Skip to main content
CVE-2024-4351 HIGH Act Now

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 31.0% and no vendor patch available.

Authentication Bypass SQLi WordPress Tutor Lms
NVD
CVSS 3.1
8.8
EPSS
31.0%
CVE-2024-4352 HIGH Act Now

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 23.3% and no vendor patch available.

SQLi WordPress Authentication Bypass Tutor Lms
NVD
CVSS 3.1
8.8
EPSS
23.3%
CVE-2024-4181 HIGH POC PATCH This Week

A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Command Injection RCE Llamaindex
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2024-3643 HIGH POC This Week

The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Newsletter Popup
NVD WPScan
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-3435 HIGH POC PATCH This Week

A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Lollms Web Ui
NVD GitHub
CVSS 3.0
8.4
EPSS
0.8%
CVE-2024-3126 HIGH POC PATCH This Week

A command injection vulnerability exists in the 'run_xtts_api_server' function of the parisneo/lollms-webui application, specifically within the 'lollms_xtts.py' script. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Python Command Injection Lollms Web Ui
NVD GitHub
CVSS 3.0
8.4
EPSS
1.3%
CVE-2024-4956 HIGH POC THREAT This Week

Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
18.2%
CVE-2024-34905 HIGH POC This Week

FlyFish v3.0.0 was discovered to contain a buffer overflow via the password parameter on the login page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Flyfish
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-4322 HIGH POC THREAT This Week

A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `/list_personalities` endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Lollms Web Ui
NVD
CVSS 3.0
7.5
EPSS
31.0%
CVE-2024-4321 HIGH POC This Week

A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Chuanhuchatgpt
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2024-3848 HIGH POC PATCH THREAT This Week

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Mlflow
NVD GitHub
CVSS 3.1
7.5
EPSS
43.3%
CVE-2024-3403 HIGH POC This Week

imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Path Traversal File Upload Privategpt
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2024-4318 HIGH PATCH This Week

The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Tutor Lms
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-3750 HIGH This Week

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData(). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation WordPress
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-4609 HIGH This Week

A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Factorytalk View
NVD
CVSS 4.0
8.8
EPSS
0.7%
CVE-2024-27260 HIGH This Week

IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation IBM Vios Aix
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-4838 HIGH This Week

The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settings_encoded' attribute of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

WordPress Deserialization PHP Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2024-21813 HIGH This Week

Exposure of resource to wrong sphere in some Intel(R) DTT software installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Information Disclosure
NVD
CVSS 3.1
7.9
EPSS
0.2%
CVE-2024-30060 HIGH This Week

Azure Monitor Agent Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Azure Monitor Agent
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-21864 HIGH This Week

Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.8), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-21861 HIGH This Week

Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Graphics Performance Analyzers Framework
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-21835 HIGH This Week

Insecure inherited permissions in some Intel(R) XTU software before version 7.14.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Extreme Tuning Utility
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-21831 HIGH This Week

Uncontrolled search path in some Intel(R) Processor Diagnostic Tool software before version 4.1.9.41 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Processor Diagnostic Tool
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-21788 HIGH This Week

Uncontrolled search path in some Intel(R) GPA software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Graphics Performance Analyzers
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-21772 HIGH This Week

Uncontrolled search path in some Intel(R) Advisor software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Advisor Oneapi Base Toolkit
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-1417 HIGH This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Watchguard Command Injection
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-20389 HIGH This Week

A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Crosswork Network Services Orchestrator Confd Basic
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20326 HIGH This Week

A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Confd Basic Confd Premium Crosswork Network Services Orchestrator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-30314 HIGH This Week

Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Dreamweaver
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2024-30292 HIGH This Week

Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe RCE Memory Corruption Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-30291 HIGH This Week

Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe RCE Memory Corruption Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-30290 HIGH This Week

Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe RCE Memory Corruption Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-30289 HIGH This Week

Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Stack Overflow RCE Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-30288 HIGH This Week

Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Adobe RCE Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-30307 HIGH This Week

Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-30297 HIGH This Week

Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Animate
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-30296 HIGH This Week

Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Animate
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-30295 HIGH This Week

Animate versions 24.0.2, 23.0.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference RCE Denial Of Service Animate
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-30294 HIGH This Week

Animate versions 24.0.2, 23.0.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Animate
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-30293 HIGH This Week

Animate versions 24.0.2, 23.0.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Animate
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-30282 HIGH This Week

Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Animate
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-30275 HIGH This Week

Adobe Aero Desktop versions 23.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Use After Free Memory Corruption RCE Denial Of Service +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-30274 HIGH This Week

Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-20792 HIGH This Week

Illustrator versions 28.4, 27.9.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-20791 HIGH This Week

Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-4733 HIGH This Week

The ShiftController Employee Shift Scheduling plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the `hc3_session`-cookie in versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP Deserialization Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-24981 HIGH This Week

Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access. Rated high severity (CVSS 7.5). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-23980 HIGH This Week

Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware for some Intel(R) Server D50FCP Family products may allow a privileged user to enable escalation of privilege via local access. Rated high severity (CVSS 7.5). No vendor patch available.

Privilege Escalation Buffer Overflow Intel
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-23487 HIGH This Week

Improper input validation in UserAuthenticationSmm driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local. Rated high severity (CVSS 7.5). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-22382 HIGH This Week

Improper input validation in PprRequestLog module in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access. Rated high severity (CVSS 7.5). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 3.1
7.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy