Skip to main content
CVE-2024-3022 HIGH POC PATCH This Week

Authenticated arbitrary file upload in the BookingPress WordPress plugin (versions through 1.0.87) enables remote code execution by administrator-level users who can upload malicious files via the 'bookingpress_process_upload' function. Publicly available exploit code exists and EPSS places this in the 92nd percentile (8.31% probability), indicating elevated likelihood of exploitation attempts despite the high-privilege requirement. The flaw affects the free WordPress edition distributed by Repute InfoSystems.

File Upload RCE WordPress Bookingpress
NVD
CVSS 3.1
7.2
EPSS
8.3%
CVE-2024-3316 HIGH POC This Week

A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Computer Laboratory Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-3311 HIGH POC This Week

A vulnerability was found in Dreamer CMS up to 4.1.3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Dreamer Cms
NVD VulDB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-29387 HIGH POC This Week

projeqtor up to 11.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /view/print.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Projeqtor
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-29192 HIGH POC PATCH This Week

gotortc is a camera streaming application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Go2Rtc
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-30565 HIGH POC This Week

An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Seacms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-31212 HIGH POC This Week

InstantCMS is a free and open source content management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Instantcms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-2008 HIGH This Week

The Modal Popup Box - Popup Builder, Show Offers And News in Popup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.2 via deserialization of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure WordPress
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-31498 HIGH This Week

Yubico ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, when Edge is not used, allows privilege escalation because browser windows can open as Administrator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-31210 HIGH This Week

WordPress is an open publishing platform for the Web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP File Upload
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-25568 HIGH This Week

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-30249 HIGH This Week

Cloudburst Network provides network components used within Cloudburst projects. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-25699 HIGH This Week

There is a difficult‑to‑exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 11.2 and below on Windows and Linux, and ArcGIS Enterprise versions 11.1 and. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Kubernetes Microsoft Portal For Arcgis Arcgis Enterprise
NVD
CVSS 3.1
8.5
EPSS
0.7%
CVE-2024-31206 HIGH PATCH This Week

dectalk-tts is a Node package to interact with the aeiou Dectalk web API. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-22053 HIGH This Week

A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ivanti Memory Corruption Connect Secure Policy Secure
NVD
CVSS 3.1
8.2
EPSS
3.5%
CVE-2024-3299 HIGH This Week

Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Buffer Overflow Memory Corruption
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-3298 HIGH This Week

Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-26800 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and crypto_aead_decrypt returns. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-26797 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Prevent potential buffer overflow in map_hw_resources Adds a check in the map_hw_resources function to prevent a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Amd Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-26793 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr-deref in gtp_newlink() The gtp_link_ops operations structure for the subsystem must be. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Canonical Use After Free Memory Corruption Information Disclosure Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-26792 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free of anonymous device after snapshot creation failure When creating a snapshot we may do a double free of an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Google Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-26782 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix double-free on socket dismantle when MPTCP server accepts an incoming connection, it clones its listener socket. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-30263 HIGH This Week

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mozilla
NVD GitHub
CVSS 3.1
7.7
EPSS
0.5%
CVE-2024-30255 HIGH PATCH This Week

Envoy is a cloud-native, open source edge and service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
87.8%
CVE-2024-22052 HIGH This Week

A null pointer dereference vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service Connect Secure Policy Secure
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2024-27268 HIGH This Week

IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Websphere Application Server
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-30250 HIGH PATCH This Week

Astro-Shield is an integration to enhance website security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Astro Shield
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-28871 HIGH PATCH This Week

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Libhtp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-27919 HIGH PATCH This Week

Envoy is a cloud-native, open-source edge and service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
86.7%
CVE-2024-2759 HIGH This Week

Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-27575 HIGH This Week

INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a remote attacker to read arbitrary files via absolute path traversal, such as with the /cgi-bin/display?file=/etc/passwd URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-31025 HIGH This Week

SQL Injection vulnerability in ECshop 4.x allows an attacker to obtain sensitive information via the file/article.php component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-29007 HIGH This Week

The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Cloudstack
NVD
CVSS 3.1
7.3
EPSS
0.8%
CVE-2024-25695 HIGH This Week

There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.2 and below that may allow a remote, authenticated attacker to provide input that is not sanitized properly and is. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Portal For Arcgis
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-29167 HIGH This Week

SVR-116 firmware version 1.6.0.30028871 allows a remote authenticated attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-25007 HIGH This Week

Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Ericsson RCE Information Disclosure Network Manager
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-26791 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names There's a syzbot report that device name buffers passed to device replace are. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-26789 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: crypto: arm64/neonbs - fix out-of-bounds access on short input The bit-sliced implementation of AES-CTR operates on blocks of 128. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-26258 HIGH This Week

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the. Rated high severity (CVSS 7.1). No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2024-2700 HIGH PATCH This Week

A vulnerability was found in the quarkus-core component. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy