CVEs from 2024
Total
6,662
critical
critical 120
high
high 1,039
medium
medium 2,009
low
low 48
% Critical
1.8%
% with KEV
2.4%
% with exploit
3.3%
Top products
- surveillance_station 12
- checkmk 10
- profilegrid 8
- office 8
- office_long_term_servicing_channel 6
- glibc 5
- virtual_traffic_manager 5
- element_pack 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-32518 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through 2.0.0. | |||
| CVE-2024-32513 | medium | 5.3 | 5.3 | 2y ago | Insertion of Sensitive Information into Log File vulnerability in AdTribes.Io Product Feed PRO for WooCommerce.This issue affects Product Feed PRO for WooCommerce: from n/a through 13.3.1. | |||
| CVE-2024-31432 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in StellarWP Restrict Content.This issue affects Restrict Content: from n/a through 3.2.8. | |||
| CVE-2024-24850 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1. | |||
| CVE-2024-31242 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17. | |||
| CVE-2024-31230 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.8.2. | |||
| CVE-2024-31353 | medium | 5.3 | 5.3 | 2y ago | Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. | |||
| CVE-2024-31302 | medium | 5.3 | 5.3 | 2y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.This issue affects Contact Form Email: from n/a through 1.3.44. | |||
| CVE-2024-31297 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0. | |||
| CVE-2024-31095 | medium | 5.3 | 5.3 | 2y ago | Authorization Bypass Through User-Controlled Key vulnerability in Ricard Torres Thumbs Rating.This issue affects Thumbs Rating: from n/a through 5.1.0. | |||
| CVE-2024-30523 | medium | 5.3 | 5.3 | 2y ago | Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro – Mailchimp Add On pmpro-mailchimp.This issue affects Paid Memberships Pro – Mailchimp Add … | |||
| CVE-2024-30463 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4.3. | |||
| CVE-2024-30514 | medium | 5.3 | 5.3 | 2y ago | Insertion of Sensitive Information into Log File vulnerability in Paid Memberships Pro Paid Memberships Pro – Payfast Gateway Add On.This issue affects Paid Memberships Pro – Payfast Gateway Add On: … | |||
| CVE-2024-30511 | medium | 5.3 | 5.3 | 2y ago | Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.45.1. | |||
| CVE-2024-30469 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0. | |||
| CVE-2024-25923 | medium | 5.3 | 5.3 | 2y ago | Insertion of Sensitive Information into Log File vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.2.7.0. | |||
| CVE-2024-22138 | medium | 5.3 | 5.3 | 2y ago | Insertion of Sensitive Information into Log File vulnerability in Seraphinite Solutions Seraphinite Accelerator.This issue affects Seraphinite Accelerator: from n/a through 2.20.47. | |||
| CVE-2024-24805 | medium | 5.3 | 5.3 | 2y ago | Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 3.1.2. | |||
| CVE-2024-24845 | medium | 5.3 | 5.3 | 2y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sewpafly Post Thumbnail Editor.This issue affects Post Thumbnail Editor: from n/a through 2.4.8. | |||
| CVE-2024-1436 | medium | 5.3 | 5.3 | 2y ago | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wiloke WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit.This issue affects WooCommerce Coupon Popup, SmartBar, Slid… | |||
| CVE-2024-34397 | medium | 5.2 | 5.2 | 2y ago | RHSA-2025:11327: glib2 security update (Moderate) | |||
| CVE-2024-38739 | medium | 5.1 | 5.1 | 2y ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FameThemes OnePress allows Stored XSS.This issue affects OnePress: from n/a through 2.3.8. | |||
| CVE-2024-33590 | medium | 5.0 | 5.0 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in codeSavory Knowledge Base documentation & wiki plugin – BasePress.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n… | |||
| CVE-2024-47271 | medium | 4.9 | 4.9 | 5d ago | Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privi… | |||
| CVE-2024-47269 | medium | 4.9 | 4.9 | 5d ago | Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with adm… | |||
| CVE-2024-47268 | medium | 4.9 | 4.9 | 5d ago | Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtai… | |||
| CVE-2024-32775 | medium | 4.9 | 4.9 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in Pavex Embed Google Photos album.This issue affects Embed Google Photos album: from n/a through 2.1.9. | |||
| CVE-2024-32955 | medium | 4.9 | 4.9 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.43.7212. | |||
| CVE-2024-32819 | medium | 4.9 | 4.9 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in Culqi.This issue affects Culqi: from n/a through 3.0.14. | |||
| CVE-2024-30532 | medium | 4.9 | 4.9 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in Builderall Team Builderall Builder for WordPress.This issue affects Builderall Builder for WordPress: from n/a through 2.0.1. | |||
| CVE-2024-30531 | medium | 4.9 | 4.9 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content.This issue affects Nelio Content: from n/a through 3.2.0. | |||
| CVE-2024-21747 | medium | 4.9 | 4.9 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounti… | |||
| CVE-2024-24859 | medium | 4.8 | 4.8 | 2y ago | A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service. | |||
| CVE-2024-51685 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Gangolf Accordion title for Elementor allows Stored XSS.This issue affects Accordi… | |||
| CVE-2024-37449 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a through 6.… | |||
| CVE-2024-35768 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiveComposer Page Builder: Live Composer live-composer-page-builder allows DOM-Based XSS.This iss… | |||
| CVE-2024-35769 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in John West Slideshow SE allows Stored XSS.This issue affects Slideshow SE: from n/a through… | |||
| CVE-2024-35751 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Creative Motion, Will Bontrager Software, LLC Woody ad snippets allows Stored XSS.This iss… | |||
| CVE-2024-34811 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.5.1. | |||
| CVE-2024-34437 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Stored XSS.This issue affects Form Maker by 10… | |||
| CVE-2024-34558 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WOLF allows Stored XSS.This issue affects WOLF: from n/a through 1.0.8.2. | |||
| CVE-2024-34570 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a t… | |||
| CVE-2024-33639 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through 2.1.1. | |||
| CVE-2024-32584 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StandaloneTech TeraWallet – For WooCommerce allows Stored XSS.This issue affects TeraWallet – For… | |||
| CVE-2024-32534 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Stored XSS.This issue affects Form Maker by 10… | |||
| CVE-2024-32453 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POEditor allows Stored XSS.This issue affects POEditor: from n/a through 0.9.8. | |||
| CVE-2024-32429 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPChill Remove Footer Credit allows Stored XSS.This issue affects Remove Footer Credit: from n/a … | |||
| CVE-2024-32428 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moss Web Works MWW Disclaimer Buttons allows Stored XSS.This issue affects MWW Disclaimer Buttons… | |||
| CVE-2024-30549 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cimatti Contact Forms by Cimatti contact-forms.This issue affects Contact Forms by Cimatti: from … | |||
| CVE-2024-30430 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Email Newsletter Team - FluentCRM Fluent CRM allows Stored XSS.This issue affects Fluent CRM: … | |||
| CVE-2024-29776 | medium | 4.8 | 4.8 | 2y ago | Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9. | |||
| CVE-2024-2578 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPCoder WP Coder allows Stored XSS.This issue affects WP Coder: from n/a through 3.5. | |||
| CVE-2024-27996 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS.This issue affects Survey Maker: from n/a throug… | |||
| CVE-2024-29112 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Marketing Robot WooCommerce Google Feed Manager allows Stored XSS.This issue affects WooCommer… | |||
| CVE-2024-25596 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Doofinder Doofinder for WooCommerce allows Stored XSS.This issue affects Doofinder for WooCommerc… | |||
| CVE-2024-25592 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Broken Link Checker allows Stored XSS.This issue affects Broken Link Checker: from n/a t… | |||
| CVE-2024-25101 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Maspik – Spam Blacklist allows Stored XSS.This issue affects Maspik – Spam Blacklist: fro… | |||
| CVE-2024-23501 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shopfiles Ltd Ebook Store allows Stored XSS.This issue affects Ebook Store: from n/a through 5.78… | |||
| CVE-2024-1434 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Media Alt Renamer allows Stored XSS.This issue affects Media Alt Renamer: from n/a thr… | |||
| CVE-2024-24717 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: fr… | |||
| CVE-2024-24834 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net a… | |||
| CVE-2024-24841 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan's Art Add Customer for WooCommerce allows Stored XSS.This issue affects Add Customer for WooC… | |||
| CVE-2024-22153 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood & Alexandre Faustino Stock Locations for WooCommerce allows Stored XSS.This issue a… | |||
| CVE-2024-22161 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Harmonic Design HD Quiz allows Stored XSS.This issue affects HD Quiz: from n/a through 1.8.11. | |||
| CVE-2024-22306 | medium | 4.8 | 4.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hometory Mang Board WP allows Stored XSS.This issue affects Mang Board WP: from n/a through 1.7.7. | |||
| CVE-2024-13073 | medium | 4.7 | 4.7 | 9mo ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft TaskPano allows Cross-Site Scripting (XSS). This issue affects TaskPano: s1.06.0… | |||
| CVE-2024-12973 | medium | 4.7 | 4.7 | 9mo ago | Origin Validation Error vulnerability in Akinsoft OctoCloud allows HTTP Response Splitting, CAPEC - 87 - Forceful Browsing. This issue affects OctoCloud: from s1.09.01 before v1.11.01. | |||
| CVE-2024-53124 | medium | 4.7 | 4.7 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net: fix data-races around sk->sk_forward_alloc Syzkaller reported this warning: ------------[ cut here ]------------ WARNING: … | |||
| CVE-2024-47660 | medium | 4.7 | 4.7 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: fsnotify: clear PARENT_WATCHED flags lazily In some setups directories can have many (usually negative) dentries. Hence __fsnotif… | |||
| CVE-2024-50006 | medium | 4.7 | 4.7 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix i_data_sem unlock order in ext4_ind_migrate() Fuzzing reports a possible deadlock in jbd2_log_wait_commit. This issue … | |||
| CVE-2024-57913 | medium | 4.7 | 4.7 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Remove WARN_ON in functionfs_bind This commit addresses an issue related to below kernel panic where panic_on_… | |||
| CVE-2024-46679 | medium | 4.7 | 4.7 | 2y ago | RHSA-2024:8856: kernel security update (Moderate) | |||
| CVE-2024-26861 | medium | 4.7 | 4.7 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wireguard: receive: annotate data-race around receiving_counter.counter Syzkaller with KCSAN identified a data-race issue when ac… | |||
| CVE-2024-38596 | medium | 4.7 | 4.7 | 2y ago | RHSA-2024:5102: kernel-rt security update (Important) | |||
| CVE-2024-26878 | medium | 4.7 | 4.7 | 2y ago | RHSA-2024:5102: kernel-rt security update (Important) | |||
| CVE-2024-26923 | medium | 4.7 | 4.7 | 2y ago | RHSA-2024:7001: kernel-rt security update (Important) | |||
| CVE-2024-41005 | medium | 4.7 | 4.7 | 2y ago | RHSA-2024:7001: kernel-rt security update (Important) | |||
| CVE-2024-50010 | medium | 4.7 | 4.7 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: exec: don't WARN for racy path_noexec check Both i_mode and noexec checks wrapped in WARN_ON stem from an artifact of the previou… | |||
| CVE-2024-46870 | medium | 4.7 | 4.7 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable DMCUB timeout for DCN35 [Why] DMCUB can intermittently take longer than expected to process commands. O… | |||
| CVE-2024-40905 | medium | 4.7 | 4.7 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible race in __fib6_drop_pcpu_from() syzbot found a race in __fib6_drop_pcpu_from() [1] If compiler reads more tha… | |||
| CVE-2024-26897 | medium | 4.7 | 4.7 | 2y ago | RHSA-2024:3627: kernel-rt security and bug fix update (Moderate) | |||
| CVE-2024-21516 | medium | 4.7 | 4.7 | 2y ago | Cross site scripting in opencart | |||
| CVE-2024-21515 | medium | 4.7 | 4.7 | 2y ago | Cross site scripting in opencart | |||
| CVE-2024-38662 | medium | 4.7 | 4.7 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Allow delete from sockmap/sockhash only if update is allowed We have seen an influx of syzkaller reports where a BPF program… | |||
| CVE-2024-27419 | medium | 4.7 | 4.7 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: netrom: Fix data-races around sysctl_net_busy_read We need to protect the reader reading the sysctl value because the value can b… | |||
| CVE-2024-33930 | medium | 4.7 | 4.7 | 2y ago | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ILLID Share This Image.This issue affects Share This Image: from n/a through 1.97. | |||
| CVE-2024-33584 | medium | 4.7 | 4.7 | 2y ago | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Deepen Bajracharya Video Conferencing with Zoom.This issue affects Video Conferencing with Zoom: from n/a through 4.4.4. | |||
| CVE-2024-32957 | medium | 4.7 | 4.7 | 2y ago | Missing Authorization vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through 1.5.38. | |||
| CVE-2024-26859 | medium | 4.7 | 4.7 | 2y ago | RHSA-2024:4352: kernel-rt security and bug fix update (Important) | |||
| CVE-2024-32129 | medium | 4.7 | 4.7 | 2y ago | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Freshworks Freshdesk (official).This issue affects Freshdesk (official): from n/a through 2.3.6. | |||
| CVE-2024-27953 | medium | 4.7 | 4.7 | 2y ago | Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.6.8. | |||
| CVE-2024-24855 | medium | 4.7 | 4.7 | 2y ago | A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic o… | |||
| CVE-2024-42114 | medium | 4.4 | 4.4 | 2y ago | RHSA-2024:7001: kernel-rt security update (Important) | |||
| CVE-2024-38862 | medium | 4.4 | 4.4 | 2y ago | Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35, <2.1.0p48 and <=2.0.0p39 (EOL) causes SNMP and IMPI secrets of host and folder properties to … | |||
| CVE-2024-38559 | medium | 4.4 | 4.4 | 2y ago | RHSA-2024:7001: kernel-rt security update (Important) | |||
| CVE-2024-26810 | medium | 4.4 | 4.4 | 2y ago | RHSA-2024:5102: kernel-rt security update (Important) | |||
| CVE-2024-33629 | medium | 4.4 | 4.4 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in Creative Motion Auto Featured Image (Auto Post Thumbnail).This issue affects Auto Featured Image (Auto Post Thumbnail): from n/a through 4.0.0. | |||
| CVE-2024-33627 | medium | 4.4 | 4.4 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in Cusmin Absolutely Glamorous Custom Admin.This issue affects Absolutely Glamorous Custom Admin: from n/a through 7.2.2. | |||
| CVE-2024-32454 | medium | 4.4 | 4.4 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in Wappointment Appointment Bookings for Zoom GoogleMeet and more – Wappointment.This issue affects Appointment Bookings for Zoom GoogleMeet and more … | |||
| CVE-2024-0391 | medium | 4.3 | 4.3 | 21d ago | The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of registered user accounts. The discovery of valid use… |