Feed Comments Number feed-comments-number allows Upload a Web Shell to a Web Server.This issue affects Feed Comments Number: f… | |
| CVE-2024-43242 | critical | 10.0 | 10.0 | 2y ago | Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro.This issue affects Ultimate Membership Pro: from n/a through <= 12.7. | |
| CVE-2024-7593 | critical | 9.8 | 10.0 | 2y ago | Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account. | |
| CVE-2024-34555 | critical | 10.0 | 10.0 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in URBAN BASE Z-Downloads.This issue affects Z-Downloads: from n/a through 1.11.3. | |
| CVE-2024-31377 | critical | 10.0 | 10.0 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.7.01.001. | |
| CVE-2024-33566 | critical | 10.0 | 10.0 | 2y ago | Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4. | |
| CVE-2024-31115 | critical | 10.0 | 10.0 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress.This issue affects Chauffeur Taxi Booking System for WordPress: from n/a thro… | |
| CVE-2024-30498 | critical | 10.0 | 10.0 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks CRM Perks Forms.This issue affects CRM Perks Forms: from n/a through 1.1.4. | |
| CVE-2024-30225 | critical | 10.0 | 10.0 | 2y ago | Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10. | |
| CVE-2024-49671 | critical | 9.9 | 9.9 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Dogu Pekgoz AI Image Generator for Your Content & Featured Images – AI Postpix ai-postpix allows Upload a Web Shell to a Web Server.Th… | |
| CVE-2024-37418 | critical | 9.9 | 9.9 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.4.6. | |
| CVE-2024-34411 | critical | 9.9 | 9.9 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Thomas Scholl canvasio3D Light.This issue affects canvasio3D Light: from n/a through 2.5.0. | |
| CVE-2024-32514 | critical | 9.9 | 9.9 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.4. | |
| CVE-2024-31286 | critical | 9.9 | 9.9 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a before 8.6.03.005. | |
| CVE-2024-24707 | critical | 9.9 | 9.9 | 2y ago | Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL. Cwicly allows Code Injection.This issue affects Cwicly: from n/a through 1.4.0.2. | |
| CVE-2024-31390 | critical | 9.9 | 9.9 | 2y ago | : Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance allows : Code Injection.This issue affects Breakdance: from n/a through 1.7.2. | |
| CVE-2024-27972 | critical | 9.9 | 9.9 | 2y ago | Improper Control of Generation of Code ('Code Injection') vulnerability in Jack Arturo WP Fusion Lite wp-fusion-lite.This issue affects WP Fusion Lite: from n/a through <= 3.41.24. | |
| CVE-2024-30228 | critical | 9.9 | 9.9 | 2y ago | Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue affects Hercules Core : from n/a through 6.4. | |
| CVE-2024-1708 | high | 8.4 | 9.9 | 2y ago | ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems. | |
| CVE-2024-51800 | critical | 9.8 | 9.8 | 1y ago | Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2.4.1. | |
| CVE-2024-56000 | critical | 9.8 | 9.8 | 1y ago | Incorrect Privilege Assignment vulnerability in SeventhQueen K Elements k-elements allows Privilege Escalation.This issue affects K Elements: from n/a through < 5.4.0. | |
| CVE-2024-43234 | critical | 9.8 | 9.8 | 2y ago | Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice woffice allows Authentication Bypass.This issue affects Woffice: from n/a through <= 5.4.14. | |
| CVE-2024-52480 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in Astoundify Jobify jobify.This issue affects Jobify: from n/a through < 4.3.0. | |
| CVE-2024-52431 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressaholic WordPress Video Robot - The Ultimate Video Importer allows SQL Injection.This issue a… | |
| CVE-2024-52412 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in Stephen Cui Xin allows Object Injection.This issue affects Xin: from n/a through 1.0.8.1. | |
| CVE-2024-21541 | critical | 9.8 | 9.8 | 2y ago | dom-iterator code execution vulnerability | |
| CVE-2024-38612 | critical | 9.8 | 9.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL is not defin… | |
| CVE-2024-43956 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in Caseproof, LLC Memberpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Memberpress: from n/a through 1.11.34. | |
| CVE-2024-50478 | critical | 9.8 | 9.8 | 2y ago | Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication:… | |
| CVE-2024-49625 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in sphoid SiteBuilder Dynamic Components sitebuilder-dynamic-components allows Object Injection.This issue affects SiteBuilder Dynamic Components: from… | |
| CVE-2024-49626 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in Piyush Patel Shipyaari Shipping Management shipyaari-shipping-managment allows Object Injection.This issue affects Shipyaari Shipping Management: fr… | |
| CVE-2024-49322 | critical | 9.8 | 9.8 | 2y ago | Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress jemployee allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a throug… | |
| CVE-2024-49217 | critical | 9.8 | 9.8 | 2y ago | Incorrect Privilege Assignment vulnerability in madiriaashish Adding drop down roles in registration user-drop-down-roles-in-registration allows Privilege Escalation.This issue affects Adding drop do… | |
| CVE-2024-49227 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in foter Free Stock Photos Foter free-stock-photos-foter allows Object Injection.This issue affects Free Stock Photos Foter: from n/a through <= 1.5.4. | |
| CVE-2024-49218 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in Al Imran Akash Recently recently-viewed-most-viewed-and-sold-products-for-woocommerce allows Object Injection.This issue affects Recently: from n/a … | |
| CVE-2024-49247 | critical | 9.8 | 9.8 | 2y ago | Authentication Bypass Using an Alternate Path or Channel vulnerability in SK BuddyPress Better Registration better-bp-registration allows Authentication Bypass.This issue affects BuddyPress Better Re… | |
| CVE-2024-45492 | critical | 9.8 | 9.8 | 2y ago | Moderate: expat security update | |
| CVE-2024-45491 | critical | 9.8 | 9.8 | 2y ago | Moderate: expat security update | |
| CVE-2024-43455 | critical | 9.8 | 9.8 | 2y ago | Windows Remote Desktop Licensing Service Spoofing Vulnerability | |
| CVE-2024-28000 | critical | 9.8 | 9.8 | 2y ago | Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 6.3.0.1. | |
| CVE-2024-43354 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.7.2. | |
| CVE-2024-7221 | critical | 9.8 | 9.8 | 2y ago | A vulnerability was determined in SourceCodester/Campcodes School Log Management System 1.0. This affects an unknown part of the file /admin/manage_user.php. This manipulation of the argument ID caus… | |
| CVE-2024-7220 | critical | 9.8 | 9.8 | 2y ago | A vulnerability was found in SourceCodester/Campcodes School Log Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/print_barcode.php. The manipulation of … | |
| CVE-2024-7219 | critical | 9.8 | 9.8 | 2y ago | A vulnerability has been found in SourceCodester/Campcodes School Log Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The m… | |
| CVE-2024-6933 | critical | 9.8 | 9.8 | 2y ago | A flaw has been found in LimeSurvey 6.5.14-240624. Affected by this issue is the function actionUpdateSurveyLocaleSettingsGeneralSettings of the file /index.php?r=admin/database/index/updatesurveyloc… | |
| CVE-2024-37927 | critical | 9.8 | 9.8 | 2y ago | Incorrect Privilege Assignment vulnerability in NooTheme Jobmonster noo-jobmonster allows Privilege Escalation.This issue affects Jobmonster: from n/a through <= 4.7.5. | |
| CVE-2024-24882 | critical | 9.8 | 9.8 | 2y ago | Incorrect Privilege Assignment vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.2. | |
| CVE-2024-33914 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in Exclusive Addons Exclusive Addons Elementor.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.1. | |
| CVE-2024-33553 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.5. | |
| CVE-2024-33551 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore Core allows SQL Injection.This issue affects XStore Core: from n/a through 5.3.5. | |
| CVE-2024-32430 | critical | 9.8 | 9.8 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in ActiveCampaign.This issue affects ActiveCampaign: from n/a through 8.1.14. | |
| CVE-2024-25935 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9. | |
| CVE-2024-25912 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. | |
| CVE-2024-3566 | critical | 9.8 | 9.8 | 2y ago | A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied. | |
| CVE-2024-25096 | critical | 9.8 | 9.8 | 2y ago | Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a through 3.0.7. | |
| CVE-2024-30477 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in Klarna Klarna Payments for WooCommerce.This issue affects Klarna Payments for WooCommerce: from n/a through 3.2.4. | |
| CVE-2024-30508 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through 2.0.9.2. | |
| CVE-2024-30502 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.7.9. | |
| CVE-2024-30510 | critical | 9.8 | 9.8 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 9.5. | |
| CVE-2024-30490 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. | |
| CVE-2024-30224 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2. | |
| CVE-2024-30223 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26. | |
| CVE-2024-27956 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0. | |
| CVE-2024-2702 | critical | 9.8 | 9.8 | 2y ago | Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import allows importing settings and data, ultimately leading to XSS.This issue affects Olive One Click Demo Import: from n/a … | |
| CVE-2024-27957 | critical | 9.8 | 9.8 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.This issue affects Pie Register: from n/a through 3.8.3.1. | |
| CVE-2024-27304 | critical | 9.8 | 9.8 | 2y ago | pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message si… | |
| CVE-2024-25927 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n… | |
| CVE-2024-25910 | critical | 9.8 | 9.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. | |
| CVE-2024-25925 | critical | 9.8 | 9.8 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & D… | |
| CVE-2024-25913 | critical | 9.8 | 9.8 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. | |
| CVE-2024-23512 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks… | |
| CVE-2024-24797 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real Estate Add-On.This issue affects ERE Recently Viewed – Essential Real Estate Add-On: from n/a through 1… | |
| CVE-2024-23513 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.5. | |
| CVE-2024-25100 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program allows Object Injection.This issue affects Coupon Referral Program: from n/a before 1.8.4. | |
| CVE-2024-22309 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0. | |
| CVE-2024-22284 | critical | 9.8 | 9.8 | 2y ago | Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.7.2. | |
| CVE-2024-33913 | critical | 9.6 | 9.6 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary File Upload in Xserver Migrator.This issue affects Xserver Migrator: from n/a through 1.6.1. | |
| CVE-2024-33546 | critical | 9.6 | 9.6 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10. | |
| CVE-2024-30560 | critical | 9.6 | 9.6 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in 大侠WP DX-Watermark.This issue affects DX-Watermark: from n/a through 1.0.4. | |
| CVE-2024-32600 | critical | 9.6 | 9.6 | 2y ago | Deserialization of Untrusted Data vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.5. | |
| CVE-2024-3094 | critical | — | 9.5 | — | Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a… | |
| CVE-2024-12084 | critical | — | 9.5 | — | A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the… | |
| CVE-2024-53197 | high | — | 9.5 | 1y ago | Important: kernel security update | |
| CVE-2024-53104 | high | — | 9.5 | 1y ago | Important: kernel security update | |
| CVE-2024-44309 | high | — | 9.5 | 2y ago | Important: webkit2gtk3 security update | |
| CVE-2024-9680 | high | — | 9.5 | 2y ago | Important: firefox security update | |
| CVE-2024-36971 | high | — | 9.5 | 2y ago | Important: kernel security update | |
| CVE-2024-38475 | high | — | 9.5 | 2y ago | Important: httpd security update | |
| CVE-2024-40624 | critical | — | 9.5 | 2y ago | TorrentPier Deserialization of Untrusted Data vulnerability | |
| CVE-2024-1086 | high | — | 9.5 | 2y ago | Important: kernel security, bug fix, and enhancement update | |
| CVE-2024-2616 | critical | — | 9.5 | 2y ago | Critical: firefox security update | |
| CVE-2024-29944 | critical | — | 9.5 | 2y ago | Critical: firefox security update | |
| CVE-2024-23222 | high | — | 9.5 | 3y ago | Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact … | |
| CVE-2024-46636 | critical | 9.4 | 9.4 | 1mo ago | NASA Earth Observing System Data and Information System (EOSDIS) MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter | |
| CVE-2024-52474 | critical | 9.3 | 9.3 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Сервис “Экспресс Платежи” Express Payments Module express-pay allows Blind SQL Injection.This iss… | |
| CVE-2024-49246 | critical | 9.3 | 9.3 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anand23 Ajax Rating with Custom Login ajax-rating-with-custom-login allows SQL Injection.This iss… |