Skip to main content
CVE-2024-30163 CRITICAL POC Act Now

Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\_store::_categoryView() method, where user input passed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Invisioncommunity
NVD
CVSS 3.1
9.8
EPSS
8.7%
CVE-2024-36673 CRITICAL POC Act Now

Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pharmacy Medical Store Point Of Sale System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-4620 CRITICAL POC Act Now

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure PHP Arforms
NVD WPScan
CVSS 3.1
9.8
EPSS
3.3%
CVE-2024-36790 HIGH POC This Week

Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear Wnr614 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-36787 HIGH POC This Week

An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Netgear Wnr614 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-36792 HIGH POC This Week

An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to gain access to the router's pin. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear Wnr614 Firmware
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-36789 HIGH POC This Week

An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure Netgear Wnr614 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-1694 HIGH POC This Week

Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to bypass discretionary access control via a malicious file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Updater
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-4887 HIGH PATCH Act Now

The Qi Addons For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Epss exploitation probability 18.1%.

PHP LFI Information Disclosure RCE WordPress +2
NVD
CVSS 3.1
7.5
EPSS
18.1%
CVE-2024-5745 MEDIUM POC This Month

A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Bakery Online Ordering System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-5733 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Discussion Forum 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Discussion Forum
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-5732 MEDIUM POC This Month

A vulnerability was found in Clash up to 0.20.1 on Windows. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft Clash
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-37383 MEDIUM POC KEV PATCH THREAT This Month

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Webmail Debian Linux
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
73.3%
CVE-2024-3592 CRITICAL PATCH Act Now

The Quiz And Survey Master - Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'question_id' parameter in all versions up to, and including,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Quiz And Survey Master
NVD
CVSS 3.1
9.9
EPSS
0.6%
CVE-2024-37385 CRITICAL PATCH Act Now

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Microsoft Webmail
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-0444 HIGH PATCH This Week

A stack-based buffer overflow vulnerability exists in GStreamer's AV1 video parsing functionality that allows remote attackers to execute arbitrary code when processing specially crafted AV1-encoded video files. The vulnerability affects all versions of GStreamer prior to the patched release and requires user interaction to exploit, such as opening a malicious video file. With a CVSS score of 8.8 and patches available since the disclosure, this represents a high-severity issue for applications using GStreamer for video processing.

RCE Buffer Overflow Gstreamer
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2024-5003 MEDIUM POC This Month

The WP Stacker WordPress plugin through 1.8.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Wp Stacker
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-4756 MEDIUM POC This Month

The WP Backpack WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Backpack
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-5734 MEDIUM POC This Month

A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Discussion Forum
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-37388 CRITICAL PATCH Act Now

An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of lxml before v4.9.1 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Denial Of Service Ebookmeta
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-36788 MEDIUM POC This Month

Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Netgear Wnr614 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-36773 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Themes parameter at index.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Monstra
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-37160 MEDIUM POC PATCH This Month

Formwork is a flat file-based Content Management System (CMS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Formwork
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-4621 MEDIUM POC This Month

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Arforms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-5637 HIGH PATCH This Week

The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_files' function in all versions up to, and including, 2.0.19. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Path Traversal Market Exporter
NVD
CVSS 3.1
7.5
EPSS
5.8%
CVE-2024-32502 HIGH This Week

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Samsung Memory Corruption Exynos 1080 Firmware +7
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-5599 HIGH PATCH This Week

The FileOrganizer - Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Information Disclosure Fileorganizer
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2024-31959 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Samsung Exynos 2200 Firmware Exynos 1480 Firmware Exynos 2400 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-31958 HIGH This Week

An issue was discovered in Samsung Mobile Processor EExynos 2200, Exynos 1480, Exynos 2400. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Exynos 2200 Firmware Exynos 1480 Firmware Exynos 2400 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-32503 HIGH This Week

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Samsung Memory Corruption Exynos 850 Firmware +7
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-4610 HIGH KEV THREAT This Week

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Bifrost Gpu Kernel Driver Valhall Gpu Kernel Driver
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-5542 HIGH PATCH This Week

The Master Addons - Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Navigation Menu widget of the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Master Addons
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2024-36827 HIGH PATCH This Week

An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service (DoS) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Denial Of Service Ebookmeta
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-37163 HIGH This Week

SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Skyscraper
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-4902 HIGH PATCH This Week

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Tutor Lms
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-30162 HIGH This Week

Invision Community through 4.7.16 allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPS\core\modules\admin\editor\_toolbar::addPlugin() method. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-5481 MEDIUM PATCH This Month

The Photo Gallery by 10Web - Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Path Traversal WordPress Photo Gallery
NVD
CVSS 3.1
6.8
EPSS
1.6%
CVE-2024-4354 MEDIUM PATCH This Month

The TablePress - Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the get_files_to_import() function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Tablepress
NVD
CVSS 3.1
6.4
EPSS
0.8%
CVE-2024-5382 MEDIUM PATCH This Month

The Master Addons - Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Master Addons
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-36082 MEDIUM This Month

SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Music Store
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-4703 MEDIUM PATCH This Month

The One Page Express Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's one_page_express_contact_form shortcode in all versions up to, and including, 1.6.37. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress One Page Express Companion
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-5425 MEDIUM PATCH This Month

The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Lightbox
NVD GitHub
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-5645 MEDIUM PATCH This Month

The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_css_id’ parameter within the Button widget in all versions up to, and including, 1.8.23 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Envo Extra
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-5426 MEDIUM PATCH This Month

The Photo Gallery by 10Web - Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘svg’ parameter in all versions up to, and including, 1.8.23 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Photo Gallery
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-5640 MEDIUM PATCH This Month

The Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Prime Slider
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-4489 MEDIUM PATCH This Month

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 1.3.976 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Royal Elementor Addons Elementor
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-4488 MEDIUM PATCH This Month

The Royal Elementor Addons and Templates for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inline_list’ parameter in versions up to, and including, 1.3.976 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Royal Elementor Addons Elementor
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-4451 MEDIUM PATCH This Month

The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's colibri_video_player shortcode in all versions up to, and including, 1.0.276 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Colibri Page Builder
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-4042 MEDIUM PATCH This Month

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Comboblocks
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-5612 MEDIUM This Month

The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_lightbox_open_btn_icon’ parameter within the Lightbox & Modal widget in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Essential Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy