Skip to main content
CVE-2024-1522 HIGH POC PATCH This Week

A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE CSRF Lollms Web Ui
NVD GitHub
CVSS 3.0
8.8
EPSS
0.4%
CVE-2024-3088 HIGH POC This Week

A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Emergency Ambulance Hiring Portal
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.8%
CVE-2024-2047 HIGH PATCH This Week

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.6 via the render_raw function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

WordPress PHP RCE LFI Information Disclosure +2
NVD VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-3018 HIGH PATCH This Week

The Essential Addons for Elementor plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.13 via deserialization of untrusted input from the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization WordPress Information Disclosure Essential Addons For Elementor +1
NVD
CVSS 3.1
8.8
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy