CVE-2024-46049 - Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the formexeCommand function.
Published: September 13, 2024; 10:15:14 AM -0400

V3.1: 9.8 CRITICAL

CVE-2024-46048 - Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i
Published: September 13, 2024; 10:15:14 AM -0400

V3.1: 9.8 CRITICAL

CVE-2024-46047 - Tenda FH451 v1.0.0.9 has a stack overflow vulnerability in the fromDhcpListClient function.
Published: September 13, 2024; 10:15:14 AM -0400

V3.1: 7.5 HIGH

CVE-2024-46046 - Tenda FH451 v1.0.0.9 has a stack overflow vulnerability located in the RouteStatic function.
Published: September 13, 2024; 10:15:14 AM -0400

V3.1: 9.8 CRITICAL

CVE-2024-46045 - Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function.
Published: September 13, 2024; 10:15:14 AM -0400

V3.1: 9.8 CRITICAL

CVE-2024-46044 - CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function.
Published: September 13, 2024; 10:15:13 AM -0400

V3.1: 9.8 CRITICAL

CVE-2024-6080 - A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code of the component incontrolWebcam Service. The manipulation leads to unquoted search path. Local access is required to approach... read CVE-2024-6080
Published: June 17, 2024; 7:15:51 PM -0400

V3.1: 7.8 HIGH

CVE-2024-4551 - The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. This makes it possible for authenticated attackers, w... read CVE-2024-4551
Published: June 15, 2024; 5:15:12 AM -0400

V3.1: 8.8 HIGH

CVE-2024-4450 - The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.5. This m... read CVE-2024-4450
Published: June 19, 2024; 12:15:11 AM -0400

V3.1: 6.3 MEDIUM

CVE-2024-4258 - The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attacker... read CVE-2024-4258
Published: June 15, 2024; 5:15:12 AM -0400

V3.1: 9.8 CRITICAL

CVE-2024-2381 - The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, and including, 3.3.5. This makes it possible for ... read CVE-2024-2381
Published: June 19, 2024; 12:15:10 AM -0400

V3.1: 8.8 HIGH

CVE-2024-45040 - gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs ... read CVE-2024-45040
Published: September 06, 2024; 9:15:04 AM -0400

V3.1: 5.9 MEDIUM

CVE-2024-45039 - gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. A... read CVE-2024-45039
Published: September 06, 2024; 9:15:04 AM -0400

V3.1: 6.2 MEDIUM

CVE-2024-7717 - The WP Events Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 2.1.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparat... read CVE-2024-7717
Published: August 31, 2024; 5:15:07 AM -0400

V3.1: 8.8 HIGH

CVE-2022-4100 - The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has be... read CVE-2022-4100
Published: August 31, 2024; 5:15:03 AM -0400

V3.1: 5.3 MEDIUM

CVE-2022-4536 - The IP Vault – WP Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and log... read CVE-2022-4536
Published: August 31, 2024; 5:15:04 AM -0400

V3.1: 5.3 MEDIUM

CVE-2024-7895 - The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter in all versions up to, and including, 2.8.3.5 due to insufficient input sanitization and output escaping. This m... read CVE-2024-7895
Published: August 29, 2024; 7:15:29 AM -0400

V3.1: 5.4 MEDIUM

CVE-2024-1384 - The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_recent_portfolios_grid' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitiza... read CVE-2024-1384
Published: August 29, 2024; 9:15:05 AM -0400

V3.1: 5.4 MEDIUM

CVE-2024-3679 - The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.001. This makes it possible for unauthenticated attackers to view limited information from password... read CVE-2024-3679
Published: August 29, 2024; 9:15:06 AM -0400

V3.1: 7.5 HIGH

CVE-2024-1056 - The FunnelKit Funnel Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allow_iframe_tag_in_post' function which uses the 'wp_kses_allowed_html' filter to globally allow script and iframe tags in posts in all ve... read CVE-2024-1056
Published: August 29, 2024; 10:15:08 AM -0400

V3.1: 5.4 MEDIUM