Skip to main content
CVE-2024-0962 HIGH POC PATCH This Week

A vulnerability was found in obgm libcoap 4.3.4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Stack Overflow Libcoap
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-0960 CRITICAL Act Now

A vulnerability was found in flink-extended ai-flow 0.3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Aiflow
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-0959 CRITICAL Act Now

A vulnerability was found in StanfordVL GibsonEnv 0.3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Gibsonenv
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-22862 CRITICAL PATCH Act Now

Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Ffmpeg
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-22860 CRITICAL PATCH Act Now

Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Ffmpeg
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-0958 MEDIUM POC This Month

A vulnerability was found in CodeAstro Stock Management System 1.0 and classified as problematic.php of the component Add Category Handler. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Stock Management System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-22283 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Delhivery Delhivery Logistics Courier.0.107. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Logistics Courier
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2024-0618 MEDIUM POC PATCH This Month

The Contact Form Plugin - Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available.

WordPress XSS Contact Form
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-23506 HIGH This Week

Insertion of Sensitive Information Into Sent Data vulnerability in InstaWP InstaWP Connect instawp-connect.1.0.9. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
7.7
EPSS
0.3%
CVE-2024-22147 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce.7.5. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Woocommerce Pdf Invoices Packing Slips
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2024-22861 HIGH PATCH This Week

Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Ffmpeg
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-0697 MEDIUM PATCH This Month

The Backuply - Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Backuply
NVD VulDB
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-0824 MEDIUM PATCH This Month

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Anything functionality in all versions up to, and including, 2.6.8 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Exclusive Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-0667 MEDIUM PATCH This Month

The Form Maker by 10Web - Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.15.21. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF WordPress Form Maker
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2023-52187 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Thomas Maier Image Source Control Lite - Show Image Credits and Captions.17.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Image Source Control
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-0664 MEDIUM PATCH This Month

The Meks Smart Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meks Smart Social Widget in all versions up to, and including, 1.6.3 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Meks Smart Social Widget
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-6497 MEDIUM PATCH This Month

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatic redirect URL setting in all versions up to and including 4.7.1 due to. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wordpress Simple Paypal Shopping Cart
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy