Latest CVE Feed
-
7.8
HIGHCVE-2024-34787
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.... Read more
Affected Products : endpoint_manager- Published: Nov. 13, 2024
- Modified: May. 01, 2025
-
7.2
HIGHCVE-2024-34784
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more
Affected Products : endpoint_manager- Published: Nov. 13, 2024
- Modified: May. 01, 2025
-
7.2
HIGHCVE-2024-34782
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more
Affected Products : endpoint_manager- Published: Nov. 13, 2024
- Modified: May. 01, 2025
-
7.2
HIGHCVE-2024-34781
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more
Affected Products : endpoint_manager- Published: Nov. 13, 2024
- Modified: May. 01, 2025
-
7.2
HIGHCVE-2024-34780
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more
Affected Products : endpoint_manager- Published: Nov. 13, 2024
- Modified: Apr. 23, 2025
-
7.2
HIGHCVE-2024-32847
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more
Affected Products : endpoint_manager- Published: Nov. 13, 2024
- Modified: Apr. 24, 2025
-
7.2
HIGHCVE-2024-32844
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more
Affected Products : endpoint_manager- Published: Nov. 13, 2024
- Modified: Apr. 23, 2025
-
7.2
HIGHCVE-2024-32841
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more
Affected Products : endpoint_manager- Published: Nov. 13, 2024
- Modified: Apr. 23, 2025
-
7.2
HIGHCVE-2024-32839
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more
Affected Products : endpoint_manager- Published: Nov. 13, 2024
- Modified: Apr. 23, 2025
-
7.1
HIGHCVE-2024-29211
A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files.... Read more
Affected Products : secure_access_client- Published: Nov. 13, 2024
- Modified: Nov. 14, 2024
-
6.4
MEDIUMCVE-2024-10887
The NiceJob plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes (nicejob-lead, nicejob-review, nicejob-engage, nicejob-badge, nicejob-stories) in all versions up to, and including, 3.6.5 due to insuffic... Read more
Affected Products :- Published: Nov. 13, 2024
- Modified: Nov. 13, 2024
-
4.3
MEDIUMCVE-2024-10854
The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buy_one_click_import_options AJAX action in all versions up to, and including, 2.2.9. This makes it possible for... Read more
Affected Products : buy_one_click_woocommerce- Published: Nov. 13, 2024
- Modified: Jan. 17, 2025
-
4.3
MEDIUMCVE-2024-10853
The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the removeorder AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated at... Read more
Affected Products : buy_one_click_woocommerce- Published: Nov. 13, 2024
- Modified: Jan. 17, 2025
-
4.3
MEDIUMCVE-2024-10852
The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the buy_one_click_export_options AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authe... Read more
Affected Products : buy_one_click_woocommerce- Published: Nov. 13, 2024
- Modified: Nov. 13, 2024
-
6.1
MEDIUMCVE-2024-10851
The Razorpay Payment Button Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it p... Read more
Affected Products : razorpay_payment_button- Published: Nov. 13, 2024
- Modified: Jan. 17, 2025
-
6.1
MEDIUMCVE-2024-10850
The Razorpay Payment Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This ... Read more
Affected Products : razorpay_payment_button- Published: Nov. 13, 2024
- Modified: Jan. 17, 2025
-
4.3
MEDIUMCVE-2024-10778
The BuddyPress Builder for Elementor – BuddyBuilder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be includ... Read more
Affected Products : buddybuilder- Published: Nov. 13, 2024
- Modified: Jul. 09, 2025
-
6.5
MEDIUMCVE-2024-10717
The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivate_license function in all versions up to, and including, 3.3.4. This ... Read more
Affected Products : styler_for_ninja_forms- Published: Nov. 13, 2024
- Modified: Jul. 11, 2025
-
8.8
HIGHCVE-2024-10629
The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.8. This makes it possible for authenticate... Read more
- Published: Nov. 13, 2024
- Modified: Nov. 13, 2024
-
6.1
MEDIUMCVE-2024-10577
The 胖鼠采集(Fat Rat Collect) 微信知乎简书腾讯新闻列表分页采集, 还有自动采集、自动发布、自动标签、等多项功能。开源插件 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to missing escaping on a URL in all versions up to, and including, 2.7.3. This makes it possible for unauthent... Read more
Affected Products :- Published: Nov. 13, 2024
- Modified: Nov. 21, 2024