Skip to main content
CVE-2024-4442 CRITICAL PATCH Act Now

The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.7%.

PHP RCE WordPress Path Traversal Salon Booking System
NVD
CVSS 3.1
9.1
EPSS
33.7%
CVE-2024-21683 HIGH POC THREAT Act Now

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian Confluence Data Center Confluence Server +5
NVD
CVSS 3.1
8.8
EPSS
88.3%
CVE-2024-35056 CRITICAL POC Act Now

NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the query_packets and insert functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ait Core
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-31989 CRITICAL POC PATCH Act Now

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Redis Kubernetes Argo Cd
NVD GitHub
CVSS 3.1
9.0
EPSS
1.5%
CVE-2024-35060 HIGH POC This Week

An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Python Information Disclosure Ait Core
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-35059 HIGH POC This Week

An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Python Information Disclosure Ait Core
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-35058 HIGH POC This Week

An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

RCE Ait Core
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-35057 HIGH POC This Week

An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via a crafted packet. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

RCE Ait Core
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-36052 HIGH POC This Week

RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than CVE-2024-33899. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Winrar
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-35386 HIGH POC This Week

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_do_gc function in the mjs.c file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mjs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-35061 HIGH POC This Week

NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Ait Core
NVD GitHub
CVSS 3.1
7.3
EPSS
0.5%
CVE-2024-33529 HIGH POC PATCH This Week

ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow remote authenticated attackers with administrative privileges to execute operating system commands via file uploads with. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Ilias
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-33526 HIGH POC PATCH This Week

A Stored Cross-site Scripting (XSS) vulnerability in the "Import of user role and title of user role" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS File Upload Ilias
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2024-4290 HIGH POC This Week

The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Sailthru Triggermail
NVD WPScan
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-4154 MEDIUM POC This Month

In lunary-ai/lunary version 1.2.2, an incorrect synchronization vulnerability allows unprivileged users to rename projects they do not have access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lunary
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-31840 MEDIUM POC This Month

An issue was discovered in Italtel Embrace 1.6.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Embrace
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-34240 MEDIUM POC This Month

QDOCS Smart School 7.0.0 is vulnerable to Cross Site Scripting (XSS) resulting in arbitrary code execution in admin functions related to adding or updating records. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Smart School
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-31847 MEDIUM POC This Month

An issue was discovered in Italtel Embrace 1.6.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Embrace
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-4289 MEDIUM POC This Month

The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Sailthru Triggermail
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2189 MEDIUM POC This Month

The Social Icons Widget & Block by WPZOOM WordPress plugin before 4.2.18 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Social Icons Widget
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-35361 CRITICAL Act Now

MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/getIcon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-35384 MEDIUM POC This Month

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_array_length function in the mjs.c file. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mjs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-33527 MEDIUM POC PATCH This Month

A Stored Cross-site Scripting (XSS) vulnerability in the "Import of Users and login name of user" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Ilias
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-4372 MEDIUM POC This Month

The Carousel Slider WordPress plugin before 2.2.11 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Carousel Slider
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-31845 MEDIUM POC This Month

An issue was discovered in Italtel Embrace 1.6.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Embrace
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-31844 MEDIUM POC This Month

An issue was discovered in Italtel Embrace 1.6.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Embrace
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-27130 HIGH This Week

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Qnap Qts Quts Hero
NVD
CVSS 3.1
8.8
EPSS
38.1%
CVE-2024-27129 HIGH This Week

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Qnap Qts Quts Hero
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-27128 HIGH This Week

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Qnap Qts Quts Hero
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-27127 HIGH This Week

A double free vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Qnap Qts Quts Hero
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-4061 MEDIUM POC This Month

The Survey Maker WordPress plugin before 4.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Survey Maker
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-33528 MEDIUM POC PATCH This Month

A Stored Cross-site Scripting (XSS) vulnerability in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with tutor privileges to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS File Upload Ilias
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-5040 HIGH This Week

There are multiple ways in LCDS LAquis SCADA for an attacker to access locations outside of their own directory. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
8.5
EPSS
0.4%
CVE-2024-35385 MEDIUM POC This Month

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_mk_ffi_sig function in the mjs.c file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Mjs
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-21902 HIGH This Week

An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Qnap Qts Quts Hero
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2021-47254 HIGH PATCH This Week

A use-after-free vulnerability exists in the GFS2 filesystem implementation of the Linux kernel, specifically in the gfs2_glock_shrink_scan function. The vulnerability affects multiple Linux kernel versions ranging from 4.4 through 5.13-rc2, allowing local attackers with low privileges to potentially achieve arbitrary code execution, information disclosure, or system crashes. With an EPSS score of only 0.02%, this vulnerability has a very low probability of real-world exploitation despite its high CVSS score of 7.8.

Linux Use After Free Denial Of Service Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-31756 HIGH This Week

An issue in MarvinTest Solutions Hardware Access Driver v.5.0.3.0 and before and fixed in v.5.0.4.0 allows a local attacker to escalate privileges via the Hw65.sys component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-31757 HIGH This Week

An issue in TeraByte Unlimited Image for Windows v.3.64.0.0 and before and fixed in v.4.0.0.0 allows a local attacker to escalate privileges via the TBOFLHelper64.sys and TBOFLHelper.sys component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-22273 HIGH This Week

The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware Denial Of Service Cloud Foundation +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-4988 HIGH This Week

The mobile application (com.transsion.videocallenhancer) interface has improper permission control, which can lead to the risk of private file leakage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-4435 HIGH PATCH This Week

When storing unbounded types in a BTreeMap, a node is represented as a linked list of "memory chunks". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Stable Structures
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-35220 HIGH PATCH This Week

@fastify/session is a session plugin for fastify. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.4
EPSS
0.4%
CVE-2024-25724 HIGH This Week

In RTI Connext Professional 5.3.1 through 6.1.0 before 6.1.1, a buffer overflow in XML parsing from Routing Service, Recording Service, Queuing Service, and Cloud Discovery Service allows attackers. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Connext Professional
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-22274 HIGH This Week

The vCenter Server contains an authenticated remote code execution vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2024-4566 HIGH PATCH This Week

The ShopLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 2.8.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Shoplentor
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-4420 MEDIUM PATCH This Month

There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Tink C
NVD GitHub
CVSS 4.0
6.8
EPSS
0.2%
CVE-2024-4695 MEDIUM PATCH This Month

The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.3.1 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Move Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2024-4619 MEDIUM This Month

The Elementor Website Builder - More than Just a Page Builder plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘hover_animation’ parameter in versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Website Builder Elementor
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2024-4700 MEDIUM This Month

The WP Table Builder - WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button element in all versions up to, and including, 1.4.14 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wp Table Builder
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2024-4553 MEDIUM PATCH This Month

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_members' shortcode in all versions up to, and including, 7.1.5. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Shortcodes Ultimate
NVD
CVSS 3.1
6.4
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy