Skip to main content
CVE-2023-47415 HIGH POC THREAT Act Now

Cypress Solutions CTM-200 v2.7.1.5600 and below was discovered to contain an OS command injection vulnerability via the cli_text parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.0%.

Command Injection Ctm 200 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
16.0%
CVE-2024-0815 HIGH POC PATCH This Week

Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Paddlepaddle
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-1299 HIGH POC This Week

A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Privilege Escalation
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-0199 HIGH POC This Week

An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-0817 HIGH POC PATCH This Week

Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Paddlepaddle
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2024-2265 HIGH POC This Week

A vulnerability, which was classified as problematic, was found in keerti1924 PHP-MYSQL-User-Login-System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Php Mysql User Signup Login System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-24375 HIGH POC This Week

SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to obtain sensitive information via /admin/admin name parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jfinalcms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-1986 HIGH Act Now

The Booster Elite for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wc_add_new_product() function in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.5% and no vendor patch available.

RCE WordPress File Upload Booster For Woocommerce
NVD VulDB
CVSS 3.1
8.8
EPSS
10.5%
CVE-2024-1382 HIGH PATCH This Week

The Restaurant Reservations plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the nd_rst_layout attribute of the nd_rst_search shortcode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure RCE WordPress LFI +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-1773 HIGH PATCH This Week

The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.7 via deserialization of untrusted input via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization WordPress Information Disclosure Pdf Invoices And Packing Slips For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-0203 HIGH This Week

The Digits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Digits
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-1442 HIGH PATCH This Week

A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Grafana
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-28094 HIGH This Week

Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database records. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Schoolbox
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-26566 HIGH This Week

An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Cute Http File Server
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.6%
CVE-2024-1170 HIGH This Week

The Post Form - Registration Form - Profile Form for User Profiles - Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media file deletion due to a. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Post Form
NVD VulDB
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-22752 HIGH This Week

Insecure permissions issue in EaseUS MobiMover 6.0.5 Build 21620 allows attackers to gain escalated privileges via use of crafted executable launched from the application installation directory. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-28115 HIGH This Week

FreeRTOS is a real-time operating system for microcontrollers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Freertos
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27733 HIGH This Week

File Upload vulnerability in Byzro Network Smart s42 Management Platform v.S42 allows a local attacker to execute arbitrary code via the useratte/userattestation.php component. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE PHP File Upload
NVD GitHub
CVSS 3.1
7.7
EPSS
0.3%
CVE-2024-1169 HIGH This Week

The Post Form - Registration Form - Profile Form for User Profiles - Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media upload due to a missing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Post Form
NVD VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-2267 HIGH This Week

A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0 and classified as problematic.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Online Bookstore Website
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-28215 HIGH This Week

nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure SSRF Ngrinder
NVD
CVSS 3.1
7.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy