Skip to main content
CVE-2024-1512 CRITICAL POC THREAT Emergency

The MasterStudy LMS WordPress Plugin - for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.6%.

SQLi WordPress Masterstudy Lms
NVD VulDB
CVSS 3.1
9.8
EPSS
93.6%
Threat
6.3
CVE-2024-21492 HIGH POC This Week

All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Google Caddy Security
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-25468 HIGH POC This Week

An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Denial Of Service X5000r Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-25298 HIGH POC This Week

An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Redaxo
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-21500 MEDIUM POC This Month

All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Caddy Security
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-21496 MEDIUM POC This Month

All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting (XSS) via the Referer header, due to improper input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Caddy Security
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-0610 CRITICAL PATCH Act Now

The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi WordPress Piraeus Bank Woocommerce Payment Gateway
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-21495 CRITICAL PATCH Act Now

Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Caddy Security
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-21498 MEDIUM POC This Month

All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery (SSRF) via X-Forwarded-Host header manipulation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Caddy Security
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-25297 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Bludit
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2024-20953 HIGH KEV THREAT This Week

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Oracle Agile Product Lifecycle Management
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2024-20927 HIGH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Weblogic Server
NVD
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-22727 HIGH This Week

Teltonika TRB1-series devices with firmware before TRB1_R_00.07.05.2 allow attackers to exploit a firmware vulnerability via Ethernet LAN or USB. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Trb140 Firmware Trb141 Firmware Trb142 Firmware Trb143 Firmware +1
NVD
CVSS 3.1
8.3
EPSS
0.3%
CVE-2024-20931 HIGH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
59.7%
CVE-2024-20917 HIGH This Week

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Log Management). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Denial Of Service Oracle Enterprise Manager Base Platform
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-20909 HIGH This Week

Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Oracle Audit Vault And Database Firewall
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-20956 HIGH This Week

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Installation). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Agile Product Lifecycle Management For Process
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2024-20962 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-20960 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: RAPID). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-20929 MEDIUM This Month

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: DB Privileges). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Application Object Library
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-20903 MEDIUM This Month

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Java Oracle Database Server
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-21497 MEDIUM This Month

Versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirect_url parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Caddy Security
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-20986 MEDIUM This Month

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Oracle Weblogic Server
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-20951 MEDIUM This Month

Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Customer Interaction History
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-20949 MEDIUM This Month

Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Oracle Customer Interaction History
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-20941 MEDIUM PATCH This Month

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: HTML UI). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Oracle Installed Base
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-20935 MEDIUM This Month

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Installed Base
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-20933 MEDIUM This Month

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Oracle Installed Base
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-20907 MEDIUM This Month

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: File download). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Web Applications Desktop Integrator
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-22337 MEDIUM This Month

IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Security Qradar Suite
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-22336 MEDIUM This Month

IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Security Qradar Suite
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-22335 MEDIUM This Month

IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Security Qradar Suite
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-21494 MEDIUM This Month

All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Caddy Security
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-20980 MEDIUM This Month

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Business Intelligence Publisher
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-20958 MEDIUM This Month

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Installed Base
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-20947 MEDIUM This Month

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Common Applications
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-20943 MEDIUM PATCH This Month

Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Internal Operations). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Knowledge Management
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-20913 MEDIUM This Month

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Business Intelligence
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-21493 MEDIUM This Month

All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Caddy Security
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-20964 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Mysql Server
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2024-20915 MEDIUM This Month

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Login - SSO). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Denial Of Service Oracle Application Object Library
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-20982 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2024-20978 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2024-20976 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2024-20974 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2024-20972 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2024-20970 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2024-20966 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2024-20984 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server : Security : Firewall). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Mysql Server
NVD
CVSS 3.1
4.4
EPSS
1.0%
CVE-2024-20968 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Mysql Server
NVD
CVSS 3.1
4.4
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy