Skip to main content
CVE-2024-2876 CRITICAL POC THREAT Emergency

The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 91.3%.

SQLi WordPress
NVD GitHub
CVSS 3.1
9.8
EPSS
91.3%
Threat
6.2
CVE-2024-2667 CRITICAL POC PATCH THREAT Act Now

The InstaWP Connect - 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 90.7%.

WordPress File Upload Instawp Connect
NVD
CVSS 3.1
9.8
EPSS
90.7%
Threat
6.2
CVE-2024-34392 CRITICAL POC Act Now

libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes _wrap__xmlNode_nsDef_get()) on a grand-child of a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Denial Of Service Memory Corruption Libxmljs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-34391 CRITICAL POC Act Now

libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Denial Of Service Memory Corruption Libxmljs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-32962 CRITICAL PATCH Act Now

xml-crypto is an xml digital signature and encryption library for Node.js. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Jwt Attack Information Disclosure
NVD GitHub
CVSS 3.1
10.0
EPSS
0.8%
CVE-2024-3729 CRITICAL PATCH Act Now

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'fea_encrypt' function in all versions up to, and including, 3.19.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation PHP WordPress Authentication Bypass OpenSSL +1
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-34144 CRITICAL PATCH Act Now

A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Jenkins Script Security
NVD
CVSS 3.1
9.8
EPSS
48.1%
CVE-2024-23459 CRITICAL Act Now

An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Mac allows a system file to be overwritten.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Client Connector
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-3955 CRITICAL PATCH Act Now

URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/http_endpoints/http_system.py" is subsequently passed to the "os.system" function in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-33913 CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary File Upload in Xserver Migrator.6.1. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload CSRF
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2024-4406 CRITICAL Act Now

Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Xiaomi 13 Pro Firmware
NVD
CVSS 3.1
9.6
EPSS
2.2%
CVE-2024-4405 CRITICAL Act Now

Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Xiaomi 13 Pro Firmware
NVD
CVSS 3.1
9.6
EPSS
1.2%
CVE-2024-31967 CRITICAL Act Now

A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-32971 CRITICAL PATCH Act Now

Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Redis Information Disclosure
NVD GitHub
CVSS 3.1
9.0
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy