Skip to main content
CVE-2024-4442 CRITICAL PATCH Act Now

The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.7%.

PHP RCE WordPress Path Traversal Salon Booking System
NVD
CVSS 3.1
9.1
EPSS
33.7%
CVE-2024-35056 CRITICAL POC Act Now

NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the query_packets and insert functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ait Core
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-31989 CRITICAL POC PATCH Act Now

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Redis Kubernetes Argo Cd
NVD GitHub
CVSS 3.1
9.0
EPSS
1.5%
CVE-2024-35361 CRITICAL Act Now

MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/getIcon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy