Skip to main content
CVE-2024-23759 CRITICAL POC THREAT Emergency

Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE File Upload Gambio
NVD
CVSS 3.1
9.8
EPSS
47.8%
CVE-2024-24926 HIGH Act Now

Deserialization of Untrusted Data vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme.9.7.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Epss exploitation probability 42.1% and no vendor patch available.

Deserialization WordPress Brooklyn
NVD
CVSS 3.1
7.5
EPSS
42.1%
CVE-2024-23763 CRITICAL POC Act Now

SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Gambio
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-23761 CRITICAL POC Act Now

Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF RCE Gambio
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25108 HIGH POC PATCH This Week

Pixelfed is an open source photo sharing platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Pixelfed
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-24337 HIGH POC This Week

CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Koha
NVD
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-23762 HIGH POC This Week

Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Gambio
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-23833 HIGH POC PATCH This Week

OpenRefine is a free, open source power tool for working with messy data and improving it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization RCE Path Traversal Openrefine
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-0566 HIGH POC This Week

The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Smart Manager
NVD WPScan Exploit-DB
CVSS 3.1
7.2
EPSS
3.3%
CVE-2024-25100 CRITICAL Act Now

Unauthenticated PHP object injection in the WP Swings Coupon Referral Program plugin for WordPress (versions up to and including 1.8.4) allows remote attackers to deliver crafted serialized payloads that the plugin deserializes, leading to full compromise with changed scope (CVSS 10.0). No public exploit has been identified at time of analysis, and EPSS sits at 0.83% (75th percentile) - moderate exploitation likelihood despite the maximum severity score. The vulnerability is not currently listed in CISA KEV.

Deserialization
NVD
CVSS 3.1
10.0
EPSS
0.8%
CVE-2024-0250 MEDIUM POC This Month

The Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin before 6.3 is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Open Redirect Google Analytics Insights
NVD WPScan
CVSS 3.1
6.1
EPSS
1.3%
CVE-2024-24797 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed - Essential Real Estate Add-On.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Ere Recently Viewed
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-25741 MEDIUM POC This Month

printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-0420 MEDIUM POC This Month

The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mappress Maps For Wordpress
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-0421 MEDIUM POC This Month

The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Mappress Maps For Wordpress
NVD WPScan
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-23513 HIGH This Week

Deserialization of Untrusted Data vulnerability in PropertyHive.0.5. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Propertyhive
NVD
CVSS 3.1
8.7
EPSS
0.5%
CVE-2024-25744 HIGH PATCH This Week

In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-23512 HIGH This Week

Deserialization of Untrusted Data vulnerability in wpxpo ProductX - WooCommerce Builder & Gutenberg WooCommerce Blocks.1.4. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization WordPress Wowstore
NVD
CVSS 3.1
8.7
EPSS
0.4%
CVE-2024-0248 MEDIUM POC This Month

The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Eazydocs
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-24796 HIGH This Week

Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce - WpEvently - WordPress Plugin.1.1. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization WordPress Event Manager And Tickets Selling For Woocommerce
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-25110 HIGH PATCH This Week

The UAMQP is a general purpose C library for AMQP 1.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Azure Uamqp
NVD GitHub
CVSS 3.1
8.1
EPSS
6.6%
CVE-2024-22228 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-22227 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-22225 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2024-22224 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2024-22223 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2024-22222 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2024-0170 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-0168 HIGH This Week

Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-0167 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-0166 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2024-0165 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2024-0164 HIGH This Week

Dell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2024-24933 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prasidhda Malla Honeypot for WP Comment allows Reflected XSS.2.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Honeypot For Wp Comment
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-24932 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Djo VK Poster Group allows Reflected XSS.0.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vk Poster Group
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-24927 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme allows Reflected. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Brooklyn
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-23760 LOW POC Monitor

Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gambio
NVD
CVSS 3.1
2.7
EPSS
0.4%
CVE-2023-46615 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in Kalli Dan. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Kd Coming Soon
NVD
CVSS 3.1
5.4
EPSS
5.6%
CVE-2023-51403 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nicdark Restaurant Reservations allows Stored XSS.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Restaurant Reservations
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-24931 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in swadeshswain Before After Image Slider WP allows Stored XSS.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Before After Image Slider
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-24930 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes.Com Buttons Shortcode and Widget allows Stored XSS.16. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Buttons Shortcode And Widget
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-50875 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS - Online Courses, Quizzes, & Learning allows Stored XSS.17.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sensei Lms
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-24928 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arunas Liuiza Content Cards allows Stored XSS.9.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Content Cards
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-1250 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Privilege Escalation
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-22226 MEDIUM This Month

Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Dell Unity Operating Environment
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-22221 MEDIUM This Month

Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Dell Unity Operating Environment
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-24889 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Geek Code Lab All 404 Pages Redirect to Homepage allows Stored XSS.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS All 404 Pages Redirect To Homepage
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-51370 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NinjaTeam WP Chat App allows Stored XSS.4.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Chat App
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-47526 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chart Builder Team Chartify - WordPress Chart Plugin allows Stored XSS.0.6. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Chartify
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2024-25739 MEDIUM This Month

create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy