Skip to main content
CVE-2021-4434 CRITICAL POC Act Now

Remote code execution in the Social Warfare WordPress plugin (versions ≤ 3.5.2) allows unauthenticated attackers to run arbitrary code on the server via the 'swp_url' parameter. Publicly available exploit code exists and the issue carries a maximum CVSS 10.0 with scope change, while the EPSS score of 7.99% (92nd percentile) signals meaningfully elevated exploitation interest. The flaw was reported by Wordfence and primarily threatens WordPress sites still running this abandoned/legacy plugin version.

RCE Code Injection WordPress Social Warfare
NVD
CVSS 3.1
10.0
EPSS
8.0%
CVE-2024-22715 HIGH POC This Week

Stupid Simple CMS <=1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin-edit.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Stupid Simple Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46952 MEDIUM POC This Month

Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker to execute arbitrary code via a crafted payload to the Referer header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Abo Cms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-0647 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Sparksuite SimpleMDE up to 1.11.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simplemde
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-22714 MEDIUM POC This Month

Stupid Simple CMS <=1.2.4 is vulnerable to Cross Site Scripting (XSS) in the editing section of the article content. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Stupid Simple Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-0649 CRITICAL Act Now

A vulnerability was found in ZhiHuiYun up to 4.4.13 and classified as critical.php of the component Search. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF PHP Zhihuiyun
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-0648 CRITICAL Act Now

A vulnerability has been found in Yunyou CMS up to 2.2.6 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Yunyou Cms
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-20272 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco File Upload Unity Connection
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-0643 CRITICAL Act Now

Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Live Encoder
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-0642 CRITICAL Act Now

Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Live Encoder
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-22414 MEDIUM POC This Month

flaskBlog is a simple blog app built with Flask. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Python Flaskblog
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-20277 HIGH This Week

A vulnerability in the web-based management interface of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, remote attacker to perform a command. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Thousandeyes Enterprise Agent
NVD
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-22410 HIGH This Week

Creditcoin is a network that enables cross-blockchain credit transactions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Creditcoin
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0646 HIGH PATCH This Week

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-0645 HIGH This Week

Buffer overflow vulnerability in Explorer++ affecting version 1.3.5.531. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Explorer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0405 HIGH PATCH This Week

The Burst Statistics - Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Authentication Bypass Burst Statistics
NVD VulDB
CVSS 3.1
7.2
EPSS
0.2%
CVE-2024-20287 HIGH This Week

A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Wap371 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2022-41990 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza 3D Tag Cloud allows Stored XSS.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Cardoza 3D Tag Cloud
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-0396 HIGH This Week

In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an input validation issue was discovered. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Moveit Transfer
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2022-36418 MEDIUM This Month

Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hreflang Tags Lite
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-40203 MEDIUM This Month

Missing Authorization vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce.1.5. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Advanced Dynamic Pricing For Woocommerce
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0641 MEDIUM PATCH This Month

A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel’s TIPC subsystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-0639 MEDIUM PATCH This Month

A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-42884 MEDIUM This Month

Missing Authorization vulnerability in ThemeinProgress WIP Custom Login.2.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Wip Custom Login
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2022-41786 MEDIUM This Month

Missing Authorization vulnerability in WP Job Portal WP Job Portal - A Complete Job Board.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp Job Portal
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-23896 MEDIUM This Month

Missing Authorization vulnerability in MyThemeShop URL Shortener by MyThemeShop.0.17. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Url Shortener
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2022-41695 MEDIUM This Month

Missing Authorization vulnerability in SedLex Traffic Manager.4.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Traffic Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2022-41619 MEDIUM This Month

Missing Authorization vulnerability in SedLex Image Zoom.8.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Image Zoom
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2022-40702 MEDIUM This Month

Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Advanced Local Pickup For Woocommerce
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2023-34379 MEDIUM This Month

Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento to WooCommerce Migration.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe WordPress Magento To Woocommerce Migration
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2024-20270 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an authenticated, remote attacker to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Broadworks Xtended Services Platform Broadworks Application Delivery Platform
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-20251 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Identity Services Engine
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-41790 MEDIUM This Month

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.1.76. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Wp Time Slots Booking Form
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2022-38141 MEDIUM This Month

Missing Authorization vulnerability in Zorem Sales Report Email for WooCommerce.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Sales Report Email For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-23882 MEDIUM This Month

Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder - Lite.5.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ultimate Addons For Beaver Builder
NVD
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy