Skip to main content
CVE-2024-4455 HIGH POC PATCH This Week

The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ parameter in versions up to, and including, 2.4.0 due to insufficient input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Yith Woocommerce Ajax Search
NVD
CVSS 3.1
7.2
EPSS
8.2%
CVE-2024-35340 HIGH POC This Week

Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the cmdinput parameter at ip/goform/formexeCommand. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Fh1206 Firmware
NVD
CVSS 3.1
8.6
EPSS
1.2%
CVE-2024-35395 HIGH This Week

TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cp900L Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-35388 HIGH This Week

TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a stack overflow via the password parameter in the function urldecode. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Nr1800x Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2024-0867 HIGH This Week

The Email Log plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 2.4.8 via the check_nonce function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress RCE Code Injection
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2024-35618 HIGH This Week

PingCAP TiDB v7.5.1 was discovered to contain a NULL pointer dereference via the component SortedRowContainer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Tidb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-33471 HIGH This Week

An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-5142 HIGH This Week

Stored Cross-Site Scripting vulnerability in Social Module in M-Files Hubshare before version 5.0.6.0 allows authenticated attacker to run scripts in other users browser. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Hubshare
NVD
CVSS 4.0
7.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy