Skip to main content
CVE-2024-30231 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.4.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Product Import Export For Woocommerce
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-47846 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Terry Lin WP Githuber MD.16.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Wp Githuber Md
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-47842 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.7.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-29386 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-29883 MEDIUM POC PATCH This Month

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Createwiki
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-2910 HIGH This Week

A vulnerability, which was classified as critical, has been found in Ruijie RG-EG350 up to 20240318. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Rg Eg350 Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
3.7%
CVE-2024-2909 HIGH This Week

A vulnerability classified as critical was found in Ruijie RG-EG350 up to 20240318. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Rg Eg350 Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
4.0%
CVE-2024-2915 HIGH This Week

Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to elevate themselves to unauthorized groups. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Devolutions Server
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-28093 HIGH This Week

The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-39307 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.11.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

File Upload Avada
NVD
CVSS 3.1
8.5
EPSS
0.7%
CVE-2024-1745 MEDIUM POC This Month

The Testimonial Slider WordPress plugin before 2.3.7 does not properly ensure that a user has the necessary capabilities to edit certain sensitive Testimonial Slider WordPress plugin before 2.3.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Testimonial Slider And Showcase
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-0866 HIGH This Week

The Check & Log Email plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 1.0.9 via the check_nonce function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Code Injection WordPress
NVD VulDB
CVSS 3.1
8.1
EPSS
0.9%
CVE-2024-29195 HIGH PATCH This Week

The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Microsoft Azure C Shared Utility
NVD GitHub
CVSS 3.1
8.1
EPSS
5.0%
CVE-2023-48275 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Trustindex.Io Widgets for Google Reviews.0.2. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Google File Upload
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2024-27521 HIGH This Week

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command execution (RCE) vulnerability via multiple parameters in the "setOpModeCfg" function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.5%
CVE-2024-2929 HIGH This Week

A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Rockwell Arena
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-2214 HIGH PATCH This Week

In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the Xtensa port was missing an array size check causing a memory overwrite. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Threadx
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-25958 HIGH This Week

Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Dell Microsoft Grab
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-21919 HIGH This Week

An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rockwell Memory Corruption Arena
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-21918 HIGH This Week

A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Use After Free Rockwell Memory Corruption Arena
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-21913 HIGH This Week

A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Rockwell Arena
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-21912 HIGH This Week

An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Rockwell Memory Corruption Arena
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-23482 HIGH This Week

The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Client Connector
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-28131 HIGH This Week

EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-23991 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPdevelop / Oplugins Booking Calendar allows SQL Injection.4.3. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2023-44989 HIGH This Week

Insertion of Sensitive Information into Log File vulnerability in GSheetConnector CF7 Google Sheets Connector.0.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-26577 HIGH This Week

VSeeFace through 1.13.38.c2 allows attackers to cause a denial of service (application hang) via a spoofed UDP packet containing at least 10 digits in JSON data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-25136 HIGH This Week

There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-27459 HIGH This Week

Deserialization of Untrusted Data vulnerability in WPEverest User Registration.3.2.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization User Registration Membership
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2023-27440 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in OnTheGoSystems Types.4.17. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-28033 HIGH This Week

OS command injection vulnerability exists in WebProxy 1.7.8 and 1.7.9, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2023-6091 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in mndpsingh287 Theme Editor.7.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-28687 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perfectwpthemes Glaze Blog Lite, themebeez Fascinate, themebeez Cream Blog, themebeez Cream. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-49839 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KlbTheme Cosmetsy theme (core plugin), KlbTheme Partdo theme (core plugin), KlbTheme Bacola theme. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-45771 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contact Form With Captcha allows Reflected XSS.6.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-33322 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Front End Users allows Reflected XSS.2.25. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Front End Users
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-21920 HIGH This Week

A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Rockwell Arena
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-1933 HIGH This Week

Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52 for macOS allows an attacker with unprivileged access, to potentially elevate privileges or conduct a. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-2911 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Publiccms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-29196 LOW POC PATCH Monitor

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal PostgreSQL PHP Phpmyfaq
NVD GitHub
CVSS 3.1
2.7
EPSS
0.6%
CVE-2024-30233 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wholesale Team WholesaleX.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Wholesalex
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-30234 MEDIUM This Month

Missing Authorization vulnerability in Wholesale Team WholesaleX.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Wholesalex
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-24799 MEDIUM This Month

Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Microsoft Authentication Bypass Box Office
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-2906 MEDIUM This Month

Missing Authorization vulnerability in SoftLab Radio Player.0.73. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-7251 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr User Submitted Posts allows Stored XSS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-2888 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid - Visual Drag and Drop Editor allows Stored XSS.26.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Post And Page Builder
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-30232 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.6.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Exclusive Addons For Elementor Elementor
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-22156 MEDIUM This Month

Missing Authorization vulnerability in SNP Digital SalesKing.6.15. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-25138 MEDIUM This Month

In AutomationDirect C-MORE EA9 HMI, credentials used by the platform are stored as plain text on the device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-22436 MEDIUM This Month

A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.4%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy