Skip to main content
CVE-2024-3136 CRITICAL POC PATCH THREAT Act Now

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 49.6%.

WordPress PHP RCE LFI Information Disclosure +1
NVD
CVSS 3.1
9.8
EPSS
49.6%
Threat
4.9
CVE-2024-1813 CRITICAL Act Now

The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.11.0 via deserialization of untrusted input in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Deserialization WordPress Information Disclosure Simple Job Board
NVD
CVSS 3.1
9.8
EPSS
8.0%
CVE-2024-24576 CRITICAL Act Now

Rust is a programming language. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Microsoft Fedora Rust
NVD GitHub
CVSS 3.1
10.0
EPSS
20.3%
CVE-2024-2804 CRITICAL Act Now

The Network Summary plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter in all versions up to, and including, 2.0.11 due to insufficient escaping on the user supplied. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-31866 CRITICAL PATCH Act Now

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Zeppelin
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-31864 CRITICAL PATCH Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Apache RCE Zeppelin
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-2224 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Microsoft Endpoint Security Gravityzone Control Center
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-2223 CRITICAL Act Now

An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay.0.5.200089 Bitdefender. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Microsoft Endpoint Security Gravityzone Control Center
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-29990 CRITICAL Act Now

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Kubernetes Microsoft Azure Kubernetes Service Confidential Containers
NVD
CVSS 3.1
9.0
EPSS
18.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy