Latest high severity Vulnerabilities

CVE-2024-34818
WordPress Webinar plugin <= 1.33.17 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-4434
LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Time-Based SQL Injection
CVE-2024-2662
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Admin+) Command Injection
CVE-2024-4129
Authentication bypass in Snow License Manager
CVE-2024-3828
Spectra Pro <= 1.1.5 - Authenticated (Author+) Privilege Escalation
CVE-2024-0096
CVE
CVE-2024-0097
CVE
CVE-2024-0087
CVE
GHSA-wpcv-5jgp-69f3
### Overview Path Traversal vulnerability via File Uploads in Genie ### Impact Any Genie OSS users running their own instance and relying on the filesystem to store file attachments submitted to th...
maven/com.netflix.genie:genie-web<4.3.18
GHSA-fr5h-rqp8-mj6g
### Impact A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions by security researchers at Assetnote. If the `Host` header is modified, and the below conditions ...
npm/next>=13.4.0<14.1.1
GHSA-77r5-gw3j-2mpf
### Impact Inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. Th...
npm/next>=13.4.0<13.5.1
CVE-2024-3808
Porto Theme - Functionality <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode
CVE-2024-3809
Porto Theme - Functionality <= 3.0.9 - Authenticated (Contributor+) Local File Inclusion via Post Meta
CVE-2024-2290
Advanced Ads – Ad Manager & AdSense <= 1.52.1 - Authenticated (Admin+) PHP Object Injection
CVE-2024-4397
LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Instructor+) Arbitrary File Upload
CVE-2024-3070
Last Viewed Posts by WPBeginner <= 1.0.0 - Unauthenticated PHP Object Injection
CVE-2024-3806
Porto <= 7.1.0 - Unauthenticated Local File Inclusion via porto_ajax_posts
CVE-2024-4441
XML Sitemap & Google News <= 5.4.8 - Unauthenticated Local File Inclusion
CVE-2024-3807
Porto <= 7.1.0 - Authenticated (Contributor+) Local File Inclusion via Post Meta
CVE-2024-3954
Ditty – Responsive News Tickers, Sliders, and Lists <= 3.1.38 - Authenticated (Contributor+) PHP Object Injection
CVE-2024-4605
Breakdance <= 1.7.1 - Authenticated (Contributor+) Remote Code Execution
CVE-2024-4545
EDB Postgres Advanced Server (EPAS) authenticated file read permissions bypass using edbldr
CVE-2024-31954
An issue was discovered in the installer in Samsung Portable SSD for T5 1.6.10 on Windows. Because it is possible to tamper with the directory and DLL files used during the installation process, an at...
CVE-2024-34351
Next.js Server-Side Request Forgery in Server Actions
npm/next>=13.4.0<14.1.1
CVE-2024-34350
Next.js Vulnerable to HTTP Request Smuggling
npm/next>=13.4.0<13.5.1
GHSA-w4h6-9wrp-v5jq
**Important: Exploiting this vulnerability requires the attacker to have access to your Frigate instance, which means they could also just delete all of your recordings or perform any other action. If...
pip/frigate<0.13.2
GHSA-x9vc-6hfv-hg8c
### Summary The `WriteBind()` method in `src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs` uses `int` variables to store the message length and the sum of parameter lengths. Both variables over...
nuget/Npgsql<=8.0.2
CVE-2024-32739
CyberPower PowerPanel Enterprise SQL Injection
CVE-2024-32738
CyberPower PowerPanel Enterprise SQL Injection
CVE-2024-32737
CyberPower PowerPanel Enterprise SQL Injection
CVE-2024-32736
CyberPower PowerPanel Enterprise SQL Injection
CVE-2024-32735
CyberPower PowerPanel Enterprise Missing Authentication
CVE-2024-32655
Npgsql Vulnerable to SQL Injection via Protocol Message Size Overflow
nuget/Npgsql<=8.0.2
CVE-2024-32874
In Frigate, Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
pip/frigate<0.13.2
CVE-2024-23473
SolarWinds Access Rights Manager (ARM) Hard-Coded Credentials Authentication Bypass Vulnerability
CVE-2024-28075
SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution
CVE-2024-32712
WordPress Podlove Podcast Publisher plugin <= 4.0.14 - Broken Access Control vulnerability
CVE-2024-32724
WordPress SharkDropship and Affiliate for AliExpress, eBay, Amazon, Etsy plugin <= 2.1.1 - Arbitrary Content Deletion vulnerability
CVE-2024-34559
WordPress Ghost plugin <= 1.4.0 - Sensitive Data Exposure via Log File vulnerability
CVE-2024-34431
WordPress WP etracker plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-3460
In KioWare for Windows (versions all through 8.34) it is possible to exit this software and use other already opened applications utilizing a short time window before the forced automatic logout occur...
CVE-2024-3459
KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of th...
RHSA-2024:2779
Important: nodejs:18 security update
Red Hat Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions
Red Hat Red Hat Enterprise Linux for Power, little endian - Extended Update Support
Red Hat Red Hat Enterprise Linux Server - AUS
Red Hat Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates
Red Hat Red Hat Enterprise Linux for IBM z Systems
Red Hat Red Hat Enterprise Linux for IBM z Systems - Extended Update Support
and 37 more
RHSA-2024:2778
Important: nodejs:20 security update
Red Hat Red Hat Enterprise Linux for x86_64
Red Hat Red Hat Enterprise Linux for ARM 64
Red Hat Red Hat Enterprise Linux for Power, little endian
Red Hat Red Hat Enterprise Linux for IBM z Systems
redhat/nodejs<20.12.2-2.module+el8.9.0+21743+0b3f1be2
redhat/nodejs-nodemon<3.0.1-1.module+el8.9.0+20473+c4e3d824
and 28 more
RHSA-2024:2668
Important: OpenShift Container Platform 4.14.24 bug fix and security update
Red Hat Red Hat OpenShift Container Platform for ARM 64
Red Hat Red Hat OpenShift Container Platform
Red Hat Red Hat OpenShift Container Platform for IBM Z and LinuxONE
Red Hat Red Hat OpenShift Container Platform for Power
RHSA-2024:2793
Important: nodejs:16 security update
Red Hat Red Hat Enterprise Linux for Power, little endian - Extended Update Support
Red Hat Red Hat Enterprise Linux for x86_64 - Extended Update Support
Red Hat Red Hat Enterprise Linux Server - AUS
Red Hat Red Hat Enterprise Linux for ARM 64 - Extended Update Support
Red Hat Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions
Red Hat Red Hat Enterprise Linux Server - TUS
and 31 more
RHSA-2024:2669
Important: OpenShift Container Platform 4.15.12 security update
redhat/cri-o<1.28.6-2.rhaos4.15.git77bbb1c.el9
redhat/openshift-ansible<4.15.0-202404302009.p0.gd5fd89c.assembly.stream.el9
redhat/openshift-clients<4.15.0-202404260736.p0.gfa6afba.assembly.stream.el9
redhat/podman<4.4.1-23.2.rhaos4.15.el9
redhat/cri-o<1.28.6-2.rhaos4.15.git77bbb1c.el9
redhat/cri-o-debuginfo<1.28.6-2.rhaos4.15.git77bbb1c.el9
and 128 more
RHSA-2024:2799
Important: glibc security update
Red Hat Red Hat Enterprise Linux for ARM 64 - Extended Update Support
Red Hat Red Hat Enterprise Linux for x86_64 - Extended Update Support
Red Hat Red Hat Enterprise Linux for Power, little endian - Extended Update Support
Red Hat Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions
Red Hat Red Hat Enterprise Linux Server - TUS
Red Hat Red Hat Virtualization Host
and 548 more
RHSA-2024:2672
Important: OpenShift Container Platform 4.14.24 packages and security update
Red Hat Red Hat OpenShift Container Platform for ARM 64
Red Hat Red Hat OpenShift Container Platform for Power
Red Hat Red Hat OpenShift Container Platform for IBM Z and LinuxONE
Red Hat Red Hat OpenShift Container Platform
redhat/cri-o<1.27.6-2.rhaos4.14.gitb3bd0bf.el9
redhat/openshift<4.14.0-202404301807.p0.gfd36fb9.assembly.stream.el9
and 122 more
RHSA-2024:2777
Important: squid:4 security update
Red Hat Red Hat Enterprise Linux Server - TUS
Red Hat Red Hat Enterprise Linux Server - AUS
Red Hat Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions
Red Hat Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions
redhat/libecap<1.0.1-2.module+el8.1.0+4044+36416a77
redhat/squid<4.4-8.module+el8.2.0+21527+aa63d5ff.9
and 14 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203