Skip to main content
CVE-2024-36790 HIGH POC This Week

Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear Wnr614 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-36787 HIGH POC This Week

An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Netgear Wnr614 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-36792 HIGH POC This Week

An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to gain access to the router's pin. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear Wnr614 Firmware
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-36789 HIGH POC This Week

An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure Netgear Wnr614 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-1694 HIGH POC This Week

Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to bypass discretionary access control via a malicious file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Updater
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-4887 HIGH PATCH Act Now

The Qi Addons For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Epss exploitation probability 18.1%.

PHP LFI Information Disclosure RCE WordPress +2
NVD
CVSS 3.1
7.5
EPSS
18.1%
CVE-2024-0444 HIGH PATCH This Week

A stack-based buffer overflow vulnerability exists in GStreamer's AV1 video parsing functionality that allows remote attackers to execute arbitrary code when processing specially crafted AV1-encoded video files. The vulnerability affects all versions of GStreamer prior to the patched release and requires user interaction to exploit, such as opening a malicious video file. With a CVSS score of 8.8 and patches available since the disclosure, this represents a high-severity issue for applications using GStreamer for video processing.

RCE Buffer Overflow Gstreamer
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2024-5637 HIGH PATCH This Week

The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_files' function in all versions up to, and including, 2.0.19. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Path Traversal Market Exporter
NVD
CVSS 3.1
7.5
EPSS
5.8%
CVE-2024-32502 HIGH This Week

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Samsung Memory Corruption Exynos 1080 Firmware +7
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-5599 HIGH PATCH This Week

The FileOrganizer - Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Information Disclosure Fileorganizer
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2024-31959 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Samsung Exynos 2200 Firmware Exynos 1480 Firmware Exynos 2400 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-31958 HIGH This Week

An issue was discovered in Samsung Mobile Processor EExynos 2200, Exynos 1480, Exynos 2400. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Exynos 2200 Firmware Exynos 1480 Firmware Exynos 2400 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-32503 HIGH This Week

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Samsung Memory Corruption Exynos 850 Firmware +7
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-4610 HIGH KEV THREAT This Week

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Bifrost Gpu Kernel Driver Valhall Gpu Kernel Driver
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-5542 HIGH PATCH This Week

The Master Addons - Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Navigation Menu widget of the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Master Addons
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2024-36827 HIGH PATCH This Week

An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service (DoS) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Denial Of Service Ebookmeta
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-37163 HIGH This Week

SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Skyscraper
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-4902 HIGH PATCH This Week

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Tutor Lms
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-30162 HIGH This Week

Invision Community through 4.7.16 allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPS\core\modules\admin\editor\_toolbar::addPlugin() method. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP
NVD
CVSS 3.1
7.2
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy