Skip to main content
CVE-2024-2044 CRITICAL POC PATCH THREAT Act Now

pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Pgadmin 4 Fedora
NVD GitHub
CVSS 3.1
9.9
EPSS
79.3%
CVE-2023-47415 HIGH POC THREAT Act Now

Cypress Solutions CTM-200 v2.7.1.5600 and below was discovered to contain an OS command injection vulnerability via the cli_text parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.0%.

Command Injection Ctm 200 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
16.0%
CVE-2024-0917 CRITICAL POC Act Now

remote code execution in paddlepaddle/paddle 2.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Paddlepaddle
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-0818 CRITICAL POC Act Now

Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Paddlepaddle
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2024-0815 HIGH POC PATCH This Week

Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Paddlepaddle
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-1299 HIGH POC This Week

A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Privilege Escalation
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-0199 HIGH POC This Week

An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-0817 HIGH POC PATCH This Week

Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Paddlepaddle
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2024-2265 HIGH POC This Week

A vulnerability, which was classified as problematic, was found in keerti1924 PHP-MYSQL-User-Login-System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Php Mysql User Signup Login System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-24375 HIGH POC This Week

SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to obtain sensitive information via /admin/admin name parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinalcms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-1986 HIGH Act Now

The Booster Elite for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wc_add_new_product() function in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.5% and no vendor patch available.

RCE WordPress File Upload Booster For Woocommerce
NVD VulDB
CVSS 3.1
8.8
EPSS
10.5%
CVE-2024-26492 MEDIUM POC This Month

An issue in Online Diagnostic Lab Management System 1.0 allows a remote attacker to gain control of a 'Staff' user account via a crafted POST request using the id, email, password, and cpass. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Online Diagnostic Lab Management System
NVD Exploit-DB
CVSS 3.1
6.3
EPSS
0.6%
CVE-2024-2266 MEDIUM POC This Month

A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Secret Coder Php Project
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-24035 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Setor Informatica SIL 3.1 allows attackers to run arbitrary code via the hmessage parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS S I L
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2269 CRITICAL Act Now

A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Online Bookstore Website
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-2268 CRITICAL Act Now

A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Online Bookstore Website
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-2264 CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Php Mysql User Signup Login System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1351 CRITICAL PATCH Act Now

Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure MongoDB Astra Control Center Ontap Tools
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-28222 CRITICAL Act Now

In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Netbackup Netbackup Appliance
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-28213 CRITICAL PATCH Act Now

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Java Ngrinder
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-28212 CRITICAL Act Now

nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Ngrinder
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-28211 CRITICAL Act Now

nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Ngrinder
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-22857 CRITICAL Act Now

Heap based buffer flow in zlog v1.1.0 to v1.2.17 in zlog_rule_new().The size of record_name is MAXLEN_PATH(1024) + 1 but file_path may have data upto MAXLEN_CFG_LINE(MAXLEN_PATH*4) + 1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-1382 HIGH PATCH This Week

The Restaurant Reservations plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the nd_rst_layout attribute of the nd_rst_search shortcode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure RCE WordPress LFI +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-1773 HIGH PATCH This Week

The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.7 via deserialization of untrusted input via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization WordPress Information Disclosure Pdf Invoices And Packing Slips For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-0203 HIGH This Week

The Digits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Digits
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-1442 HIGH PATCH This Week

A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Grafana
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-28094 HIGH This Week

Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database records. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Schoolbox
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-1460 MEDIUM POC This Month

MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vulnerability by triggering the 0x80002040 IOCTL code of the RTCore64.sys driver. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Afterburner
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-1443 MEDIUM POC This Month

MSI Afterburner v4.6.5.16370 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002000 IOCTL code of the RTCore64.sys driver. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Afterburner
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-26566 HIGH This Week

An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Cute Http File Server
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.6%
CVE-2024-1170 HIGH This Week

The Post Form - Registration Form - Profile Form for User Profiles - Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media file deletion due to a. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Post Form
NVD VulDB
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-22752 HIGH This Week

Insecure permissions issue in EaseUS MobiMover 6.0.5 Build 21620 allows attackers to gain escalated privileges via use of crafted executable launched from the application installation directory. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-28115 HIGH This Week

FreeRTOS is a real-time operating system for microcontrollers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Freertos
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27733 HIGH This Week

File Upload vulnerability in Byzro Network Smart s42 Management Platform v.S42 allows a local attacker to execute arbitrary code via the useratte/userattestation.php component. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE PHP File Upload
NVD GitHub
CVSS 3.1
7.7
EPSS
0.3%
CVE-2024-1169 HIGH This Week

The Post Form - Registration Form - Profile Form for User Profiles - Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media upload due to a missing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Post Form
NVD VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-2267 HIGH This Week

A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0 and classified as problematic.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Online Bookstore Website
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-28215 HIGH This Week

nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure SSRF Ngrinder
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-1725 MEDIUM PATCH This Month

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Openshift Container Platform Openshift Container Platform For Arm64 Openshift Container Platform For Ibm Z Openshift Container Platform For Linuxone +1
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-28230 MEDIUM This Month

In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Youtrack
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-28229 MEDIUM This Month

In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Youtrack
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-1366 MEDIUM This Month

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘archive_title_tag’ attribute of the Archive Title widget in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Happy Addons For Elementor Elementor
NVD VulDB
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-1377 MEDIUM This Month

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘author_meta_tag’ attribute of the Author Meta widget in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Happy Addons For Elementor Elementor
NVD VulDB
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-1761 MEDIUM PATCH This Month

The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 3.6.1 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wp Chat App
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-2136 MEDIUM PATCH This Month

The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget in all versions up to, and including, 2.5.6 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wpkoi Templates For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1506 MEDIUM This Month

The Prime Slider - Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tags' attribute of the Fiestar widget in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Prime Slider
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1419 MEDIUM PATCH This Month

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ attribute of the Header Meta Content widget in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress The Plus Addons For Elementor Elementor
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1534 MEDIUM This Month

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.1.7 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Booster For Woocommerce
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2128 MEDIUM PATCH This Month

The EmbedPress - Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Google XSS WordPress Embedpress
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-1802 MEDIUM PATCH This Month

The EmbedPress - Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Google XSS WordPress Embedpress
NVD
CVSS 3.1
6.4
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy