Skip to main content
CVE-2024-37570 HIGH POC This Week

On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection 6869I Sip Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-37569 HIGH POC This Week

An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection 6869I Sip Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2024-5585 HIGH POC THREAT This Week

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Microsoft Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
28.8%
CVE-2024-30464 HIGH POC This Week

Missing Authorization vulnerability in WPZOOM Social Icons Widget & Block by WPZOOM.2.15. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Social Icons Widget
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-5389 HIGH POC This Week

In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datasets not owned by their. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lunary
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-37568 HIGH POC PATCH This Week

lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Authlib
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-35662 HIGH This Week

Missing Authorization vulnerability in Andreas Sofantzis Simple COD Fees for WooCommerce.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Simple Cod Fees For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-32081 HIGH This Week

Missing Authorization vulnerability in Websupporter Filter Custom Fields & Taxonomies Light.05. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Websupporter Filter Custom Fields Taxonomies Light
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-31304 HIGH This Week

Missing Authorization vulnerability in MultiVendorX WC Marketplace.1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Multivendorx
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-32713 HIGH This Week

Missing Authorization vulnerability in AutoWriter AI Post Generator | AutoWriter.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ai Post Generator Autowriter
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-31423 HIGH This Week

Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH).6.2.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Wp Accessibility Helper
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-31350 HIGH This Week

Missing Authorization vulnerability in AWP Classifieds Team AWP Classifieds.3.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Awp Classifieds
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-32714 HIGH This Week

Missing Authorization vulnerability in Academy LMS academy.9.16. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Academy Lms
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-32818 HIGH This Week

Missing Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).3.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wordpress Meta Data And Taxonomies Filter
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-35669 HIGH This Week

Missing Authorization vulnerability in Bowo Debug Log Manager.3.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Debug Log Manager
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-34435 HIGH This Week

Missing Authorization vulnerability in CodeRevolution Aiomatic.9.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Aiomatic
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-33563 HIGH This Week

Missing Authorization vulnerability in 8theme XStore.3.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Xstore
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-33555 HIGH This Week

Missing Authorization vulnerability in 8theme XStore Core.3.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Xstore Core
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-33547 HIGH This Week

Missing Authorization vulnerability in AA-Team WZone.0.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Wzone
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-31267 HIGH This Week

Missing Authorization vulnerability in WP Desk Flexible Checkout Fields for WooCommerce.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Flexible Checkout Fields
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-31252 HIGH This Week

Missing Authorization vulnerability in dFactory Responsive Lightbox.4.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Responsive Lightbox Gallery
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-31248 HIGH This Week

Missing Authorization vulnerability in Team Plugins360 All-in-One Video Gallery.5.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass All In One Video Gallery
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-30517 HIGH This Week

Missing Authorization vulnerability in Sliced Invoices.9.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sliced Invoices
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-30515 HIGH This Week

Missing Authorization vulnerability in Pixelite Events Manager.4.6.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Events Manager
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-30485 HIGH This Week

Missing Authorization vulnerability in XLPlugins Finale Lite.18.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Finale
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-30481 HIGH This Week

Broken Access Control vulnerability in Samuel Marshall JCH Optimize.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jch Optimize
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-30470 HIGH This Week

Missing Authorization vulnerability in YITH YITH WooCommerce Account Funds Premium.33.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Woocommerce Account Funds
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-30467 HIGH This Week

Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg.4.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Essential Blocks
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-30466 HIGH This Week

Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Woocommerce Multilingual Multicurrency
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-30465 HIGH This Week

Missing Authorization vulnerability in Pagelayer Team PageLayer.8.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Pagelayer
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-25092 HIGH This Week

Missing Authorization vulnerability in XLPlugins NextMove Lite.17.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nextmove
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-31294 HIGH This Week

Missing Authorization vulnerability in Fahad Mahmood WP Sort Order.3.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Wp Sort Order
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-31098 HIGH This Week

Missing Authorization vulnerability in Mr.Ebabi New Order Notification for Woocommerce.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress New Order Notification For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-30537 HIGH This Week

Missing Authorization vulnerability in WPClever WPC Badge Management for WooCommerce.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wpc Badge Management For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-32703 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in reputeinfosystems ARForms arforms.4. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 3.1
7.7
EPSS
0.3%
CVE-2024-32778 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.3.4. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 3.1
7.7
EPSS
0.2%
CVE-2024-32715 HIGH This Week

A vulnerability in olivethemes Olive One Click Demo Import olive-one-click-demo-import.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-32777 HIGH This Week

Missing Authorization vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint.3.39. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-33565 HIGH This Week

Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.5.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Barcode Scanner And Inventory Manager
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-33543 HIGH This Week

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.2.06. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp Time Slots Booking Form
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-31244 HIGH This Week

Missing Authorization vulnerability in Bricksforge.0.17. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bricksforge
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-31243 HIGH This Week

Missing Authorization vulnerability in Bricksforge.0.17. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bricksforge
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-32705 HIGH This Week

Missing Authorization vulnerability in reputeinfosystems ARForms arforms.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-32704 HIGH This Week

Missing Authorization vulnerability in reputeinfosystems ARForms arforms.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy