Skip to main content
CVE-2024-3217 HIGH PATCH Act Now

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'attribute_value' and 'attribute_id' parameters in all versions up to, and including, 1.3.0 due to insufficient. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 47.2%.

SQLi WordPress Wp Directory Kit
NVD VulDB
CVSS 3.1
8.8
EPSS
47.2%
CVE-2024-30891 HIGH POC This Week

A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac18 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-31851 HIGH POC This Week

A path traversal vulnerability exists in the Java version of CData Sync < 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Java
NVD
CVSS 3.1
8.6
EPSS
2.9%
CVE-2024-31850 HIGH POC This Week

A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Java
NVD
CVSS 3.1
8.6
EPSS
3.0%
CVE-2024-3353 HIGH POC This Week

A vulnerability was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0 and classified as critical.php. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Aplaya Beach Resort Online Reservation System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.8%
CVE-2024-2115 HIGH This Week

The LearnPress - WordPress LMS Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Learnpress
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-6523 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in ExtremePacs Extreme XDS allows Authentication Abuse. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2024-29672 HIGH This Week

Directory Traversal vulnerability in zly2006 Reden before v.0.2.514 allows a remote attacker to execute arbitrary code via the DEBUG_RTC_REQUEST_SYNC_DATA in KeyCallbacks.kt. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-29749 HIGH This Week

In tmu_set_tr_thresholds of tmu.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-29746 HIGH This Week

In lpm_req_handler of lpm.c, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-30977 HIGH This Week

An issue in Secnet Security Network Intelligent AC Management System v.1.02.040 allows a local attacker to escalate privileges via the password component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-29752 HIGH This Week

In tmu_set_tr_num_thresholds of tmu.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-29748 HIGH KEV THREAT This Week

there is a possible way to bypass due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-29741 HIGH This Week

In pblS2mpuResume of s2mpu.c, there is a possible mitigation bypass due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-29863 HIGH This Week

A race condition in the installer executable in Qlik Qlikview before versions May 2022 SR3 (12.70.20300) and May 2023 SR2 (12,80.20200) may allow an existing lower privileged user to cause code to be. Rated high severity (CVSS 7.8). No vendor patch available.

Race Condition Information Disclosure Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-29753 HIGH This Week

In tmu_set_control_temp_step of tmu.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2024-29743 HIGH This Week

In tmu_set_temp_lut of tmu.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2024-22004 HIGH This Week

Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and leak the secure memory from the Trusted Application. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Nest Wifi Pro Firmware Nest Wifi Point Firmware Nest Wifi Router Firmware
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2024-27912 HIGH This Week

A denial of service vulnerability was reported in some Lenovo Printers that could allow an attacker to cause the device to crash by sending crafted LPD packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-27911 HIGH This Week

A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to obtain the administrator password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Lenovo
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-0081 HIGH This Week

NVIDIA NeMo framework for Ubuntu contains a vulnerability in tools/asr_webapp where an attacker may cause an allocation of resources without limits or throttling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Denial Of Service Ubuntu Nemo
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-22363 HIGH This Week

SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service (ReDoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-29740 HIGH This Week

In tmu_set_table of tmu.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2024-29757 HIGH This Week

there is a possible permission bypass due to Debug certs being allowlisted. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-31220 HIGH This Week

Sunshine is a self-hosted game stream host for Moonlight. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Sunshine
NVD GitHub
CVSS 3.1
7.3
EPSS
0.5%
CVE-2023-6522 HIGH This Week

Incorrect Use of Privileged APIs vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy