Skip to main content
CVE-2024-24926 HIGH Act Now

Deserialization of Untrusted Data vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme.9.7.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Epss exploitation probability 42.1% and no vendor patch available.

Deserialization WordPress Brooklyn
NVD
CVSS 3.1
7.5
EPSS
42.1%
CVE-2024-25108 HIGH POC PATCH This Week

Pixelfed is an open source photo sharing platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Pixelfed
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-24337 HIGH POC This Week

CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Koha
NVD
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-23762 HIGH POC This Week

Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Gambio
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-23833 HIGH POC PATCH This Week

OpenRefine is a free, open source power tool for working with messy data and improving it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization RCE Path Traversal Openrefine
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-0566 HIGH POC This Week

The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Smart Manager
NVD WPScan Exploit-DB
CVSS 3.1
7.2
EPSS
3.3%
CVE-2024-23513 HIGH This Week

Deserialization of Untrusted Data vulnerability in PropertyHive.0.5. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Propertyhive
NVD
CVSS 3.1
8.7
EPSS
0.5%
CVE-2024-25744 HIGH PATCH This Week

In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-23512 HIGH This Week

Deserialization of Untrusted Data vulnerability in wpxpo ProductX - WooCommerce Builder & Gutenberg WooCommerce Blocks.1.4. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization WordPress Wowstore
NVD
CVSS 3.1
8.7
EPSS
0.4%
CVE-2024-24796 HIGH This Week

Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce - WpEvently - WordPress Plugin.1.1. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization WordPress Event Manager And Tickets Selling For Woocommerce
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-25110 HIGH PATCH This Week

The UAMQP is a general purpose C library for AMQP 1.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Azure Uamqp
NVD GitHub
CVSS 3.1
8.1
EPSS
6.6%
CVE-2024-22228 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-22227 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-22225 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2024-22224 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2024-22223 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2024-22222 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2024-0170 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-0168 HIGH This Week

Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-0167 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-0166 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2024-0165 HIGH This Week

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2024-0164 HIGH This Week

Dell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Unity Operating Environment
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2024-24933 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prasidhda Malla Honeypot for WP Comment allows Reflected XSS.2.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Honeypot For Wp Comment
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-24932 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Djo VK Poster Group allows Reflected XSS.0.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vk Poster Group
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-24927 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme allows Reflected. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Brooklyn
NVD
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy