Skip to main content
CVE-2024-27971 HIGH Act Now

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 50.4% and no vendor patch available.

Information Disclosure WordPress LFI PHP
NVD VulDB
CVSS 3.1
8.3
EPSS
50.4%
CVE-2024-32523 HIGH Act Now

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EverPress Mailster mailster.0.6. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 35.5% and no vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
8.1
EPSS
35.5%
CVE-2024-22120 HIGH POC THREAT This Week

Zabbix server can perform command execution for configured scripts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zabbix
NVD
CVSS 3.1
8.8
EPSS
76.6%
CVE-2024-22145 HIGH Act Now

Incorrect Privilege Assignment vulnerability in InstaWP InstaWP Connect instawp-connect.1.0.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 19.3% and no vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
8.8
EPSS
19.3%
CVE-2024-34997 HIGH POC This Week

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Deserialization Joblib
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-32507 HIGH This Week

Incorrect Privilege Assignment vulnerability in Hamid Alinia Login with phone number login-with-phone-number.7.16. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-32959 HIGH This Week

Incorrect Privilege Assignment vulnerability in Sirv CDN and Image Hosting Sirv sirv.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-27955 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WP Automatic Automatic allows Privilege Escalation.92.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-34058 HIGH This Week

The WebTop package for NethServer 7 and 8 allows stored XSS (for example, via the Subject field if an e-mail message). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-35854 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-35814 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: swiotlb: Fix double-allocation of slots due to broken alignment handling Commit bbb73a103fbb ("swiotlb: fix a braino in the. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-32960 HIGH This Week

Improper Privilege Management vulnerability in Booking Ultra Pro allows Privilege Escalation.1.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-32774 HIGH This Week

Improper Restriction of Excessive Authentication Attempts vulnerability in Metagauss ProfileGrid allows Removing Important Client Functionality.8.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Profilegrid
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-33550 HIGH This Week

Improper Privilege Management vulnerability in JR King/Eran Schoellhorn WP Masquerade allows Privilege Escalation.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-33549 HIGH This Week

Improper Privilege Management vulnerability in AA-Team WZone allows Privilege Escalation.0.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-32680 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in PluginUS HUSKY - Products Filter for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal WordPress Husky Products Filter Professional For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-31300 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appscreo Easy Social Share Buttons allows PHP Local File Inclusion.4. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal PHP
NVD
CVSS 3.1
8.5
EPSS
0.6%
CVE-2024-27407 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed overflow check in mi_enum_attr(). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2024-3292 HIGH This Week

A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus Agent host could modify installation parameters at installation time, which could lead to the. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-3290 HIGH This Week

A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-32692 HIGH This Week

Missing Authorization vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress allows Accessing Functionality Not Properly Constrained by ACLs.9. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-24934 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Elementor Elementor Website Builder allows Manipulating Web Input to File System Calls.19.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Website Builder
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-31232 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.6.1. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal PHP
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2024-35789 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes When moving a station out of a VLAN and deleting the VLAN. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Linux Linux Kernel +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-3291 HIGH This Week

When installing Nessus Agent to a directory outside of the default location on a Windows host, Nessus Agent versions prior to 10.6.4 did not enforce secure permissions for sub-directories. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-3289 HIGH This Week

When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-35856 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Fix double free of skb in coredump hci_devcd_append() would free the skb on error so the caller don't. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Mediatek Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-35855 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-35847 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Prevent double free on error The error handling path in its_vpe_irq_domain_alloc() causes a double free when. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-35792 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: crypto: rk3288 - Fix use after free in unprepare The unprepare call must be carried out before the finalize call as the latter can. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Linux Denial Of Service Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-35791 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Do the cache flush of converted pages in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27433 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() 'clk_data' is allocated with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Mediatek Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-5055 HIGH This Week

Uncontrolled resource consumption vulnerability in XAMPP Windows, versions 7.3.2 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-27405 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Microsoft Linux Kernel +1
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-5052 HIGH This Week

Denial of Service (DoS) vulnerability for Cerberus Enterprise 8.0.10.3 web administration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-32830 HIGH PATCH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.8.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Path Traversal Buddyforms
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-32131 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in W3 Eden Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Download Manager
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-31237 HIGH This Week

Improper Privilege Management vulnerability in WP Sharks s2Member Pro allows Privilege Escalation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-30527 HIGH This Week

Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout (Accept PayPal Payments) allows Manipulating Hidden Fields.3.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-24869 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldGrid Total Upkeep allows Relative Path Traversal.15.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Total Upkeep
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-35313 HIGH PATCH This Week

In Tor Arti before 1.2.3, circuits sometimes incorrectly have a length of 3 (with full vanguards), aka TROVE-2024-004. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-34370 HIGH This Week

Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.8.9. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Ean For Woocommerce
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-33569 HIGH This Week

Improper Privilege Management vulnerability in Darren Cooney Instant Images allows Privilege Escalation.1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-52682 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait on block writeback for post_read case If inode is compressed, but not encrypted, it missed to call. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-35849 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix information leak in btrfs_ioctl_logical_to_ino() Syzbot reported the following information leak for in. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-35785 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix kernel panic caused by incorrect error handling The error path while failing to register devices on the TEE bus has. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-34752 HIGH This Week

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PluginOps Landing Page Builder allows Reflected XSS.5.1.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy