CVE CyberSecurity Database News (Page 6)

Nov 26, 2024 WordPress Exploit PHP

CVE-2024-10542 - Unauthorized Arbitrary Plugin Installation Vulnerability in Spam Protection, Anti-Spam, FireWall by CleanTalk Plugin for WordPress

-- The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress, a popular plugin for protecting WordPress websites from spam, is found to be vulnerable

Nov 24, 2024

CVE-2024-53899: Command Injection Vulnerability in virtualenv Before 20.26.6 - Exploit Details, Code Snippets, and Original References

A new security vulnerability, CVE-2024-53899, has been discovered in virtualenv, a popular tool for creating isolated Python environments. Virtualenv versions before 20.26.6 are

Nov 24, 2024 Exploit PHP

CVE-2024-11233: Buffer Overread in PHP's convert.quoted-printable-decode Filter

CVE-2024-11233 is a security vulnerability associated with PHP's convert.quoted-printable-decode filter. The issue impacts PHP versions 8.1.* before 8.1.31, 8.

Nov 24, 2024 RCE Exploit PHP

CVE-2024-11236: PHP ldap_escape() Function Integer Overflow on 32-Bit Systems

A new vulnerability, CVE-2024-11236, has been identified in multiple versions of PHP, affecting the ldap_escape() function on 32-bit systems. The vulnerability is caused by

Nov 22, 2024 Exploit

CVE-2024-11477 - 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability Discovered in the Wild

The CVE-2024-11477 vulnerability has been recently identified in affected installations of the popular file archiving utility, 7-Zip. This critical vulnerability, if exploited, allows remote attackers