Skip to main content
CVE-2024-4680 HIGH POC This Week

A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Docker Zenml
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-35693 HIGH POC This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list.14.33. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
7.3%
CVE-2024-35694 HIGH POC This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amauri WPMobile.App wpappninja.App: from n/a through <= 11.41. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
7.2%
CVE-2024-3668 HIGH This Week

The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Powerpack Addons For Elementor Elementor
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-35678 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft.7.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Contact Form To Db
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-35689 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Analytify.2.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Analytify Google Analytics Dashboard
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-35750 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsive Image Gallery, Gallery Album.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Gallery
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-35736 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Visualizer.11.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Visualizer
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-5091 HIGH This Week

The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Skt Addons For Elementor Elementor
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-37408 HIGH This Week

fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pam_fprintd.so" for Sudo. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-35679 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP GiveWP give.12.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy