Skip to main content
CVE-2024-4577 CRITICAL POC KEV THREAT Emergency

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Command Injection PHP Microsoft Fedora
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2024-37570 HIGH POC This Week

On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection 6869I Sip Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-37569 HIGH POC This Week

An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection 6869I Sip Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2024-5585 HIGH POC THREAT This Week

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Microsoft Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
28.8%
CVE-2024-30464 HIGH POC This Week

Missing Authorization vulnerability in WPZOOM Social Icons Widget & Block by WPZOOM.2.15. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Social Icons Widget
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-5389 HIGH POC This Week

In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lunary
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-37568 HIGH POC PATCH This Week

lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Authlib
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-5775 MEDIUM POC This Month

A vulnerability was found in SourceCodester Vehicle Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Vehicle Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-5774 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Stock Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Stock Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-2408 MEDIUM POC This Month

The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Information Disclosure OpenSSL Microsoft Fedora
NVD GitHub
CVSS 3.1
5.9
EPSS
1.2%
CVE-2024-35661 CRITICAL Act Now

Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Upload Fields For Wpforms
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-34802 CRITICAL Act Now

Missing Authorization vulnerability in AdFoxly AdFoxly - Ad Manager, AdSense Ads & Ads.Txt.Txt: from n/a through 1.8.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adfoxly
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-31284 CRITICAL Act Now

Missing Authorization vulnerability in WPDeveloper EmbedPress.9.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Embedpress
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-31283 CRITICAL Act Now

Missing Authorization vulnerability in zorem Advanced Local Pickup for WooCommerce.6.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Advanced Local Pickup For Woocommerce
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-31276 CRITICAL Act Now

Missing Authorization vulnerability in WPFactory Products, Order & Customers Export for WooCommerce.0.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Products Order Customers Export For Woocommerce
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-31275 CRITICAL Act Now

Missing Authorization vulnerability in Metagauss EventPrime.3.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Eventprime
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-31352 CRITICAL Act Now

Missing Authorization vulnerability in Email Subscribers & Newsletters.7.13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Email Subscribers Newsletters
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-32799 CRITICAL Act Now

Missing Authorization vulnerability in Merv Barrett Easy Property Listings.5.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Easy Property Listings
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-35660 CRITICAL Act Now

Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.0.5.4.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Master Addons
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-33561 CRITICAL Act Now

Missing Authorization vulnerability in 8theme XStore.3.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Xstore
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-33545 CRITICAL Act Now

Missing Authorization vulnerability in AA-Team WZone.0.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wzone
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-31273 CRITICAL Act Now

Missing Authorization vulnerability in JS Help Desk JS Help Desk - Best Help Desk & Support Plugin.8.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Js Help Desk
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-30544 CRITICAL Act Now

Missing Authorization vulnerability in UPQODE Whizzy.1.18. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Whizzy
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-30539 CRITICAL Act Now

Missing Authorization vulnerability in Awesome Support Team Awesome Support.1.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Awesome Support
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-30538 CRITICAL Act Now

Missing Authorization vulnerability in DELUCKS GmbH DELUCKS SEO.5.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Delucks Seo
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-5458 MEDIUM POC THREAT This Month

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
12.1%
CVE-2024-5773 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Application Security Gateway
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-5772 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Netentsec NS-ASG Application Security Gateway 6.3.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Application Security Gateway
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-30512 CRITICAL Act Now

Missing Authorization vulnerability in weForms.6.20. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Weforms
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-25929 CRITICAL Act Now

Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX.0.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Product Catalog Mode For Woocommerce
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-35662 HIGH This Week

Missing Authorization vulnerability in Andreas Sofantzis Simple COD Fees for WooCommerce.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Simple Cod Fees For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-32081 HIGH This Week

Missing Authorization vulnerability in Websupporter Filter Custom Fields & Taxonomies Light.05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Websupporter Filter Custom Fields Taxonomies Light
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-31304 HIGH This Week

Missing Authorization vulnerability in MultiVendorX WC Marketplace.1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Multivendorx
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-32713 HIGH This Week

Missing Authorization vulnerability in AutoWriter AI Post Generator | AutoWriter.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ai Post Generator Autowriter
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-31423 HIGH This Week

Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH).6.2.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Wp Accessibility Helper
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-31350 HIGH This Week

Missing Authorization vulnerability in AWP Classifieds Team AWP Classifieds.3.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Awp Classifieds
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-32714 HIGH This Week

Missing Authorization vulnerability in Academy LMS academy.9.16. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Academy Lms
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-32818 HIGH This Week

Missing Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).3.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wordpress Meta Data And Taxonomies Filter
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-35669 HIGH This Week

Missing Authorization vulnerability in Bowo Debug Log Manager.3.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Debug Log Manager
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-34435 HIGH This Week

Missing Authorization vulnerability in CodeRevolution Aiomatic.9.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Aiomatic
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-33563 HIGH This Week

Missing Authorization vulnerability in 8theme XStore.3.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Xstore
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-33555 HIGH This Week

Missing Authorization vulnerability in 8theme XStore Core.3.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Xstore Core
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-33547 HIGH This Week

Missing Authorization vulnerability in AA-Team WZone.0.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Wzone
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-31267 HIGH This Week

Missing Authorization vulnerability in WP Desk Flexible Checkout Fields for WooCommerce.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Flexible Checkout Fields
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-31252 HIGH This Week

Missing Authorization vulnerability in dFactory Responsive Lightbox.4.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Responsive Lightbox Gallery
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-31248 HIGH This Week

Missing Authorization vulnerability in Team Plugins360 All-in-One Video Gallery.5.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass All In One Video Gallery
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-30517 HIGH This Week

Missing Authorization vulnerability in Sliced Invoices.9.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sliced Invoices
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-30515 HIGH This Week

Missing Authorization vulnerability in Pixelite Events Manager.4.6.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Events Manager
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-30485 HIGH This Week

Missing Authorization vulnerability in XLPlugins Finale Lite.18.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Finale
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-30481 HIGH This Week

Broken Access Control vulnerability in Samuel Marshall JCH Optimize.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jch Optimize
NVD
CVSS 3.1
8.8
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy