Latest critical severity Vulnerabilities

CVE-2024-4393
The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2. This is due to insufficient verification on the OpenID server being supplied durin...
CVE-2024-4346
The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. This is due to the plugin not properly validating the path of...
CVE-2024-4345
The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess' c...
CVE-2024-4186
The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the 'eb_user_email_verification_key' default value is empty, an...
CVE-2024-4549
Delta Electronics DIAEnergie SQL Injection
CVE-2024-4548
Delta Electronics DIAEnergie SQL Injection
CVE-2024-4547
Delta Electronics DIAEnergie Unauthenticated SQL Injection
CVE-2024-23706
In multiple locations, there is a possible bypass of health data permissions due to an improper input validation. This could lead to local escalation of privilege with no additional execution privileg...
Google Android
CVE-2024-4497
Tenda i21 formexeCommand stack-based overflow
CVE-2024-4496
Tenda i21 formWifiMacFilterSet stack-based overflow
CVE-2024-4495
Tenda i21 formWifiMacFilterGet stack-based overflow
CVE-2024-4494
Tenda i21 setUplinkInfo formSetUplinkInfo stack-based overflow
CVE-2024-4493
Tenda i21 formSetAutoPing stack-based overflow
CVE-2024-4492
Tenda i21 setStaOffline formOfflineSet stack-based overflow
CVE-2024-4491
Tenda i21 formGetDiagnoseInfo stack-based overflow
CVE-2024-4466
SQL injection vulnerability in Gescen
CVE-2024-32986
Arbitrary code execution due to improper sanitization of web app properties in PWAsForFirefox
CVE-2023-51595
(0Day) Voltronic Power ViewPower Pro selectDeviceListBy SQL Injection Remote Code Execution Vulnerability
Voltronic Power ViewPower Pro
CVE-2023-51593
(0Day) Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability
Voltronic Power ViewPower Pro
CVE-2023-51590
(0Day) Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upload Remote Code Execution Vulnerability
Voltronic Power ViewPower Pro
CVE-2023-51586
(0Day) Voltronic Power ViewPower Pro selectEventConfig SQL Injection Remote Code Execution Vulnerability
Voltronic Power ViewPower Pro
CVE-2023-51583
(0Day) Voltronic Power ViewPower UpsScheduler Exposed Dangerous Method Remote Code Execution Vulnerability
Voltronic Power ViewPower
CVE-2023-51581
(0Day) Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability
Voltronic Power ViewPower
CVE-2023-51582
(0Day) Voltronic Power ViewPower LinuxMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability
Voltronic Power ViewPower
CVE-2023-51576
(0Day) Voltronic Power ViewPower Deserialization of Untrusted Data Remote Code Execution Vulnerability
Voltronic Power ViewPower
CVE-2023-51575
(0Day) Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability
Voltronic Power ViewPower
CVE-2023-51574
(0Day) Voltronic Power ViewPower updateManagerPassword Exposed Dangerous Method Authentication Bypass Vulnerability
Voltronic Power ViewPower
CVE-2023-44414
(0Day) D-Link D-View coreservice_action_script Exposed Dangerous Function Remote Code Execution Vulnerability
D-Link D-View
CVE-2023-44411
(0Day) D-Link D-View InstallApplication Use of Hard-coded Credentials Authentication Bypass Vulnerability
D-Link D-View
CVE-2023-42121
(0Day) Control Web Panel Missing Authentication Remote Code Execution Vulnerability
Control Web Panel Control Web Panel
CVE-2023-40505
(0Day) LG Simple Editor createThumbnailByMovie Command Injection Remote Code Execution Vulnerability
LG Simple Editor
CVE-2023-40504
(0Day) LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability
LG Simple Editor
CVE-2023-40501
(0Day) LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability
LG Simple Editor
CVE-2023-40500
(0Day) LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability
LG Simple Editor
CVE-2023-40498
(0Day) LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability
LG Simple Editor
CVE-2023-40497
(0Day) LG Simple Editor saveXml Directory Traversal Remote Code Execution Vulnerability
LG Simple Editor
CVE-2023-40493
(0Day) LG Simple Editor copySessionFolder Directory Traversal Remote Code Execution Vulnerability
LG Simple Editor
CVE-2023-39476
(0Day) Inductive Automation Ignition JavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability
Inductive Automation Ignition
CVE-2023-39475
(0Day) Inductive Automation Ignition ParameterVersionJavaSerializationCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability
Inductive Automation Ignition
CVE-2023-39457
(Pwn2Own) Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability
Triangle MicroWorks SCADA Data Gateway
CVE-2023-38096
NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability
NETGEAR ProSAFE Network Management System
CVE-2023-32174
Unified Automation UaGateway NodeManagerOpcUa Use-After-Free Remote Code Execution Vulnerability
Unified Automation UaGateway
CVE-2023-32169
D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability
D-Link D-View
CVE-2023-32165
D-Link D-View TftpReceiveFileHandler Directory Traversal Remote Code Execution Vulnerability
D-Link D-View
CVE-2023-32156
(Pwn2Own) Tesla Model 3 Gateway Firmware Signature Validation Bypass Vulnerability
Tesla Model 3
CVE-2023-27359
(Pwn2Own) TP-Link AX1800 hotplugd Firewall Rule Race Condition Vulnerability
TP-Link AX1800
CVE-2024-2667
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST AP...
CVE-2024-2876
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES...
CVE-2024-3729
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'fea_encrypt' function in all versions up to, and including, 3.19.4. This ...
CVE-2024-33913
WordPress Xserver Migrator plugin <= 1.6.1 - CSRF to Arbitrary File Upload vulnerability

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203