Skip to main content
CVE-2023-40000 HIGH POC THREAT Act Now

Stored cross-site scripting in LiteSpeed Cache for WordPress (versions up to and including 5.7) allows remote unauthenticated attackers to inject persistent malicious scripts that execute in the context of any user - including administrators - visiting affected pages. Publicly available exploit code exists and EPSS scores this at 82.03% (99th percentile), indicating very high probability of opportunistic exploitation across the millions of WordPress sites running this plugin. No CISA KEV listing at time of analysis, but the combination of high EPSS, public POC, and massive install base makes this a priority for WordPress operators.

XSS Litespeed Cache
NVD GitHub
CVSS 3.1
8.3
EPSS
82.0%
Threat
5.6
CVE-2024-31759 HIGH POC This Week

An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Publiccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-3878 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Tenda F1202 1.2.0.20(408). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow F1202 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-3877 HIGH POC This Week

A vulnerability classified as critical was found in Tenda F1202 1.2.0.20(408). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow F1202 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-3876 HIGH POC This Week

A vulnerability classified as critical has been found in Tenda F1202 1.2.0.20(408). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow F1202 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-3875 HIGH POC This Week

A vulnerability was found in Tenda F1202 1.2.0.20(408). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow F1202 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-32254 HIGH POC This Week

Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via tms/admin/create-package.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Tourism Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-3571 HIGH POC PATCH This Week

langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory ('Path Traversal') in its LocalFileStore functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Path Traversal Information Disclosure Langchain
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-1646 HIGH POC PATCH This Week

parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Denial Of Service Lollms Webui
NVD GitHub
CVSS 3.0
8.2
EPSS
0.7%
CVE-2024-32256 HIGH POC This Week

Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via /tms/admin/change-image.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Tourism Management System
NVD GitHub Exploit-DB
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-1626 HIGH POC PATCH This Week

An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Lunary
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-1560 HIGH POC This Week

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mlflow
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2024-0549 HIGH POC PATCH This Week

mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Anythingllm
NVD GitHub
CVSS 3.0
8.1
EPSS
0.8%
CVE-2024-3029 HIGH POC PATCH This Week

In mintplex-labs/anything-llm, an attacker can exploit improper input validation by sending a malformed JSON payload to the '/system/enable-multi-user' endpoint. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Anythingllm
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-21111 HIGH POC This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Oracle Microsoft Vm Virtualbox
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.8%
CVE-2024-3574 HIGH POC PATCH This Week

In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party site during a cross-domain redirect. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Scrapy
NVD GitHub
CVSS 3.0
7.5
EPSS
0.6%
CVE-2024-3572 HIGH POC PATCH This Week

The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Denial Of Service Scrapy
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2024-1738 HIGH POC PATCH This Week

An incorrect authorization vulnerability exists in the lunary-ai/lunary repository, specifically within the evaluations.get route in the evaluations API endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Lunary
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-1594 HIGH POC This Week

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the `artifact_location` parameter when creating an experiment. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mlflow
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-1593 HIGH POC This Week

A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Path Traversal Information Disclosure Mlflow
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-1569 HIGH POC PATCH This Week

parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Lollms Webui
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-1561 HIGH POC PATCH This Week

An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Gradio
NVD GitHub
CVSS 3.0
7.5
EPSS
9.2%
CVE-2024-1558 HIGH POC PATCH This Week

A path traversal vulnerability exists in the `_create_model_version()` function within `server/handlers.py` of the mlflow/mlflow repository, due to improper validation of the `source` parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mlflow
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-1483 HIGH POC PATCH This Week

A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mlflow
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2024-3028 HIGH POC PATCH This Week

mintplex-labs/anything-llm is vulnerable to improper input validation, allowing attackers to read and delete arbitrary files on the server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Anythingllm
NVD GitHub
CVSS 3.0
7.2
EPSS
0.8%
CVE-2024-1456 HIGH POC This Week

An S3 bucket takeover vulnerability was identified in the h2oai/h2o-3 repository. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass H2O
NVD
CVSS 3.0
7.1
EPSS
0.2%
CVE-2024-21115 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oracle Vm Virtualbox
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-21114 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oracle Vm Virtualbox
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-21113 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oracle Vm Virtualbox
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-21112 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oracle Vm Virtualbox
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-21067 HIGH This Week

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oracle Enterprise Manager Base Platform
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-3882 HIGH This Week

A vulnerability was found in Tenda W30E 1.0.1.25(633). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-3881 HIGH This Week

A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-3880 HIGH This Week

A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tenda Command Injection W30e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
4.4%
CVE-2024-3879 HIGH This Week

A vulnerability, which was classified as critical, was found in Tenda W30E 1.0.1.25(633). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-3874 HIGH This Week

A vulnerability was found in Tenda W20E 15.11.0.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow W20e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-3856 HIGH This Week

A use-after-free could occur during WASM execution if garbage collection ran during the creation of an array. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-3854 HIGH This Week

In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Mozilla Firefox Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-1961 HIGH This Week

vertaai/modeldb is vulnerable to a path traversal attack due to improper sanitization of user-supplied file paths in its file upload functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Path Traversal RCE Java File Upload
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2024-25911 HIGH This Week

Missing Authorization vulnerability in Skymoon Labs MoveTo.2. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2023-45000 HIGH This Week

Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache.7. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Litespeed Cache
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-21095 HIGH This Week

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Oracle Primavera P6 Enterprise Project Portfolio Management
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-20999 HIGH This Week

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Zones). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Oracle Solaris
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-21092 HIGH This Week

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Product Quality Management). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Agile Product Lifecycle Management For Process
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-3865 HIGH This Week

Memory safety bugs present in Firefox 124. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Mozilla Firefox
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-22262 HIGH PATCH This Week

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Java Open Redirect
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2024-32631 HIGH This Week

Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause incorrect computations. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Information Disclosure Asr3602 Firmware Asr3605 Firmware Asr3607 Firmware +10
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2024-21116 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Oracle Vm Virtualbox
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-21103 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oracle Vm Virtualbox
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-21059 HIGH This Week

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Rated high severity (CVSS 7.8). No vendor patch available.

Privilege Escalation Oracle Solaris
NVD
CVSS 3.1
7.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy