Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2024-07-25 CVE-2024-6589 The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.6.8.2 via the 'render_content_block_template' function.
network
low complexity
 8.8
8.8
2024-07-24 CVE-2024-31970 AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have SSH enabled by default, accessible both over the LAN and the Internet.
network
low complexity
 8.8
8.8
2024-07-24 CVE-2024-36541 Incorrect Default Permissions vulnerability in Kube-Logging Logging-Operator 4.6.0
Insecure permissions in logging-operator v4.6.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
network
low complexity
kube-logging CWE-276
8.8
8.8
2024-07-24 CVE-2024-7069 SQL Injection vulnerability in Employee and Visitor Gate Pass Logging System Project Employee and Visitor Gate Pass Logging System 1.0
A vulnerability, which was classified as critical, has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. 		7.5
7.5
2024-07-24 CVE-2024-39345 AdTran 834-5 HDC17600021F1 (SmartOS 11.1.1.1) devices enable the SSH service by default and have a hidden, undocumented, hard-coded support account whose password is based on the devices MAC address.
network
low complexity
CWE-78
7.2
7.2
2024-07-24 CVE-2024-6750 The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14.
network
low complexity
 7.3
7.3
2024-07-24 CVE-2024-6753 The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mapTypes’ parameter in the 'wpw_auto_poster_map_wordpress_post_type' AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output escaping.
network
low complexity
 7.2
7.2
2024-07-24 CVE-2024-6756 The Social Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpw_auto_poster_get_image_path' function in all versions up to, and including, 5.3.14.
network
low complexity
 8.8
8.8
2024-07-23 CVE-2024-38176 An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network.
network
high complexity
CWE-307
8.1
8.1
2024-07-23 CVE-2024-0760 A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress.
network
low complexity
 7.5
7.5