Skip to main content
CVE-2024-4922 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Image Stack Website 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Image Stack Website
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-4921 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Employee And Visitor Gate Pass Logging System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-4919 MEDIUM POC This Month

A vulnerability was found in Campcodes Online Examination System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Examination System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-35187 CRITICAL Act Now

Stalwart Mail Server is an open-source mail server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass RCE
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-4318 HIGH PATCH This Week

The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Tutor Lms
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-3750 HIGH This Week

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData(). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation WordPress
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-4609 HIGH This Week

A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Factorytalk View
NVD
CVSS 4.0
8.8
EPSS
0.7%
CVE-2024-3644 MEDIUM POC This Month

The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Newsletter Popup
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-27260 HIGH This Week

IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation IBM Vios Aix
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-4838 HIGH This Week

The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settings_encoded' attribute of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

WordPress Deserialization PHP Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2024-21813 HIGH This Week

Exposure of resource to wrong sphere in some Intel(R) DTT software installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Information Disclosure
NVD
CVSS 3.1
7.9
EPSS
0.2%
CVE-2024-30060 HIGH This Week

Azure Monitor Agent Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Azure Monitor Agent
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-21864 HIGH This Week

Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.8), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-21861 HIGH This Week

Uncontrolled search path in some Intel(R) GPA Framework software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Graphics Performance Analyzers Framework
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-21835 HIGH This Week

Insecure inherited permissions in some Intel(R) XTU software before version 7.14.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Extreme Tuning Utility
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-21831 HIGH This Week

Uncontrolled search path in some Intel(R) Processor Diagnostic Tool software before version 4.1.9.41 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Processor Diagnostic Tool
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-21788 HIGH This Week

Uncontrolled search path in some Intel(R) GPA software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Graphics Performance Analyzers
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-21772 HIGH This Week

Uncontrolled search path in some Intel(R) Advisor software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Advisor Oneapi Base Toolkit
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-1417 HIGH This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Watchguard Command Injection
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-35039 LOW POC Monitor

idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
3.8
EPSS
0.2%
CVE-2024-20389 HIGH This Week

A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Crosswork Network Services Orchestrator Confd Basic
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20326 HIGH This Week

A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Confd Basic Confd Premium Crosswork Network Services Orchestrator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-30314 HIGH This Week

Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Dreamweaver
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2024-30292 HIGH This Week

Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe RCE Memory Corruption Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-30291 HIGH This Week

Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe RCE Memory Corruption Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-30290 HIGH This Week

Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe RCE Memory Corruption Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-30289 HIGH This Week

Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Stack Overflow RCE Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-30288 HIGH This Week

Adobe Framemaker versions 2020.5, 2022.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Adobe RCE Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-30307 HIGH This Week

Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-30297 HIGH This Week

Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Animate
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-30296 HIGH This Week

Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Animate
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-30295 HIGH This Week

Animate versions 24.0.2, 23.0.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference RCE Denial Of Service Animate
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-30294 HIGH This Week

Animate versions 24.0.2, 23.0.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Animate
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-30293 HIGH This Week

Animate versions 24.0.2, 23.0.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Animate
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-30282 HIGH This Week

Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Animate
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-30275 HIGH This Week

Adobe Aero Desktop versions 23.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Use After Free Memory Corruption RCE Denial Of Service +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-30274 HIGH This Week

Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-20792 HIGH This Week

Illustrator versions 28.4, 27.9.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Denial Of Service Memory Corruption Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-20791 HIGH This Week

Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-4733 HIGH This Week

The ShiftController Employee Shift Scheduling plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the `hc3_session`-cookie in versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP Deserialization Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-24981 HIGH This Week

Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access. Rated high severity (CVSS 7.5). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-23980 HIGH This Week

Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware for some Intel(R) Server D50FCP Family products may allow a privileged user to enable escalation of privilege via local access. Rated high severity (CVSS 7.5). No vendor patch available.

Privilege Escalation Buffer Overflow Intel
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-23487 HIGH This Week

Improper input validation in UserAuthenticationSmm driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local. Rated high severity (CVSS 7.5). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-22382 HIGH This Week

Improper input validation in PprRequestLog module in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access. Rated high severity (CVSS 7.5). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-21823 HIGH This Week

Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable. Rated high severity (CVSS 7.5). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-3286 HIGH This Week

A buffer overflow vulnerability was identified in some Lenovo printers that could allow an unauthenticated user to trigger a device restart by sending a specially crafted web request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Lenovo
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-31142 HIGH PATCH This Week

Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Buffer Overflow Xen Fedora
NVD
CVSS 3.1
7.5
EPSS
17.4%
CVE-2024-35299 HIGH This Week

In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-4844 HIGH This Week

Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-4222 HIGH This Week

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to,. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Tutor Lms
NVD
CVSS 3.1
7.3
EPSS
0.6%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy