Skip to main content
CVE-2024-28996 HIGH This Week

The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

SQLi Solarwinds Platform
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-5000 HIGH This Week

An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-20887 HIGH This Week

Arbitrary directory creation in GalaxyBudsManager PC prior to version 2.1.240315.51 allows attacker to create arbitrary directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Galaxy Buds Manager
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-3555 HIGH This Week

The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages(). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-30525 HIGH This Week

Missing Authorization vulnerability in moveaddons Move Addons for Elementor.2.9. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Move Addons For Elementor
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-4870 HIGH This Week

The Frontend Registration - Contact Form 7 plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1 due to insufficient restriction on the '_cf7frr_' post. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation WordPress
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2024-34792 HIGH This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in dexta Dextaz Ping allows Command Injection.65. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dextaz Ping
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-35664 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpvividplugins WPvivid Backup for MainWP wpvivid-backup-mainwp allows Reflected XSS.9.32. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-5422 HIGH This Week

An uncontrolled resource consumption of file descriptors in SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 allows DoS via HTTP.1.22 and below. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
7.1
EPSS
0.7%
CVE-2024-20879 HIGH This Week

Improper input validation vulnerability in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers to write out-of-bounds memory. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Android
NVD
CVSS 3.1
7.1
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy