Skip to main content
CVE-2024-4295 CRITICAL POC PATCH THREAT Act Now

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and including, 5.7.20 due to insufficient escaping on the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 92.9%.

SQLi WordPress Email Subscribers Newsletters
NVD
CVSS 3.1
9.8
EPSS
92.9%
Threat
6.2
CVE-2024-5262 CRITICAL PATCH Act Now

Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Information Disclosure Interactsh
NVD GitHub
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-5526 CRITICAL Act Now

Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Grafana Oncall
NVD
CVSS 3.1
9.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy