virus logo Dynamic Application Security Testing

Version: 24.40000

Released Date: Jan 15, 2025 02:01

New (13)

Version -
Name

Total: 13

Name
Status
Update
CVE-2024-10914 Command Injection Vulnerability in `name` parameter for D-Link NAS
New
A critical OS command injection in D-Link devices via /cgi-bin/account_mgr.cgi, allowing remote attackers to compromise systems, gain unauthorized access, and cause significant disruption.
CVE-2024-1212 Arbitrary system command execution on LoadMaster management interface.
New
A critical vulnerability in Kemp LoadMaster enabling unauthenticated attackers to execute arbitrary OS commands on affected appliances. Kemp LoadMaster OS Command Injection
CVE-2024-3495 Unauthenticated SQL Injection on Country State City Dropdown CF7 plugin for WordPress.
New
SQL injection in the Country State City Dropdown CF7 WordPress plugin (<=2.7.2) allows unauthenticated attackers to exploit improperly escaped user inputs.
CVE-2024-3552 Unauthenticated SQL Injection on Web Directory Free
New
Unauthenticated SQL injection in Web Directory Free WordPress plugin (<1.7.0) allows attackers to manipulate databases using multiple injection techniques.
CVE-2024-36412 Unauthenticated SQL Injection on SuiteCRM
New
SuiteCRM versions (<7.14.4, <8.6.1) contain a SQL injection in the events response entry point, risking data manipulation and system compromise.
CVE-2024-37843 Craft CMS <=v3.7.31 - SQL Injection
New
Critical SQL injection in Craft CMS (<=3.7.31) via GraphQL API allows attackers to inject malicious SQL into databases, risking data breaches.
CVE-2024-3922 SQL Injection vulnerability in Dokan Pro plugin for WordPress.
New
Dokan Pro WordPress plugin (<=3.10.3) is vulnerable to SQL injection via code parameter, exposing sensitive database information to unauthenticated attackers.
CVE-2024-5522 Wordpress HTML5 Video Player plugin SQLi
New
Unauthenticated SQL injection in HTML5 Video Player WordPress plugin (<2.5.27) allows attackers to execute SQL commands and access sensitive data.
CVE-2024-5910 Palo Alto Expedition - Admin Account Takeover
New
A missing authentication flaw in Palo Alto Networks Expedition allows attackers to gain administrative control and access sensitive configuration data. Palo Alto Expedition Vulnerability Threat Signal
CVE-2024-9379 Ivanti CSA SQL Injection
New
SQL injection in Ivanti Cloud Services Appliance (<5.0.2) admin console allows authenticated attackers to execute arbitrary SQL queries. Ivanti CSA Zero-Day Attack Threat Signal