Skip to main content
CVE-2024-4443 CRITICAL POC PATCH THREAT Act Now

The Business Directory Plugin - Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 94.0%.

SQLi WordPress Business Directory
NVD
CVSS 3.1
9.8
EPSS
94.0%
Threat
6.3
CVE-2024-3495 CRITICAL POC THREAT Emergency

The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.4%.

SQLi WordPress
NVD
CVSS 3.1
9.8
EPSS
93.4%
Threat
6.3
CVE-2024-4267 CRITICAL POC Act Now

A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically within the 'open_file' module, version 9.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Lollms Webui
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-35409 CRITICAL POC Act Now

WeBid 1.1.2 is vulnerable to SQL Injection via admin/tax.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Webid
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-5147 CRITICAL PATCH Act Now

The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.37 via the 'grid_style' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Information Disclosure RCE WordPress +2
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-33226 CRITICAL Act Now

An issue in the component Access64.sys of Wistron Corporation TBT Force Power Control v1.0.0.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE
NVD GitHub
CVSS 3.1
9.9
EPSS
0.4%
CVE-2024-29849 CRITICAL Act Now

Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Veeam Backup Replication
NVD
CVSS 3.0
9.8
EPSS
16.7%
CVE-2024-25738 CRITICAL PATCH Act Now

A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE PHP
NVD
CVSS 3.1
9.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy