Skip to main content
CVE-2024-3594 HIGH POC This Week

The IDonate WordPress plugin through 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Idonate
NVD WPScan
CVSS 3.1
8.7
EPSS
0.5%
CVE-2024-4978 HIGH POC KEV THREAT This Week

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Javs Viewer
NVD
CVSS 4.0
8.7
EPSS
26.9%
CVE-2024-34936 HIGH POC This Week

A SQL injection vulnerability in /view/event1.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the month parameter. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub
CVSS 3.1
8.6
EPSS
0.4%
CVE-2024-4835 HIGH POC This Week

A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
8.2
EPSS
0.8%
CVE-2024-34928 HIGH POC This Week

A SQL injection vulnerability in /model/update_subject_routing.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-4662 HIGH This Week

The Oxygen Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.8.2 via post metadata. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Code Injection WordPress
NVD
CVSS 3.1
8.8
EPSS
7.9%
CVE-2024-5085 HIGH PATCH This Week

The Hash Form - Drag & Drop Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input in the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

WordPress Deserialization PHP Information Disclosure Hash Form
NVD
CVSS 3.1
8.1
EPSS
4.4%
CVE-2024-4779 HIGH PATCH This Week

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to SQL Injection via the ‘data[post_ids][0]’ parameter in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Unlimited Elements For Elementor Elementor
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-5299 HIGH This Week

D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link RCE D View 8
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2024-5298 HIGH This Week

D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link RCE D View 8
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2024-5297 HIGH This Week

D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection RCE D View 8
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2024-5295 HIGH This Week

D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection RCE G416 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-5293 HIGH This Week

D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow D-Link RCE Dir 2640 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2024-5291 HIGH This Week

D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection RCE Dir 2150 Firmware
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2024-5247 HIGH This Week

NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear RCE File Upload Prosafe Network Management System
NVD
CVSS 3.1
8.8
EPSS
26.9%
CVE-2024-5246 HIGH This Week

NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat RCE Apache Netgear Prosafe Network Management Software 300
NVD
CVSS 3.1
8.8
EPSS
31.3%
CVE-2024-5201 HIGH This Week

Privilege Escalation in OpenText Dimensions RM allows an authenticated user to escalate there privilege to the privilege of another user via HTTP Request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-35083 HIGH This Week

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysLoginInfoMapper.xml. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-34060 HIGH This Week

IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Microsoft
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-35186 HIGH PATCH This Week

gitoxide is a pure Rust implementation of Git. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-4347 HIGH This Week

The WP Fastest Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.6 via the specificDeleteCache function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP Path Traversal
NVD
CVSS 3.1
7.2
EPSS
5.5%
CVE-2024-35090 HIGH This Week

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysUreportFileMapper.xml. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-26139 HIGH PATCH This Week

OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Opencti
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-4471 HIGH This Week

The 140+ Widgets | Best Addons For Elementor - FREE for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.3.1 via deserialization of untrusted input in the. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization WordPress Information Disclosure
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2024-5292 HIGH This Week

D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation D-Link RCE Network Assistant
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-5245 HIGH This Week

NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Netgear Prosafe Network Management System
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-30280 HIGH This Week

Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
7.8
EPSS
6.6%
CVE-2024-30279 HIGH This Week

Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe RCE Memory Corruption Acrobat Dc +3
NVD
CVSS 3.1
7.8
EPSS
5.9%
CVE-2024-36012 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: msft: fix slab-use-after-free in msft_do_close() Tying the msft->data lifetime to hdev by freeing it in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-5202 HIGH This Week

Arbitrary File Read in OpenText Dimensions RM allows authenticated users to read files stored on the server via webservices. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.7
EPSS
0.4%
CVE-2024-2038 HIGH This Week

The Visual Website Collaboration, Feedback & Project Management - Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-2301 HIGH This Week

Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the device. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP XSS Cz181A Firmware Cz182A Firmware Cz187A Firmware +11
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2024-5243 HIGH This Week

TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow RCE TP-Link Omada Er605 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-5242 HIGH This Week

TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow TP-Link RCE Omada Er605 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-5228 HIGH This Week

TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow RCE TP-Link Omada Er605 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-5227 HIGH This Week

TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

TP-Link Command Injection RCE Omada Er605 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-35081 HIGH This Week

LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter in the fileDownload method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Luckyframeweb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-4388 HIGH This Week

This does not validate a path generated with user input when downloading files, allowing unauthenticated user to download arbitrary files from the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD WPScan
CVSS 3.1
7.5
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy