Skip to main content
CVE-2024-21893 HIGH POC KEV THREAT Act Now

Ivanti Connect Secure and Policy Secure contain an SSRF vulnerability in the SAML component allowing unauthenticated access to restricted resources, used as an additional exploitation vector during the January 2024 Ivanti crisis.

NVD
CVSS 3.1
8.2
EPSS
94.3%
Threat
9.5
CVE-2023-6246 HIGH POC THREAT Act Now

Local privilege escalation in GNU glibc 2.36 and newer arises from a heap-based buffer overflow in __vsyslog_internal, reachable via the syslog/vsyslog interfaces when openlog was not called (or called with a NULL ident) and argv[0]'s basename exceeds 1024 bytes. Any setuid/setgid binary on affected Linux distributions (including Fedora 38 and 39) that invokes syslog can be leveraged by a local attacker to crash the process or escalate privileges to root. Publicly available exploit code exists and EPSS sits at the 96th percentile, signaling meaningful real-world risk despite the local attack vector.

Privilege Escalation Heap Overflow Buffer Overflow Glibc Fedora
NVD
CVSS 3.1
8.4
EPSS
25.5%
CVE-2024-1012 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in Wanhu ezOFFICE 11.1.0.jsp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ezoffice
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-23745 CRITICAL POC Act Now

In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the Dirty NIB attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Command Injection Web Clipper
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2024-24573 HIGH POC PATCH This Week

facileManager is a modular suite of web apps built with the sysadmin in mind. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass PHP Facilemanager
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-21888 HIGH POC THREAT This Week

A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ivanti Connect Secure Policy Secure
NVD GitHub
CVSS 3.1
8.8
EPSS
86.8%
CVE-2023-6779 HIGH POC This Week

Heap-based off-by-one buffer overflow in glibc's __vsyslog_internal function affects versions 2.37 and newer, triggered when syslog() or vsyslog() are invoked with messages exceeding INT_MAX bytes. Remote attackers can cause application crashes (denial of service) and potentially impact integrity in applications that log attacker-controlled data via syslog. Publicly available exploit code exists, though EPSS exploitation probability remains moderate at 0.65% (71st percentile) and the issue is not listed in CISA KEV.

Heap Overflow Buffer Overflow Glibc Fedora
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2024-1086 HIGH POC KEV PATCH THREAT This Week

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Use After Free Linux Memory Corruption Linux Kernel +11
NVD GitHub
CVSS 3.1
7.8
EPSS
28.1%
CVE-2024-1098 HIGH POC This Week

A vulnerability was found in Rebuild up to 3.5.5 and classified as problematic.getStorageFile of the file /filex/proxy-download. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rebuild
NVD VulDB
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-24572 MEDIUM POC PATCH This Month

facileManager is a modular suite of web apps built with the sysadmin in mind. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Facilemanager
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-1117 CRITICAL Act Now

A vulnerability was found in openBI up to 1.0.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection PHP RCE Openbi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-1116 CRITICAL Act Now

A vulnerability was found in openBI up to 1.0.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Openbi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-1115 CRITICAL Act Now

A vulnerability was found in openBI up to 1.0.8 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection Openbi
NVD VulDB
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-1114 CRITICAL Act Now

A vulnerability has been found in openBI up to 1.0.8 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Openbi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-1113 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Openbi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-24579 CRITICAL PATCH Act Now

stereoscope is a go library for processing container images and simulating a squash filesystem. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Stereoscope
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-1112 CRITICAL Act Now

Heap-based buffer overflow vulnerability in Resource Hacker, developed by Angus Johnson, affecting version 3.6.0.92. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Resource Hacker
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-24571 MEDIUM POC PATCH This Month

facileManager is a modular suite of web apps built with the sysadmin in mind. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Facilemanager
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-1103 MEDIUM POC This Month

A vulnerability was found in CodeAstro Real Estate Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Real Estate Management System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-1099 MEDIUM POC This Month

A vulnerability was found in Rebuild up to 3.5.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rebuild
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-22569 MEDIUM POC This Month

Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&is_install_db=0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Poscms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-6780 MEDIUM POC This Month

An integer overflow was found in the __vsyslog_internal function of the glibc library. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Glibc Fedora
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-24566 MEDIUM POC PATCH This Month

Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Lobe Chat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-21917 CRITICAL Act Now

A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Rockwell Factorytalk Services Platform
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2024-22140 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro.10.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Profile Builder
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-23507 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP InstaWP Connect instawp-connect.1.0.9. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
8.5
EPSS
0.2%
CVE-2024-1069 HIGH PATCH This Week

The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including, 1.3.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE WordPress Database For Contact Form 7 Wpforms Elementor Forms Elementor
NVD
CVSS 3.1
7.2
EPSS
3.4%
CVE-2024-0833 HIGH This Week

In Telerik Test Studio versions prior to v2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Telerik Test Studio
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0832 HIGH This Week

In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Telerik Reporting
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0219 HIGH This Week

In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Telerik Justdecompile
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-1085 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Privilege Escalation Use After Free Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-22305 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress - Kali Forms.3.36. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Kali Forms
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-21916 HIGH This Week

A denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Rockwell Controllogix 5570 Controller Firmware Guardlogix 5570 Controller Firmware Controllogix 5570 Redundant Controller Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-22307 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay.5.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-22159 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WOLF - WordPress Posts Bulk Editor and Manager Professional allows Reflected XSS.0.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Wolf Wordpress Posts Bulk Editor And Products Manager Professional
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-22293 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrea Tarantini BP Profile Search allows Reflected XSS.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bp Profile Search
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-22289 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberNetikz Post views Stats post-views-stats allows DOM-Based XSS.4.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-22286 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aluka BA Plus - Before & After Image Slider FREE allows Reflected XSS.0.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ba Plus
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-22282 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Torbert SimpleMap Store Locator allows Reflected XSS.6.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Simplemap Store Locator
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-22163 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shield Security Shield Security - Smart Bot Blocking & Intrusion Prevention Security allows. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Shield Security
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-22162 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM WPZOOM Shortcodes wpzoom-shortcodes allows Reflected XSS.0.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-22160 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bradley B. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Image Tag Manager
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-23508 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins PDF Poster - PDF Embedder Plugin for WordPress allows Reflected XSS.1.17. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Pdf Poster
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-22287 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Luděk Melichar Better Anchor Links allows Cross-Site Scripting (XSS).7.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Better Anchor Links
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-22290 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in AboZain,O7abeeb,UnitOne Custom Dashboard Widgets allows Cross-Site Scripting (XSS).3.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Custom Dashboard Widgets
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-23502 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in InfornWeb Posts List Designer by Category - List Category Posts Or Recent Posts allows Stored. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Posts List Designer By Category
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-22158 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo - Social Network, Membership, Registration, User Profiles allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Peepso
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-22150 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PWR Plugins Portfolio & Image Gallery for WordPress | PowerFolio allows Stored XSS.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Powerfolio
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-22146 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.25. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Schema Structured Data For Wp Amp
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-22302 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ignazio Scimone Albo Pretorio On line allows Stored XSS.6.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Albo Pretorio On Line
NVD
CVSS 3.1
6.5
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy