Skip to main content
CVE-2024-0858 HIGH POC This Week

The Innovs HR WordPress plugin through 1.0.3.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Innovs Hr
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-0780 HIGH POC This Week

The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Enjoy Social Feed
NVD WPScan
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-0779 HIGH POC This Week

The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admin_init, allowing unauthenticated users to call. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Enjoy Social Feed
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-2581 HIGH POC This Week

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac10 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-21661 HIGH POC PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Kubernetes Denial Of Service Memory Corruption Argo Cd
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-20767 HIGH POC KEV THREAT This Week

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Coldfusion
NVD Exploit-DB
CVSS 3.1
7.4
EPSS
98.5%
CVE-2024-2599 HIGH This Week

File upload restriction evasion vulnerability in AMSS++ version 4.31. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Amss
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-27773 HIGH This Week

Unitronics Unistream Unilogic - Versions prior to 1.35.227 - CWE-348: Use of Less Trusted Source may allow RCE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unilogic
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-27772 HIGH This Week

Unitronics Unistream Unilogic - Versions prior to 1.35.227 - CWE-78: 'OS Command Injection' may allow RCE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Unilogic
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-27771 HIGH This Week

Unitronics Unistream Unilogic - Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Unilogic
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-27770 HIGH This Week

Unitronics Unistream Unilogic - Versions prior to 1.35.227 - CWE-23: Relative Path Traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Unilogic
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-27769 HIGH This Week

Unitronics Unistream Unilogic - Versions prior to 1.35.227 - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor may allow Taking Ownership Over Devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unilogic
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-22257 HIGH PATCH This Week

In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Java Authentication Bypass
NVD GitHub
CVSS 3.1
8.2
EPSS
0.8%
CVE-2024-2050 HIGH This Week

CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an attacker injects then executes arbitrary malicious JavaScript code within the. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2023-52614 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix buffer overflow in trans_stat_show Fix buffer overflow in trans_stat_show(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-20761 HIGH This Week

Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Animate
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-20754 HIGH This Week

Lightroom Desktop versions 7.1.2 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Lightroom
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-2390 HIGH This Week

As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-2229 HIGH This Week

CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaded into the application by a valid user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-20756 HIGH This Week

Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Bridge
NVD
CVSS 3.1
7.8
EPSS
4.1%
CVE-2024-20755 HIGH This Week

Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Bridge
NVD
CVSS 3.1
7.8
EPSS
4.4%
CVE-2024-20752 HIGH This Week

Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Bridge
NVD
CVSS 3.1
7.8
EPSS
7.8%
CVE-2024-20746 HIGH This Week

Premiere Pro versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Premiere Pro
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-20745 HIGH This Week

Premiere Pro versions 24.1, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Premiere Pro
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-1013 HIGH This Week

An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Unixodbc
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-1605 HIGH This Week

BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Control M
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-23139 HIGH This Week

A maliciously crafted ABC file, when parsed through Autodesk FBX, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Fbx Review
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-23138 HIGH This Week

A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Stack Overflow RCE Advance Steel +10
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-28865 HIGH PATCH This Week

django-wiki is a wiki system for Django. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Django Wiki
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-2052 HIGH This Week

CWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allow unauthenticated files and logs exfiltration and download of files when an attacker modifies the URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-2592 HIGH This Week

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/person/pic_show.php, in the 'person_id' parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Amss
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-2591 HIGH This Week

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_group.php, in multiple parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Amss
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-2590 HIGH This Week

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/mail/main/select_send.php, in the 'sd_index' parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Amss
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-2589 HIGH This Week

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_school_person.php, in multiple parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Amss
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-2588 HIGH This Week

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/admin/index.php, in the 'id' parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Amss
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-2587 HIGH This Week

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_khet_person.php, in multiple parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Amss
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-2586 HIGH This Week

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/index.php, in the 'username' parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Amss
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-2585 HIGH This Week

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send_2.php, in the 'sd_index' parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Amss
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-2584 HIGH This Week

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send.php, in the 'sd_index' parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Amss
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-2002 HIGH This Week

A double-free vulnerability was found in libdwarf. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libdwarf Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-24230 HIGH This Week

Komm.One CMS 10.4.2.14 has a Server-Side Template Injection (SSTI) vulnerability via the Velocity template engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Command Injection RCE
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-29154 HIGH This Week

danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of innerHTML mishandling, such as in htmlToPlainText. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fabric
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2024-28248 HIGH PATCH This Week

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cilium
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy