Skip to main content
CVE-2024-23646 HIGH POC PATCH This Week

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Admin Classic Bundle
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-23648 HIGH POC PATCH This Week

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Admin Classic Bundle
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-23641 HIGH POC PATCH This Week

SvelteKit is a web development kit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Adapter Node Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-22284 HIGH This Week

Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.7.2. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Asgaros Forum
NVD
CVSS 3.1
8.7
EPSS
0.7%
CVE-2024-23898 HIGH PATCH This Week

Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins
NVD
CVSS 3.1
8.8
EPSS
66.9%
CVE-2024-0813 HIGH This Week

Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-0812 HIGH This Week

Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-0806 HIGH This Week

Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-22309 HIGH This Week

Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.1.0. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Wpbot
NVD
CVSS 3.1
8.7
EPSS
0.3%
CVE-2024-23644 HIGH PATCH This Week

Trillium is a composable toolkit for building internet applications with async rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

SSRF Trillium Trillium Http
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-22135 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce.4.3. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

WordPress File Upload Order Export Order Import For Woocommerce
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2024-22152 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.3.7. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

WordPress File Upload Product Import Export For Woocommerce
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2024-22154 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SNP Digital SalesKing.6.15. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Salesking
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-23904 HIGH This Week

Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Jenkins Log Command
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-0804 HIGH This Week

Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
7.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy