Skip to main content
CVE-2024-4898 CRITICAL POC PATCH THREAT Act Now

The InstaWP Connect - 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 90.1%.

Authentication Bypass WordPress Instawp Connect
NVD
CVSS 3.1
9.8
EPSS
90.1%
Threat
6.2
CVE-2024-36761 CRITICAL POC Act Now

naga v0.14.0 was discovered to contain a stack overflow via the component /wgsl/parse/mod.rs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Wgpu Naga
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-37665 HIGH POC This Week

An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Gb28181
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-34065 HIGH POC PATCH This Week

Strapi is an open-source content management system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Strapi
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-36263 HIGH POC This Week

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Apache Submarine
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2024-5211 HIGH POC PATCH This Week

A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the `normalizePath()` function, intended to defend against path traversal attacks. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Denial Of Service Anythingllm
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-5897 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Employee And Visitor Gate Pass Logging System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-5896 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Employee And Visitor Gate Pass Logging System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-5894 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Eyewear Shop
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-36523 MEDIUM POC This Month

An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gb28181
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-31217 MEDIUM POC PATCH This Month

Strapi is an open-source content management system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Strapi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-0427 MEDIUM POC This Month

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.4.1 does not properly escape user-controlled input when it is reflected in some of its AJAX actions. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Arforms
NVD WPScan
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-37629 MEDIUM POC This Month

SummerNote v0.9.1 is vulnerable to Cross Site Scripting (XSS) via the Code View Function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Summernote
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-4924 MEDIUM POC This Month

The Social Sharing Plugin WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Sassy Social Share
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-36265 CRITICAL Act Now

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core.8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Submarine
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-37036 CRITICAL Act Now

when sending a malformed POST request and particular configuration parameters are set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Buffer Overflow Memory Corruption Sage Rtu Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-36264 CRITICAL PATCH Act Now

** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Apache Submarine
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-22855 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the User Maintenance section of ITSS iMLog v1.307 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Imlog
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-5898 MEDIUM POC This Month

A vulnerability was found in itsourcecode Payroll Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Payroll Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-5895 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0.php?f=delete. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Employee And Visitor Gate Pass Logging System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-5893 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Cab Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Cab Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-1659 CRITICAL Act Now

Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication.10. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Megabip
NVD
CVSS 4.0
9.3
EPSS
0.7%
CVE-2024-1577 CRITICAL Act Now

Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection PHP RCE Megabip
NVD
CVSS 4.0
9.3
EPSS
1.1%
CVE-2024-1576 CRITICAL Act Now

SQL Injection vulnerability in MegaBIP software allows attacker to obtain site administrator privileges, including access to the administration panel and the ability to change the administrator. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Megabip
NVD
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-36840 CRITICAL Act Now

SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP RCE
NVD VulDB
CVSS 3.1
9.1
EPSS
2.2%
CVE-2024-4315 CRITICAL PATCH Act Now

parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft
NVD GitHub
CVSS 3.0
9.1
EPSS
1.0%
CVE-2024-4845 HIGH PATCH This Week

The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘options[list_id]’ parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Icegram Express
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-37038 HIGH PATCH This Week

user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Sage Rtu Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-25949 HIGH PATCH This Week

Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Dell Networking Os10
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-2698 HIGH This Week

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Freeipa
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-3468 HIGH This Week

There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 4.0
8.4
EPSS
0.4%
CVE-2024-5543 HIGH This Week

The Slideshow Gallery LITE plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.8.1 due to insufficient escaping on the user. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-37040 HIGH PATCH This Week

exists that could allow a user with access to the device’s web interface to cause a fault on the device when sending a malformed HTTP request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Sage Rtu Firmware
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-37037 HIGH PATCH This Week

Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sage Rtu Firmware
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2024-37300 HIGH PATCH This Week

OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-5154 HIGH PATCH This Week

A flaw was found in cri-o. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cri O Openshift Container Platform
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2024-3183 HIGH This Week

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Enterprise Linux Enterprise Linux Aus Enterprise Linux Eus Enterprise Linux Tus +1
NVD
CVSS 3.1
8.1
EPSS
2.1%
CVE-2024-2747 HIGH This Week

cause privilege escalation when a valid user replaces a trusted file name on the system and reboots the machine. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Easergy Studio
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0865 HIGH This Week

escalation when logged in as a non-administrative user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ecostruxure It Gateway
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-28964 HIGH This Week

Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Dell Common Event Enabler
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-36856 HIGH This Week

RMQTT Broker 0.4.0 is vulnerable to Denial of Service (DoS) due to improper session resource management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-5798 HIGH PATCH This Week

Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Vault
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-5560 HIGH PATCH This Week

device’s web interface when an attacker sends a specially crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Sage Rtu Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-37039 HIGH PATCH This Week

device when an attacker sends a specially crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Sage Rtu Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-29181 LOW POC PATCH Monitor

Strapi is an open-source content management system. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Strapi
NVD GitHub
CVSS 3.1
3.5
EPSS
0.4%
CVE-2024-3467 HIGH This Week

There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Pi Asset Framework Client
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2024-5674 MEDIUM This Month

The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the check_api_key function in all versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP WordPress Authentication Bypass Newsletter
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2024-5559 MEDIUM This Month

cause denial of service, device reboot, or an attacker gaining full control of the relay when a specially crafted reset token is entered into the front panel of the device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Powerlogic P5 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-5909 MEDIUM This Month

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Paloalto Microsoft Cortex Xdr Agent
NVD
CVSS 4.0
6.8
EPSS
0.4%
CVE-2024-0160 MEDIUM This Month

Dell Client Platform contains an incorrect authorization vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Xps 17 9700 Firmware Xps 15 9500 Firmware Vostro 7500 Firmware +12
NVD
CVSS 3.1
6.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy