Skip to main content
CVE-2024-4358 CRITICAL POC KEV THREAT Emergency

In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Report Server 2024
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
97.5%
CVE-2024-3050 CRITICAL POC Act Now

The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Site Reviews
NVD WPScan
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-35434 HIGH POC This Week

Irontec Sngrep v1.8.1 was discovered to contain a heap buffer overflow via the function rtp_check_packet at /sngrep/src/rtp.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service Sngrep
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-3412 CRITICAL Act Now

The WP STAGING WordPress Backup Plugin - Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpstg_processing AJAX action. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload RCE
NVD
CVSS 3.1
9.1
EPSS
9.0%
CVE-2024-5150 CRITICAL Act Now

The Login with phone number plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.26. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-6743 HIGH PATCH This Week

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Ssti RCE WordPress Unlimited Elements For Elementor Elementor
NVD
CVSS 3.1
8.8
EPSS
5.8%
CVE-2024-36470 CRITICAL Act Now

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge cases. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-5437 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simple Online Bidding System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-5204 HIGH This Week

The Swiss Toolkit For WP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-3937 MEDIUM POC This Month

The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Playlist For Youtube
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-3921 MEDIUM POC This Month

The Gianism WordPress plugin through 5.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gianism
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-36114 HIGH PATCH This Week

Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Java Information Disclosure
NVD GitHub
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-4611 HIGH PATCH This Week

The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

PHP Information Disclosure WordPress OpenSSL Apppresser
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2024-35333 HIGH This Week

A stack-buffer-overflow vulnerability exists in the read_charset_decl function of html2xhtml 1.3. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Denial Of Service RCE
NVD GitHub
CVSS 3.1
8.4
EPSS
0.4%
CVE-2024-5185 HIGH This Week

The EmbedAI application is susceptible to security issues that enable Data Poisoning attacks. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 4.0
8.3
EPSS
0.2%
CVE-2024-21512 HIGH PATCH This Week

Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Information Disclosure
NVD GitHub
CVSS 3.1
8.2
EPSS
3.1%
CVE-2024-36427 HIGH This Week

The file-serving function in TARGIT Decision Suite before 24.06.19002 (TARGIT Decision Suite 2024 - June) allows authenticated attackers to read or write to server files via a crafted file request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-36377 HIGH This Week

In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-36376 HIGH This Week

In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-36365 HIGH This Week

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agent. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-28826 HIGH This Week

Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Checkmk
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-36015 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ppdev: Add an error check in register_device In register_device, the return value of ida_simple_get is unchecked, in witch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-36016 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following: - side A configures the n_gsm in basic option mode. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2024-35492 HIGH This Week

Cesanta Mongoose commit b316989 was discovered to contain a NULL pointer dereference via the scpy function at src/fmt.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-36378 HIGH This Week

In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Teamcity
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-34715 LOW POC PATCH Monitor

Fides is an open-source privacy engineering platform. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure PostgreSQL Fides
NVD GitHub
CVSS 3.1
3.3
EPSS
0.3%
CVE-2024-25977 HIGH This Week

The application does not change the session token when using the login or logout functionality. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Session Fixation
NVD GitHub
CVSS 3.1
7.3
EPSS
0.6%
CVE-2024-28974 MEDIUM This Month

Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Data Protection Advisor Dp4400 Firmware Dp5900 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-36364 MEDIUM This Month

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-36362 MEDIUM This Month

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Teamcity
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-25975 MEDIUM This Month

The application implements an up- and downvote function which alters a value within a JSON file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-5086 MEDIUM This Month

The Essential Addons for Elementor PRO - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team Member. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Essential Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-5039 MEDIUM PATCH This Month

The HUSKY - Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.5.3. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Husky Products Filter Professional For Woocommerce
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-35283 MEDIUM This Month

A vulnerability in the Ignite component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a stored cross-site scripting (XSS) attack due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Micontact Center Business
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-36372 MEDIUM This Month

In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-36367 MEDIUM This Month

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party reports was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-36366 MEDIUM This Month

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-25976 MEDIUM This Month

When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-36014 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/arm/malidp: fix a possible null pointer dereference In malidp_mw_connector_reset, new memory is allocated with kzalloc, but no. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-35284 MEDIUM This Month

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Micontact Center Business
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-36374 MEDIUM This Month

In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-36373 MEDIUM This Month

In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-36371 MEDIUM This Month

In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-36370 MEDIUM This Month

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-36369 MEDIUM This Month

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-36368 MEDIUM This Month

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth provider configuration was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-36363 MEDIUM This Month

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-0434 MEDIUM This Month

The WordPress Tour & Travel Booking Plugin for WooCommerce - WpTravelly plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-35512 MEDIUM This Month

hmq v1.5.5 is vulnerable to Denial of Service (DoS) due to a Null Pointer Exception. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-36375 MEDIUM This Month

In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be exposed. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy