Skip to main content
CVE-2024-22715 HIGH POC This Week

Stupid Simple CMS <=1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin-edit.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Stupid Simple Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-20277 HIGH This Week

A vulnerability in the web-based management interface of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, remote attacker to perform a command. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Thousandeyes Enterprise Agent
NVD
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-22410 HIGH This Week

Creditcoin is a network that enables cross-blockchain credit transactions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Creditcoin
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0646 HIGH PATCH This Week

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-0645 HIGH This Week

Buffer overflow vulnerability in Explorer++ affecting version 1.3.5.531. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Explorer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0405 HIGH PATCH This Week

The Burst Statistics - Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Authentication Bypass Burst Statistics
NVD VulDB
CVSS 3.1
7.2
EPSS
0.2%
CVE-2024-20287 HIGH This Week

A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Wap371 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2022-41990 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza 3D Tag Cloud allows Stored XSS.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Cardoza 3D Tag Cloud
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-0396 HIGH This Week

In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an input validation issue was discovered. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Moveit Transfer
NVD
CVSS 3.1
7.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy