Skip to main content
CVE-2024-32137 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin User Activity Log Pro.3.4. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2024-32125 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Booking Algorithms BA Book Everything.6.4. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Ba Book Everything
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2024-22435 HIGH This Week

A potential security vulnerability has been identified in Web ViewPoint Enterprise software. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.3
EPSS
0.4%
CVE-2024-1204 MEDIUM POC This Month

The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Meta Box
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-3780 HIGH This Week

A vulnerability of Information Exposure has been found on Technicolor CGA2121 affecting the version 1.01, this vulnerability allows a local attacker to obtain sensitive information stored on the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-29219 HIGH This Week

Out-of-bounds read vulnerability exists in KV STUDIO Ver.11.64 and earlier and KV REPLAY VIEWER Ver.2.64 and earlier, and VT5-WX15/WX12 Ver.6.02 and earlier, which may lead to information disclosure. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Kv Replay Viewer Kv Studio +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-28099 HIGH This Week

VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Vt Studio
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-32488 HIGH This Week

In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalation could occur during update checks because weak permissions on the update-service folder allow attackers to place crafted DLL. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Pdf Editor Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-32098 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter.0.6. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-32087 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExportFeed.Com Product Feed on WooCommerce for Google.5.7. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Google SQLi Product Feed Pro For Woocommerce
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2024-32132 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Codeboxr Team CBX Bookmark & Favorite.7.20. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2024-32135 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPZest Disable Comments | WPZest.51. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2024-32134 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nasirahmed Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io, Built.Io,. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic SQLi
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2024-3493 HIGH This Week

A specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Controllogix 5580 Firmware Guardlogix 5580 Firmware Compactlogix 5380 Firmware +5
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-30656 HIGH This Week

An issue in Fireboltt Dream Wristphone BSW202_FB_AAC_v2.0_20240110-20240110-1956 allows attackers to cause a Denial of Service (DoS) via a crafted deauth frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dream Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-2424 HIGH This Week

An input validation vulnerability exists in the Rockwell Automation 5015-AENFTXT that causes the secondary adapter to result in a major nonrecoverable fault (MNRF) when malicious input is entered. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell 5015 Aenftxt Firmware
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2024-24485 HIGH This Week

An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to obtain sensitive information via the GET EEP_DATA command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ds 600 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-23911 HIGH This Week

Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 NDP packets exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Cente Ipv6 Cente Ipv6 Snmpv2 Cente Ipv6 Snmpv3
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-3775 HIGH This Week

aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass A Hrd
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-29843 HIGH This Week

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on MOBILE_GET_USERS_LIST, allowing for an unauthenticated attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Evolution
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-29842 HIGH This Week

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS, allowing for an unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Evolution
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-29841 HIGH This Week

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_KEYS_FIELDS, allowing for an unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Evolution
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-29840 HIGH This Week

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_PIN_FIELDS, allowing for an unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Evolution
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-29839 HIGH This Week

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_CARD, allowing for an unauthenticated attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Evolution
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-29838 HIGH This Week

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below does not proper sanitize user input, allowing for an unauthenticated attacker to crash the controller software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Evolution
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-32104 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins NextMove Lite.18.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.1% and no vendor patch available.

CSRF Nextmove
NVD
CVSS 3.1
4.3
EPSS
15.1%
CVE-2024-22437 HIGH This Week

A potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-2659 HIGH This Week

A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Nextscale N1200 Enclosure Firmware Thinkagile Cp Cb 10 Firmware Thinkagile Cp Cb 10E Firmware Thinkagile Hx Enclosure Firmware +64
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-3778 HIGH This Week

The file upload functionality of Ai3 QbiBot does not properly restrict types of uploaded files, allowing remote attackers with administrator privilege to upload files with dangerous type containing. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Qbibot
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-32149 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlueGlass Jobs for WordPress allows Reflected XSS.7.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Jobs For Wordpress
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-32145 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PineWise WP Google Analytics Events allows Reflected XSS.8.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Wp Google Analytics Events
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-32133 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Schuppenies EZ Form Calculator allows Reflected XSS.14.0.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ez Form Calculator
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-32138 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders Short URL allows Reflected XSS.6.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Short Url
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-32082 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Kamlesh Parmar Sync Post With Other Site sync-post-with-other-site allows Cross Site Request Forgery.9.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-31093 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Kaloyan K. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-31086 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Change default login logo,url and title allows Cross-Site Scripting (XSS).0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-30545 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Nick Powers Social Author Bio allows Stored XSS.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-22439 MEDIUM This Month

A potential security vulnerability has been identified in HPE FlexFabric and FlexNetwork series products. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure
NVD
CVSS 3.1
6.9
EPSS
0.2%
CVE-2024-24487 MEDIUM This Month

An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM command. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Ds 600 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-30219 MEDIUM This Month

Active debug code vulnerability exists in PLANEX COMMUNICATIONS wireless LAN routers. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Mzk Mf300N Firmware Mzk Mf300Hp2 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-23593 MEDIUM This Month

A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Microsoft
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-3786 MEDIUM This Month

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device Synchronizations (/admin/DeviceReplication). Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Wbsairback
NVD
CVSS 3.1
6.6
EPSS
0.7%
CVE-2024-3785 MEDIUM This Month

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device NAS shared section (/admin/DeviceNAS). Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Wbsairback
NVD
CVSS 3.1
6.6
EPSS
0.7%
CVE-2024-3784 MEDIUM This Month

Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through S3 Accounts (/admin/CloudAccounts). Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Wbsairback
NVD
CVSS 3.1
6.6
EPSS
0.7%
CVE-2024-32079 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-32147 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Form Plugin Team - GhozyLab Easy Contact Form Lite allows Stored XSS.1.23. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Contact Form
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-32140 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in libsyn Libsyn Publisher Hub libsyn-podcasting.4.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-32091 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Tonjoo Sangar Slider.3.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-32036 MEDIUM PATCH This Month

ImageSharp is a 2D graphics API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagesharp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-32035 MEDIUM PATCH This Month

ImageSharp is a 2D graphics API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagesharp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy