Skip to main content
CVE-2024-4295 CRITICAL POC PATCH THREAT Act Now

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and including, 5.7.20 due to insufficient escaping on the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 92.9%.

SQLi WordPress Email Subscribers Newsletters
NVD
CVSS 3.1
9.8
EPSS
92.9%
Threat
6.2
CVE-2024-36670 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=del. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-36669 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=add. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-36668 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=del. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-36667 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/idcProType_deal.php?mudi=add&nohrefStr=close. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-3469 MEDIUM POC THREAT This Month

The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2.4.0 due to insufficient input sanitization and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.0%.

WordPress XSS Generatepress
NVD
CVSS 3.1
6.1
EPSS
12.0%
CVE-2024-36129 HIGH POC PATCH This Week

The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Configgrpc Confighttp Opentelemetry Collector
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-36837 HIGH POC This Week

SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Crmeb
NVD GitHub
CVSS 3.1
7.5
EPSS
8.3%
CVE-2024-4084 HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Anythingllm
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-5483 MEDIUM POC This Month

The LearnPress - WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Learnpress
NVD
CVSS 3.1
5.3
EPSS
5.5%
CVE-2024-20404 MEDIUM POC THREAT This Month

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Cisco Finesse
NVD
CVSS 3.1
5.3
EPSS
21.7%
CVE-2024-5262 CRITICAL PATCH Act Now

Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Information Disclosure Interactsh
NVD GitHub
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-5636 MEDIUM POC This Month

A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bakery Online Ordering System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-5526 CRITICAL Act Now

Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Grafana Oncall
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-23669 HIGH This Week

An improper authorization in Fortinet FortiWebManager 7.2.0, FortiWebManager 7.0.0 through 7.0.4, FortiWebManager 6.3.0, FortiWebManager 6.2.3 through 6.2.4, FortiWebManager 6.0.2 allows attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiwebmanager
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-4743 HIGH PATCH This Week

The LifterLMS - WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to SQL Injection via the orderBy attribute of the lifterlms_favorites shortcode in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Lifterlms
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-5184 HIGH This Week

The EmailGPT service contains a prompt injection vulnerability. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Emailgpt
NVD
CVSS 4.0
8.5
EPSS
0.5%
CVE-2024-4886 MEDIUM POC This Month

The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Buddyboss Platform
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-5629 HIGH PATCH This Week

An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Deserialization Buffer Overflow Information Disclosure Pymongo Debian Linux
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-27379 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Exynos 980 Firmware Exynos 850 Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27377 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Exynos 980 Firmware Exynos 850 Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27376 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Exynos 980 Firmware Exynos 850 Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27375 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Exynos 980 Firmware Exynos 850 Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27374 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Exynos 980 Firmware Exynos 850 Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27373 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Exynos 980 Firmware Exynos 850 Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27372 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Exynos 980 Firmware Exynos 850 Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27371 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Exynos 980 Firmware Exynos 850 Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27370 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Exynos 980 Firmware Exynos 850 Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-1662 HIGH This Week

Missing Authentication for Critical Function, Missing Authorization vulnerability in PORTY Smart Tech Technology Joint Stock Company PowerBank Application allows Retrieve Embedded Sensitive Data.02. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Powerbank
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-2087 HIGH PATCH This Week

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form name values in all versions up to, and including, 2.4.43 due to insufficient input sanitization. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Brizy
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-1272 HIGH This Week

Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.251.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cockpit
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-28818 HIGH This Week

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Samsung Exynos 980 Firmware Exynos 990 Firmware Exynos 1080 Firmware +8
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-5037 HIGH PATCH This Week

A flaw was found in OpenShift's Telemeter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Openshift Container Platform Openshift Distributed Tracing
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-3667 HIGH PATCH This Week

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' field of multiple widgets in all versions up to, and including, 2.4.43 due to insufficient. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Brizy
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-4009 HIGH This Week

Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX Bus-System. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure 2Tma310010B0001 Firmware 2Tma310011B0001 Firmware 2Tma310011B0002 Firmware +2
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2024-4008 HIGH This Week

FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure 2Tma310010B0001 Firmware 2Tma310011B0001 Firmware 2Tma310011B0002 Firmware +2
NVD
CVSS 4.0
7.3
EPSS
0.3%
CVE-2024-1940 HIGH PATCH This Week

The Brizy - Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post content in all versions up to, and including, 2.4.41 due to insufficient input sanitization. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Brizy
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-27382 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Samsung Exynos 980 Firmware Exynos 850 Firmware +3
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-27378 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Samsung Exynos 980 Firmware Exynos 850 Firmware +3
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-5653 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in Chanjet Smooth T+system 3.5.aspx. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-5149 MEDIUM This Month

The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Buddyforms
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-5317 MEDIUM PATCH This Month

The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'np1' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Newsletter
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2024-34055 MEDIUM PATCH This Month

Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Cyrus Imap
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-5439 MEDIUM PATCH This Month

The Blocksy theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the custom_url parameter in all versions up to, and including, 2.0.50 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

XSS WordPress Blocksy
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-4001 MEDIUM PATCH This Month

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_modal_login_form' shortcode in all versions up to, and including, 3.2.93 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Download Manager
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-5006 MEDIUM PATCH This Month

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ parameter in all versions up to, and including, 1.3.2 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Boostify Header Footer Builder For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5571 MEDIUM PATCH This Month

The EmbedPress - Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Google Embedpress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-4821 MEDIUM PATCH This Month

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_lightbox shortcode in all versions up to, and including, 7.1.6 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Shortcodes Ultimate
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5222 MEDIUM PATCH This Month

The Responsive Addons - Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Responsive Addons
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5536 MEDIUM PATCH This Month

The GamiPress - Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's gamipress_link shortcode in all versions up to, and including, 1.1.4 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Gamipress Link
NVD
CVSS 3.1
6.4
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy