Skip to main content
CVE-2024-32114 HIGH POC PATCH This Week

In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Activemq
NVD
CVSS 3.1
8.8
EPSS
6.9%
CVE-2024-3476 HIGH POC This Week

The Side Menu Lite WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Side Menu Lite
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-3474 HIGH POC This Week

The Wow Skype Buttons WordPress plugin before 4.0.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wow Skype Buttons
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-33303 HIGH POC This Week

SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" under Add Users. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Product Show Room Site
NVD GitHub
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-3475 HIGH POC This Week

The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Sticky Buttons
NVD WPScan
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-4033 HIGH This Week

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the aiovg_create_attachment_from_external_image_url function in all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload
NVD
CVSS 3.1
8.8
EPSS
9.2%
CVE-2024-33911 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar School Management Pro.3.4. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi School Management
NVD
CVSS 3.1
7.6
EPSS
7.9%
CVE-2024-3499 HIGH PATCH This Week

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the generate_navigation_markup function of the Onepage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

WordPress PHP RCE LFI Information Disclosure +2
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-3500 HIGH This Week

The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE WordPress LFI +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-1567 HIGH PATCH This Week

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads due to missing file type validation in the 'file_validity' function in all versions up to, and. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress XSS File Upload RCE Royal Elementor Addons +1
NVD
CVSS 3.1
8.2
EPSS
3.7%
CVE-2024-2661 HIGH This Week

The Barcode Scanner and Inventory manager. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-3849 HIGH This Week

The Click to Chat - HoliThemes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.35. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE WordPress LFI
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-1797 HIGH PATCH This Week

The WP ULike - Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to SQL Injection via the 'status' and 'id' attributes of the 'wp_ulike_counter' and 'wp_ulike' shortcodes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Wp Ulike
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-2831 HIGH This Week

The Calendar plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 1.3.14 due to insufficient escaping on the user supplied parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-2417 HIGH This Week

The User Registration - Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Authentication Bypass
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-3895 HIGH PATCH This Week

The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdp_add_new_datepicker_ajax() function in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation WordPress Wp Datepicker
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-4215 HIGH PATCH This Week

pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Pgadmin 4 Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-34145 HIGH PATCH This Week

A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass RCE Jenkins Script Security
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-25047 HIGH PATCH This Week

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Code Injection Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-33396 HIGH This Week

An issue in karmada-io karmada v1.9.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass RCE
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-34394 HIGH This Week

libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes XmlNode::get_local_namespaces()) on a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Denial Of Service Memory Corruption
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2024-34393 HIGH This Week

libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Denial Of Service Memory Corruption
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2024-25290 HIGH This Week

An issue in Casa Systems NL1901ACV R6B032 allows a remote attacker to execute arbitrary code via the userName parameter of the add function. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-3715 HIGH This Week

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.8 due to insufficient input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
7.2
EPSS
3.3%
CVE-2024-30306 HIGH This Week

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Acrobat Dc +2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-30305 HIGH This Week

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Use After Free Memory Corruption RCE Denial Of Service +4
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-30304 HIGH This Week

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Use After Free Memory Corruption RCE Denial Of Service +4
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-30303 HIGH This Week

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Use After Free Memory Corruption RCE Denial Of Service +4
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-30301 HIGH This Week

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Use After Free Memory Corruption RCE Denial Of Service +4
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-1897 HIGH This Week

The Grid Gallery - Photo Image Grid Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization via shortcode of untrusted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP Deserialization WordPress Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-29309 HIGH This Week

An issue in Alfresco Content Services v.23.3.0.7 allows a remote attacker to execute arbitrary code via the Transfer Service. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
7.7
EPSS
0.7%
CVE-2023-6214 HIGH PATCH This Week

The HT Mega - Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.6 via the purchased_products function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure WordPress Ht Mega
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-7064 HIGH This Week

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.17.5 via deserialization of untrusted input from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization PHP Information Disclosure WordPress Shortcodes And Extra Features For Phlox Theme
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-6961 HIGH PATCH This Week

The WP Meta SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Referer’ header in all versions up to, and including, 4.5.12 due to insufficient input sanitization and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wp Meta Seo
NVD
CVSS 3.1
7.2
EPSS
2.3%
CVE-2024-3045 HIGH PATCH This Week

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.8.0 due to insufficient. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Woocommerce Pdf Invoices Packing Slips
NVD
CVSS 3.1
7.2
EPSS
2.3%
CVE-2024-1896 HIGH This Week

The Photo Gallery - Responsive Photo Gallery, Image Gallery, Portfolio Gallery, Logo Gallery And Team Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

WordPress Deserialization PHP Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-4097 HIGH This Week

The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 3.1.67 due to insufficient input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2024-33530 HIGH This Week

In Jitsi Meet before 9391, a logic flaw in password-protected Jitsi meetings (that make use of a lobby) leads to the disclosure of the meeting password when a user is invited to a call after waiting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-31964 HIGH This Week

A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-3544 HIGH This Week

Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Loadmaster
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-3543 HIGH This Week

Use of reversible password encryption algorithm allows attackers to decrypt passwords. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Loadmaster
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-30251 HIGH PATCH This Week

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Aiohttp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-23462 HIGH This Week

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector binary and thus removing client functionality.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Client Connector
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-2082 HIGH PATCH This Week

The EleForms - All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Eleforms
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-1173 HIGH PATCH This Week

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Wp Erp
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-3047 HIGH PATCH This Week

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.8.0 via the transform() function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Woocommerce Pdf Invoices Packing Slips
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-1945 HIGH This Week

The Contact Form, Survey & Popup Form Plugin for WordPress - ARForms Form Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy