Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-04-30 CVE-2024-25575 A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object.
network
low complexity
CWE-843
8.8
8.8
2024-04-30 CVE-2024-25648 A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget.
network
low complexity
CWE-416
8.8
8.8
2024-04-30 CVE-2024-25938 A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget.
network
low complexity
CWE-416
8.8
8.8
2024-04-30 CVE-2024-1895 The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.4 via deserialization via shortcode of untrusted input from a custom meta value.
network
high complexity
 7.5
7.5
2024-04-30 CVE-2024-2663 The ZD YouTube FLV Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.6 via the $_GET['image'] parameter.
network
low complexity
 8.3
8.3
2024-04-30 CVE-2024-3072 The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_texts() function in all versions up to, and including, 2.0.2.
network
low complexity
 4.3
4.3
2024-04-30 CVE-2024-4185 The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Email Verification and Authentication Bypass in all versions up to, and including, 2.7.4 via the use of insufficiently random activation code.
network
high complexity
 8.1
8.1
2024-04-30 CVE-2024-0216 The Google Doc Embedder plugin for WordPress is vulnerable to Server Side Request Forgery via the 'gview' shortcode in versions up to, and including, 2.6.4.
network
low complexity
 6.4
6.4
2024-04-29 CVE-2024-3375 Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc.
network
low complexity
CWE-732
critical
 9.4
9.4
2024-04-29 CVE-2024-4302 Super 8 Live Chat online customer service platform fails to properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box.
network
low complexity
 6.1
6.1