CVEs from 2024
Total
9,633
critical
critical 114
high
high 1,043
medium
medium 1,991
low
low 40
% Critical
1.2%
% with KEV
1.7%
% with exploit
1.7%
Top vendors
Top products
- checkmk 10
- office 8
- profilegrid 8
- office_long_term_servicing_channel 6
- glibc 5
- virtual_traffic_manager 5
- element_pack 5
- propertyhive 5
Top packages
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2024-33544 | critical | 9.3 | 9.3 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10. | |
| CVE-2024-33559 | critical | 9.3 | 9.3 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5. | |
| CVE-2024-32709 | critical | 9.3 | 9.3 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.5. | |
| CVE-2024-32128 | critical | 9.3 | 9.3 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Realtyna Realtyna Organic IDX plugin.This issue affects Realtyna Organic IDX plugin: from n/a thr… | |
| CVE-2024-51092 | critical | 9.1 | 9.1 | 20d ago | LibreNMS has an Authenticated OS Command Injection | |
| CVE-2024-47685 | critical | 9.1 | 9.1 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending ga… | |
| CVE-2024-54285 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in SeedProd LLC SeedProd Pro allows Upload a Web Shell to a Web Server.This issue affects SeedProd Pro: from n/a through 6.18.10. | |
| CVE-2024-5535 | critical | 9.1 | 9.1 | 2y ago | Low: openssl security update | |
| CVE-2024-37371 | critical | 9.1 | 9.1 | 2y ago | Important: mysql security update | |
| CVE-2024-35845 | critical | 9.1 | 9.1 | 2y ago | Important: kernel security and bug fix update | |
| CVE-2024-35960 | critical | 9.1 | 9.1 | 2y ago | Important: kernel security and bug fix update | |
| CVE-2024-34416 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Pk Favicon Manager.This issue affects Pk Favicon Manager: from n/a through 2.1. | |
| CVE-2024-27053 | critical | 9.1 | 9.1 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix RCU usage in connect path With lockdep enabled, calls to the connect function from cfg802.11 layer lead to th… | |
| CVE-2024-31266 | critical | 9.1 | 9.1 | 2y ago | Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.This issue affects Advanced Order Export For WooCommer… | |
| CVE-2024-32954 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.5. | |
| CVE-2024-32948 | critical | 9.1 | 9.1 | 2y ago | Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.28. | |
| CVE-2024-31345 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Sukhchain Singh Auto Poster.This issue affects Auto Poster: from n/a through 1.2. | |
| CVE-2024-31114 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.This issue affects Shortcode Addons: from n/a through 3.2.5. | |
| CVE-2024-2890 | critical | 9.1 | 9.1 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.12. | |
| CVE-2024-3596 | critical | 9.0 | 9.0 | 2y ago | Important: freeradius security update | |
| CVE-2024-22144 | critical | 9.0 | 9.0 | 2y ago | Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Secu… | |
| CVE-2024-30227 | critical | 9.0 | 9.0 | 2y ago | Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.This issue affects Geo Controller: from n/a through 8.6.4. | |
| CVE-2024-30226 | critical | 9.0 | 9.0 | 2y ago | Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.This issue affects BetterDocs: from n/a through 3.3.3. | |
| CVE-2024-51348 | high | 8.8 | 8.8 | 2mo ago | A stack-based buffer overflow vulnerability in the P2P API service in BS Producten Petcam with firmware 33.1.0.0818 allows unauthenticated attackers within network range to overwrite the instruction … | |
| CVE-2024-37469 | high | 8.8 | 8.8 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in creativethemeshq Blocksy blocksy allows Cross Site Request Forgery.This issue affects Blocksy: from n/a through <= 2.0.22. | |
| CVE-2024-49627 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Noor Alam WordPress Image SEO allows Cross Site Request Forgery.This issue affects WordPress Image SEO: from n/a through 1.1.4. | |
| CVE-2024-49290 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Gora Tech LLC Cooked Pro allows Cross Site Request Forgery.This issue affects Cooked Pro: from n/a before 1.8.0. | |
| CVE-2024-49219 | high | 8.8 | 8.8 | 2y ago | Incorrect Privilege Assignment vulnerability in themexpo RS-Members rs-members allows Privilege Escalation.This issue affects RS-Members: from n/a through <= 1.0.3. | |
| CVE-2024-49226 | high | 8.8 | 8.8 | 2y ago | Deserialization of Untrusted Data vulnerability in taketin TAKETIN To WP Membership taketin-to-wp-membership allows Object Injection.This issue affects TAKETIN To WP Membership: from n/a through <= 2… | |
| CVE-2024-8164 | high | 8.8 | 8.8 | 2y ago | A vulnerability was determined in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This affects the function rename of the file /Admin/Http/Controllers/FileManagerController.php. This mani… | |
| CVE-2024-34444 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before 6.7.0. | |
| CVE-2024-30103 | high | 8.8 | 8.8 | 2y ago | Microsoft Outlook Remote Code Execution Vulnerability | |
| CVE-2024-31261 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Aakash Chakravarthy Announcer – Notification & message bars.This issue affects Announcer – Notification & message bars: from n/a through 6.0. | |
| CVE-2024-35955 | high | 8.8 | 8.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIV… | |
| CVE-2024-27955 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in WP Automatic Automatic allows Privilege Escalation.This issue affects Automatic: from n/a through 3.92.0. | |
| CVE-2024-4367 | high | 8.8 | 8.8 | 2y ago | Important: thunderbird security update | |
| CVE-2024-31113 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11. | |
| CVE-2024-33912 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16. | |
| CVE-2024-33921 | high | 8.8 | 8.8 | 2y ago | Broken Access Control vulnerability in ReviewX.This issue affects ReviewX: from n/a through 1.6.21. | |
| CVE-2024-33595 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1. | |
| CVE-2024-33688 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Teluro.This issue affects Teluro: from n/a through 1.0.31. | |
| CVE-2024-33651 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar : from n/a through 1.2.1. | |
| CVE-2024-25917 | high | 8.8 | 8.8 | 2y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodeRevolution WP Setup Wizard.This issue affects WP Setup Wizard: from n/a through 1.0.8.1. | |
| CVE-2024-32794 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10. | |
| CVE-2024-32793 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10. | |
| CVE-2024-32808 | high | 8.8 | 8.8 | 2y ago | Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9. | |
| CVE-2024-32772 | high | 8.8 | 8.8 | 2y ago | Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9. | |
| CVE-2024-32682 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.2. | |
| CVE-2024-32681 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.2. | |
| CVE-2024-32603 | high | 8.8 | 8.8 | 2y ago | Deserialization of Untrusted Data vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through 3.4.20. | |
| CVE-2024-31378 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp Forms by MailMunch.This issue affects MailChimp Forms by MailMunch: from n/a through 3.2.1. | |
| CVE-2024-31429 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Blossom Themes Sarada Lite.This issue affects Sarada Lite: from n/a through 1.1.2. | |
| CVE-2024-32443 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in IP2Location Download IP2Location Country Blocker.This issue affects Download IP2Location Country Blocker: from n/a through 2.34.2. | |
| CVE-2024-32442 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.7. | |
| CVE-2024-32441 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.7. | |
| CVE-2024-32440 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.8.0. | |
| CVE-2024-32439 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in SwitchWP WP Client Reports.This issue affects WP Client Reports: from n/a through 1.0.22. | |
| CVE-2024-32438 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in cleverplugins.Com SEO Booster.This issue affects SEO Booster: from n/a through 3.8.9. | |
| CVE-2024-32139 | high | 8.8 | 8.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through … | |
| CVE-2024-32127 | high | 8.8 | 8.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Markus Seyer Find Duplicates.This issue affects Find Duplicates: from n/a through 1.4.6. | |
| CVE-2024-32125 | high | 8.8 | 8.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Booking Algorithms BA Book Everything.This issue affects BA Book Everything: from n/a through 1.6… | |
| CVE-2024-31363 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in LifterLMS.This issue affects LifterLMS: from n/a through 7.5.0. | |
| CVE-2024-31362 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. | |
| CVE-2024-31301 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0. | |
| CVE-2024-31293 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.6. | |
| CVE-2024-31269 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps.This issue affects Easy Google Maps: from n/a through 1.11.11. | |
| CVE-2024-31268 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0. | |
| CVE-2024-31238 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover.This issue affects Smart Online Order for Clover: from n/a through 1.5.5. | |
| CVE-2024-32106 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in WP Compress WP Compress – Image Optimizer [All-In-One].This issue affects WP Compress – Image Optimizer [All-In-One]: from n/a through 6.10.35. | |
| CVE-2024-31932 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.28. | |
| CVE-2024-27985 | high | 8.8 | 8.8 | 2y ago | Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.9. | |
| CVE-2024-27967 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through 4.3. | |
| CVE-2024-31430 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional, realmag777 BEAR – Bulk Editor and Products Manager Professional for WooComme… | |
| CVE-2024-31280 | high | 8.8 | 8.8 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.5. | |
| CVE-2024-25918 | high | 8.8 | 8.8 | 2y ago | Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.8. | |
| CVE-2024-30462 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF).This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from … | |
| CVE-2024-30454 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.6.2. | |
| CVE-2024-30482 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Brice CAPOBIANCO Simple Revisions Delete.This issue affects Simple Revisions Delete: from n/a through 1.5.3. | |
| CVE-2024-30500 | high | 8.8 | 8.8 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in CubeWP CubeWP – All-in-One Dynamic Content Framework.This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a throug… | |
| CVE-2024-30499 | high | 8.8 | 8.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks CRM Perks Forms.This issue affects CRM Perks Forms: from n/a through 1.1.4. | |
| CVE-2024-30497 | high | 8.8 | 8.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs.This issue affe… | |
| CVE-2024-30496 | high | 8.8 | 8.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a… | |
| CVE-2024-30491 | high | 8.8 | 8.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. | |
| CVE-2024-30486 | high | 8.8 | 8.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through 8.1.… | |
| CVE-2024-30458 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOOCS – WooCommerce Currency Switcher.This issue affects WOOCS – WooCommerce Currency Switcher: from n/a through 1.4.1.7. | |
| CVE-2024-30457 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.… | |
| CVE-2024-30456 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WPCS.This issue affects WPCS: from n/a through 1.2.0.1. | |
| CVE-2024-30241 | high | 8.8 | 8.8 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.1. | |
| CVE-2024-30230 | high | 8.8 | 8.8 | 2y ago | Deserialization of Untrusted Data vulnerability in Acowebs PDF Invoices and Packing Slips For WooCommerce.This issue affects PDF Invoices and Packing Slips For WooCommerce: from n/a through 1.3.7. | |
| CVE-2024-30222 | high | 8.8 | 8.8 | 2y ago | Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26. | |
| CVE-2024-3013 | high | 8.8 | 8.8 | 2y ago | A flaw has been found in Teledyne FLIR AX8 up to 1.46.16. The impacted element is an unknown function of the file /tools/test_login.php?action=register of the component User Registration. Executing m… | |
| CVE-2024-23510 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Martyn Chamberlin Don't Muck My Markup.This issue affects Don't Muck My Markup: from n/a through 1.8. | |
| CVE-2024-30235 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0. | |
| CVE-2024-30234 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1. | |
| CVE-2024-24799 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.2.2. | |
| CVE-2024-2904 | high | 8.8 | 8.8 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Calliope.This issue affects Calliope: from n/a through 1.0.33. | |
| CVE-2024-27964 | high | 8.8 | 8.8 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.9. | |
| CVE-2024-27190 | high | 8.8 | 8.8 | 2y ago | Missing Authorization vulnerability in Jean-David Daviet Download Media.This issue affects Download Media: from n/a through 1.4.2. | |
| CVE-2024-2721 | high | 8.8 | 8.8 | 2y ago | Deserialization of Untrusted Data vulnerability in Social Media Share Buttons By Sygnoos Social Media Share Buttons.This issue affects Social Media Share Buttons: from n/a through 2.1.0. | |
| CVE-2024-29135 | high | 8.8 | 8.8 | 2y ago | Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic tourfic.This issue affects Tourfic: from n/a through <= 2.11.15. |