Skip to main content
CVE-2024-24756 HIGH POC PATCH This Week

Crafatar serves Minecraft avatars based on the skin for use in external applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Docker Crafatar
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-21852 HIGH This Week

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can supply a malicious configuration file by utilizing a Zip Slip vulnerability in the unpacking routine to achieve. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Rapid Scada
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-22859 HIGH PATCH This Week

Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE CSRF Livewire
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-0325 HIGH This Week

In Helix Sync versions prior to 2024.1, a local command injection was identified. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Command Injection RCE Helix Sync
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-22449 HIGH This Week

Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Powerscale Onefs
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-1167 HIGH This Week

When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can occur. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Movitools Motionstudio
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-0935 HIGH This Week

Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Delmia Apriso
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-21750 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scribit Shortcodes Finder allows Reflected XSS.5.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Shortcodes Finder
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-51509 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Registrationmagic
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-51540 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kunal Nagar Custom 404 Pro allows Stored XSS.10.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Custom 404 Pro
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-22148 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Smart Editor JoomUnited allows Reflected XSS.3.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Smart Editor
NVD
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy