| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-10820 | WooCommerce Upload Files <= 84.3 - Unauthenticated Arbitrary File Upload | Unknown | WooCommerce Upload Files | Critical | 9.8 | 2024-11-13 03:20:08 | Deep Dive |
| CVE-2024-10687 | Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons <= 24.0.3 - Unauthenticated SQL Injection | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | Critical | 9.8 | 2024-11-05 09:30:59 | Deep Dive |
| CVE-2024-7985 | FileOrganizer <= 1.0.9 - Authenticated (Subscriber+) Arbitrary File Upload | softaculous | FileOrganizer – WordPress File Manager | High | 7.5 | 2024-10-29 15:31:55 | Deep Dive |
| CVE-2024-49386 | Acronis Cyber Files 安全漏洞 | Acronis | Acronis Cyber Files | - | - | 2024-10-17 09:49:45 | Deep Dive |
| CVE-2024-49389 | Acronis Cyber Files 安全漏洞 | Acronis | Acronis Cyber Files | - | - | 2024-10-17 09:49:34 | Deep Dive |
| CVE-2024-49390 | Acronis Cyber Files 代码问题漏洞 | Acronis | Acronis Cyber Files | - | - | 2024-10-17 09:49:17 | Deep Dive |
| CVE-2024-49391 | Acronis Cyber Files 代码问题漏洞 | Acronis | Acronis Cyber Files | - | - | 2024-10-17 09:48:59 | Deep Dive |
| CVE-2024-49392 | Acronis Cyber Files 跨站脚本漏洞 | Acronis | Acronis Cyber Files | - | - | 2024-10-17 09:48:40 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-9891 | Multiline files upload for contact form 7 <= 2.8.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Deactivation | zluck | MultiLine Files for Contact Form 7 | Medium | 4.3 | 2024-10-16 02:05:06 | Deep Dive |
| CVE-2024-9146 | WordPress CSS JS Files plugin <= 1.5.0 - Directory Traversal to File Read vulnerability | jamesdlow | CSS JS Files | Medium | 4.9 | 2024-10-05 10:31:11 | Deep Dive |
| CVE-2024-9333 | Permission bypass in M-Files Connector for Copilot | M-Files Corporation | M-Files Connector for Copilot | 中危 | - | 2024-10-02 05:57:41 | Deep Dive |
| CVE-2024-9174 | Stored HTML Injection in Hubshare social module | M-Files Corporation | M-Files Hubshare | 中危 | - | 2024-10-02 05:56:28 | Deep Dive |
| CVE-2024-6789 | Path traversal in M-Files API | M-Files Corporation | M-Files Server | - | - | 2024-08-27 09:57:00 | Deep Dive |
| CVE-2024-43230 | WordPress Shared Files – Premium Download Manager & Secure File Sharing with Frontend File Upload plugin <= 1.7.28 - Sensitive Data Exposure vulnerability | Anssi Laitila | Shared Files | Medium | 5.3 | 2024-08-26 20:19:27 | Deep Dive |
| CVE-2024-7848 | User Private Files <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private File Access | deepakkite | File Sharing & Download Manager – User Private Files | Medium | 4.3 | 2024-08-22 10:58:41 | Deep Dive |
| CVE-2024-6124 | Reflected XSS in Hubshare via Open Redirect | M-Files Corporation | Hubshare | - | - | 2024-07-29 13:00:34 | Deep Dive |
| CVE-2024-6881 | Stored XSS Vulnerability | M-Files Corporation | Hubshare | - | - | 2024-07-29 12:56:52 | Deep Dive |
| CVE-2024-34691 | Missing Authorization check in SAP S/4HANA (Manage Incoming Payment Files) | SAP_SE | SAP S/4HANA (Manage Incoming Payment Files) | Medium | 6.5 | 2024-06-11 02:22:24 | Deep Dive |
| CVE-2024-5599 | FileOrganizer <= 1.0.7 - Sensitive Information Exposure via Directory Listing | softaculous | FileOrganizer – WordPress File Manager | High | 7.5 | 2024-06-07 12:33:44 | Deep Dive |