Skip to main content
CVE-2024-1709 CRITICAL POC KEV PATCH THREAT Act Now

ConnectWise ScreenConnect contains a critical authentication bypass (CVSS 10.0) that allows direct access to the administrative interface, mass-exploited within hours of disclosure for ransomware deployment.

NVD GitHub
CVSS 3.1
10.0
EPSS
94.3%
Threat
9.8
CVE-2024-1708 HIGH POC KEV THREAT Act Now

Path traversal in ConnectWise ScreenConnect 23.9.7 and earlier enables attackers with administrative privileges to write files outside intended directories, leading to remote code execution or direct compromise of confidential data and critical systems. This vulnerability is confirmed actively exploited (CISA KEV) with publicly available exploit code, and the EPSS score of 53.66% (98th percentile) reflects extremely high real-world exploitation activity. It was disclosed alongside the more severe CVE-2024-1709 authentication bypass, which together formed a widely abused exploit chain against ScreenConnect on-premises servers in early 2024.

Path Traversal
NVD VulDB
CVSS 3.1
8.4
EPSS
53.7%
Threat
6.3
CVE-2024-1212 CRITICAL POC KEV THREAT Emergency

Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Loadmaster
NVD GitHub
CVSS 3.1
9.8
EPSS
95.4%
CVE-2024-25124 CRITICAL POC PATCH Act Now

Fiber is a web framework written in go. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Fiber
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25897 CRITICAL POC Act Now

ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Churchcrm
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-25894 CRITICAL POC Act Now

ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EventCount POST parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Churchcrm
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-1702 CRITICAL POC Act Now

A vulnerability was found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Php Mysql User Signup Login System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-1701 CRITICAL POC Act Now

A vulnerability has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Php Mysql User Signup Login System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-25893 CRITICAL POC Act Now

ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Churchcrm
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-1631 CRITICAL POC PATCH Act Now

Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Icp Js Core
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2024-1675 HIGH POC THREAT This Week

Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
10.4%
CVE-2024-1673 HIGH POC This Week

Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-1669 HIGH POC This Week

Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-25892 HIGH POC This Week

ChurchCRM 5.5.0 ConfirmReport.php is vulnerable to Blind SQL Injection (Time-based) via the familyId GET parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi PHP Churchcrm
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-1704 HIGH POC This Week

A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Crmeb
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-23346 HIGH POC PATCH This Week

Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

RCE Python Command Injection Pymatgen
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
3.8%
CVE-2024-25891 HIGH POC This Week

ChurchCRM 5.5.0 FRBidSheets.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Churchcrm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-22778 HIGH POC This Week

HackMD CodiMD <2.5.2 is vulnerable to Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Codimd
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-0593 MEDIUM POC PATCH This Month

The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetch_quick_job() function in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress Authentication Bypass Simple Job Board
NVD
CVSS 3.1
5.3
EPSS
6.7%
CVE-2024-25381 MEDIUM POC This Month

There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Emlog
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-1707 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in GARO WALLBOX GLB+ T2EV7 0.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wallbox Glb T2Ev7 Firmware
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-25898 MEDIUM POC This Month

A XSS vulnerability was found in the ChurchCRM v.5.5.0 functionality, edit your event, where malicious JS or HTML code can be inserted in the Event Sermon field in EventEditor.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Churchcrm
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-25895 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter of /EventAttendance.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Churchcrm
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-25249 CRITICAL Act Now

An issue in He3 App for macOS version 2.0.17, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Apple He3 App
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-25117 CRITICAL PATCH Act Now

php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE PHP Php Svg Lib
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-1700 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in keerti1924 PHP-MYSQL-User-Login-System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Php Mysql User Signup Login System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-25896 MEDIUM POC This Month

ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EID POST parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Churchcrm
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-1703 MEDIUM POC This Month

A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Crmeb
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-25288 MEDIUM POC This Month

SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerable to SQL Injection via pop-scope-vocabolary.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Senayan Library Management System
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-1674 HIGH This Week

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-1705 HIGH This Week

A vulnerability was found in Shopwind up to 4.6. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection PHP RCE Shopwind
NVD VulDB
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-26582 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tls_decrypt_sg doesn't take a reference on the pages from. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-26147 HIGH PATCH This Week

Helm is a package manager for Charts for Kubernetes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Kubernetes Helm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-25461 HIGH This Week

Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM v.7.18.4.1532 allows a remote attacker to obtain sensitive information via a crafted request to the terrasoft.axd component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Crm Creatio
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-24479 HIGH PATCH This Week

A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Wireshark Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-24476 HIGH PATCH This Week

A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Fedora Wireshark
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-22473 HIGH This Week

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Gecko Software Development Kit
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-26130 HIGH PATCH This Week

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Python Denial Of Service Cryptography
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-24478 HIGH PATCH This Week

An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-23654 HIGH PATCH This Week

discourse-ai is the AI plugin for the open-source discussion platform Discourse. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Ai
NVD GitHub
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-24843 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in PowerPack Addons for Elementor PowerPack Pro for Elementor.10.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Powerpack Addons For Elementor Elementor
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-20325 HIGH This Week

A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Unified Intelligence Center
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-1714 HIGH This Week

An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Identityiq
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-22235 MEDIUM This Month

VMware Aria Operations contains a local privilege escalation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Aria Operations Cloud Foundation
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-1108 MEDIUM PATCH This Month

The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_init() function in all versions up to, and including, 2.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Denial Of Service Plugin Groups
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-0407 MEDIUM This Month

Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to information disclosure, when connections made by the device back to services enabled by some solutions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Information Disclosure Futuresmart 4 Futuresmart 3 Futuresmart 5
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-1081 MEDIUM PATCH This Month

The 3D FlipBook - PDF Flipbook WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bookmark feature in all versions up to, and including, 1.15.3 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress 3d Flipbook
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-22220 MEDIUM This Month

An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 through 8.3.19, and Formbank through 2.1.10-FINAL. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Formbank Terminalfour
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-26148 MEDIUM PATCH This Month

Querybook is a user interface for querying big data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Querybook
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-1474 MEDIUM This Month

In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WS_FTP Server administrative interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ws Ftp Server
NVD
CVSS 3.1
6.1
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy