Latest critical severity Vulnerabilities

The limit() query method is susceptible to catastrophic SQL injection with MySQL. For example, given a model User for a table users: ``` UserQuery::create()->limit('1;DROP TABLE users')->find(); ``` ...
composer/propel/propel1>=1<=1.7.1
The limit() query method is susceptible to catastrophic SQL injection with MySQL. For example, given a model User for a table users: ``` UserQuery::create()->limit('1;DROP TABLE users')->find(); ``` ...
composer/propel/propel>=2.0.0-alpha1<=2.0.0-alpha7
Fluent Bit Memory Corruption Vulnerability
Missing Authorization on Delete Datasets in lunary-ai/lunary
Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not...
Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet converter that should not be placed at ...
Build App Online <= 1.0.21 - Authentication Bypass via Header
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Settings Update and Limited Privilege Escalation
Remote Code Execution in berriai/litellm
pip/litellm<=1.28.11
Time Based SQL Injection in Zabbix Server Audit Log
WordPress ActiveDEMAND plugin <= 0.2.41 - Arbitrary File Upload vulnerability
WordPress Simple Registration for WooCommerce plugin <= 1.5.6 - Unauthenticated Privilege Escalation vulnerability
WordPress Demo My WordPress plugin <= 1.0.9.1 - Unauthenticated Privilege Escalation vulnerability
WordPress Rehub theme <= 19.6.1 - Unauthenticated Local File Inclusion vulnerability
WordPress WholesaleX plugin <= 1.3.2 - Unauthenticated Privilege Escalation vulnerability
WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary File Download and SSRF vulnerability
WordPress LMS by Masteriyo plugin <= 1.7.2 - Privilege Escalation vulnerability
WordPress SalesKing plugin <= 1.6.15 - Unauthenticated Privilege Escalation vulnerability
WordPress WP Frontend Profile plugin <= 1.3.1 - Unauthenticated Privilege Escalation vulnerability
WordPress Local Delivery Drivers for WooCommerce plugin <= 1.9.0 - Unauthenticated Account Takeover vulnerability
WordPress WP MLM Unilevel plugin <= 4.0 - Unauthenticated Account Takeover vulnerability
WordPress WebinarIgnition plugin <= 3.05.0 - Unauthenticated Privilege Escalation vulnerability
WordPress XStore Core plugin <= 5.3.8 - Unauthenticated Account Takeover vulnerability
WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.5.3 - Unauthenticated Privilege Escalation vulnerability
WordPress Customify Site Library plugin <= 0.0.9 - Remote Code Execution (RCE) vulnerability
WordPress HT Mega Absolute Addons for Elementor plugin <= 2.2.0 - Unauthenticated Privilege Escalation vulnerability
WordPress LWS Affiliation plugin <= 2.2.6 - Local File Inclusion vulnerability
WordPress Woodmart Core plugin <= 1.0.36 - Privilege Escalation
WordPress Houzez theme <= 2.7.1 - Privilege Escalation
WordPress Houzez Login Register plugin <= 2.6.3 - Privilege Escalation
WordPress WatchTowerHQ plugin <= 3.6.16 - Privilege Escalation
WordPress JS Help Desk – Best Help Desk & Support Plugin plugin <= 2.7.7 - Arbitrary File Upload vulnerability
WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 - Subscriber+ Arbitrary PHP Code Injection/Execution Vulnerability
WordPress Copymatic plugin <= 1.6 - Unauthenticated Arbitrary File Upload vulnerability
Penci Soledad Data Migrator <= 1.3.0 - Unauthenticated Local File Inclusion
## ID: NFLX-2024-002 ### Impact Authenticated users can achieve limited RCE in ConsoleMe, restricted to flag inputs on a single CLI command. Due to this constraint, it is not currently known whether ...
pip/consoleme<1.4.0
Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.
Arbitrary File Read Vulnerability in ConsoleMe via Limited Git command RCE
pip/consoleme<1.4.0
Stalwart Mail Server has privilege escalation by design
SQL injection vulnerability in Simple PHP Shopping Cart
SQL injection vulnerability in SiAdmin
SQL injection vulnerability in SiAdmin
Git local configuration leading to Arbitrary Code Execution upon opening .ste file
Arbitrary Upload & Read via Path Traversal in parisneo/lollms-webui
Arbitrary Code Execution in parisneo/lollms
Remote Code Execution in parisneo/lollms-webui
Remote Code Execution via `/apply_settings` and `/execute_code` in parisneo/lollms-webui
Path Traversal leading to Remote Code Execution in parisneo/lollms-webui
Tutor LMS <= 2.7.0 - Missing Authorization
Applications using the "cookie" session driver that were also exposing an encryption oracle via their application were vulnerable to remote code execution. An encryption oracle is a mechanism where ar...
composer/laravel/framework>=7.0.0<7.22.4
composer/laravel/framework>=4.1.0<6.18.31

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203