Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-18 | CVE-2024-9474 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability. | 7.2 |
| 2024-11-18 | CVE-2024-52427 | Code Injection vulnerability in Vollstart Event Tickets With Ticket Scanner Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Server Side Include (SSI) Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through 2.3.11. | 8.8 |
| 2024-11-18 | CVE-2024-52428 | Unspecified vulnerability in Scripteo ADS Booster BY ADS PRO Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Scripteo Ads Booster by Ads Pro allows PHP Local File Inclusion.This issue affects Ads Booster by Ads Pro: from n/a through 1.12. | 9.8 |
| 2024-11-18 | CVE-2024-52429 | Unrestricted Upload of File with Dangerous Type vulnerability in Antonhoelstad WP Quick Setup Unrestricted Upload of File with Dangerous Type vulnerability in Anton Hoelstad WP Quick Setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through 2.0. | 8.8 |
| 2024-11-18 | CVE-2024-52430 | Deserialization of Untrusted Data vulnerability in LIS Video Gallery Deserialization of Untrusted Data vulnerability in Lis Lis Video Gallery allows Object Injection.This issue affects Lis Video Gallery: from n/a through 0.2.1. | 9.8 |
| 2024-11-18 | CVE-2024-52431 | SQL Injection vulnerability in Pressaholic Wordpress Video Robot Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressaholic WordPress Video Robot - The Ultimate Video Importer allows SQL Injection.This issue affects WordPress Video Robot - The Ultimate Video Importer: from n/a through 1.20.0. | 9.8 |
| 2024-11-18 | CVE-2024-52432 | Deserialization of Untrusted Data vulnerability in Nixsolutions NIX Anti-Spam Light Deserialization of Untrusted Data vulnerability in NIX Solutions Ltd NIX Anti-Spam Light allows Object Injection.This issue affects NIX Anti-Spam Light: from n/a through 0.0.4. | 9.8 |
| 2024-11-18 | CVE-2024-52433 | Deserialization of Untrusted Data vulnerability in Mindstien MY GEO Posts Free Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free allows Object Injection.This issue affects My Geo Posts Free: from n/a through 1.2. | 9.8 |
| 2024-11-18 | CVE-2024-52434 | Code Injection vulnerability in Supsystic Popup Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Popup by Supsystic allows Command Injection.This issue affects Popup by Supsystic: from n/a through 1.10.29. | 9.1 |
| 2024-11-18 | CVE-2024-52435 | SQL Injection vulnerability in Wpdownloadmanager Premium Packages - Sell Digital products Securely Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in W3 Eden, Inc. | 7.2 |