Skip to main content
CVE-2024-4358 CRITICAL POC KEV THREAT Emergency

In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Report Server 2024
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
97.5%
CVE-2024-3050 CRITICAL POC Act Now

The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Site Reviews
NVD WPScan
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-3412 CRITICAL Act Now

The WP STAGING WordPress Backup Plugin - Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpstg_processing AJAX action. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload RCE
NVD
CVSS 3.1
9.1
EPSS
9.0%
CVE-2024-5150 CRITICAL Act Now

The Login with phone number plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.26. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-36470 CRITICAL Act Now

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge cases. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
9.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy