Skip to main content
CVE-2024-21893 HIGH POC KEV THREAT Act Now

Ivanti Connect Secure and Policy Secure contain an SSRF vulnerability in the SAML component allowing unauthenticated access to restricted resources, used as an additional exploitation vector during the January 2024 Ivanti crisis.

NVD
CVSS 3.1
8.2
EPSS
94.3%
Threat
9.5
CVE-2023-6246 HIGH POC THREAT Act Now

Local privilege escalation in GNU glibc 2.36 and newer arises from a heap-based buffer overflow in __vsyslog_internal, reachable via the syslog/vsyslog interfaces when openlog was not called (or called with a NULL ident) and argv[0]'s basename exceeds 1024 bytes. Any setuid/setgid binary on affected Linux distributions (including Fedora 38 and 39) that invokes syslog can be leveraged by a local attacker to crash the process or escalate privileges to root. Publicly available exploit code exists and EPSS sits at the 96th percentile, signaling meaningful real-world risk despite the local attack vector.

Privilege Escalation Heap Overflow Buffer Overflow Glibc Fedora
NVD
CVSS 3.1
8.4
EPSS
25.5%
CVE-2024-24573 HIGH POC PATCH This Week

facileManager is a modular suite of web apps built with the sysadmin in mind. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass PHP Facilemanager
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-21888 HIGH POC THREAT This Week

A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ivanti Connect Secure Policy Secure
NVD GitHub
CVSS 3.1
8.8
EPSS
86.8%
CVE-2023-6779 HIGH POC This Week

Heap-based off-by-one buffer overflow in glibc's __vsyslog_internal function affects versions 2.37 and newer, triggered when syslog() or vsyslog() are invoked with messages exceeding INT_MAX bytes. Remote attackers can cause application crashes (denial of service) and potentially impact integrity in applications that log attacker-controlled data via syslog. Publicly available exploit code exists, though EPSS exploitation probability remains moderate at 0.65% (71st percentile) and the issue is not listed in CISA KEV.

Heap Overflow Buffer Overflow Glibc Fedora
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2024-1086 HIGH POC KEV PATCH THREAT This Week

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Use After Free Linux Memory Corruption Linux Kernel +11
NVD GitHub
CVSS 3.1
7.8
EPSS
28.1%
CVE-2024-1098 HIGH POC This Week

A vulnerability was found in Rebuild up to 3.5.5 and classified as problematic.getStorageFile of the file /filex/proxy-download. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rebuild
NVD VulDB
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-22140 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro.10.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Profile Builder
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-23507 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP InstaWP Connect instawp-connect.1.0.9. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
8.5
EPSS
0.2%
CVE-2024-1069 HIGH PATCH This Week

The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including, 1.3.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE WordPress Database For Contact Form 7 Wpforms Elementor Forms Elementor
NVD
CVSS 3.1
7.2
EPSS
3.4%
CVE-2024-0833 HIGH This Week

In Telerik Test Studio versions prior to v2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Telerik Test Studio
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0832 HIGH This Week

In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Telerik Reporting
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0219 HIGH This Week

In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Telerik Justdecompile
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-1085 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Privilege Escalation Use After Free Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-22305 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress - Kali Forms.3.36. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Kali Forms
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-21916 HIGH This Week

A denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Rockwell Controllogix 5570 Controller Firmware Guardlogix 5570 Controller Firmware Controllogix 5570 Redundant Controller Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-22307 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay.5.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-22159 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WOLF - WordPress Posts Bulk Editor and Manager Professional allows Reflected XSS.0.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Wolf Wordpress Posts Bulk Editor And Products Manager Professional
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-22293 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrea Tarantini BP Profile Search allows Reflected XSS.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bp Profile Search
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-22289 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberNetikz Post views Stats post-views-stats allows DOM-Based XSS.4.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-22286 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aluka BA Plus - Before & After Image Slider FREE allows Reflected XSS.0.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ba Plus
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-22282 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Torbert SimpleMap Store Locator allows Reflected XSS.6.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Simplemap Store Locator
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-22163 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shield Security Shield Security - Smart Bot Blocking & Intrusion Prevention Security allows. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Shield Security
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-22162 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM WPZOOM Shortcodes wpzoom-shortcodes allows Reflected XSS.0.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-22160 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bradley B. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Image Tag Manager
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-23508 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins PDF Poster - PDF Embedder Plugin for WordPress allows Reflected XSS.1.17. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Pdf Poster
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-22287 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Luděk Melichar Better Anchor Links allows Cross-Site Scripting (XSS).7.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Better Anchor Links
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-22290 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in AboZain,O7abeeb,UnitOne Custom Dashboard Widgets allows Cross-Site Scripting (XSS).3.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Custom Dashboard Widgets
NVD
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy