Skip to main content
CVE-2024-4271 MEDIUM POC This Month

The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Svgator
NVD WPScan
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-3993 MEDIUM POC This Month

The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Azan
NVD WPScan
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-2218 MEDIUM POC This Month

The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Luckywp Table Of Contents
NVD WPScan
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-4404 HIGH This Week

The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF Elementskit
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2024-37369 HIGH This Week

A privilege escalation vulnerability exists in the affected product. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Factorytalk View
NVD
CVSS 4.0
8.5
EPSS
0.3%
CVE-2024-36459 HIGH This Week

A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
8.4
EPSS
0.4%
CVE-2024-27169 HIGH This Week

Toshiba printers provides API without authentication for internal access. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2024-5659 HIGH This Week

Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Controllogix 5580 Firmware Guardlogix 5580 Firmware 1756 En4 Firmware +3
NVD
CVSS 4.0
8.3
EPSS
0.3%
CVE-2024-4751 MEDIUM POC This Month

The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Prayer
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-3972 MEDIUM POC This Month

The Similarity WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Similarity
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-3971 MEDIUM POC This Month

The Similarity WordPress plugin through 3.0 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Similarity
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-37368 HIGH This Week

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rockwell Factorytalk View
NVD
CVSS 4.0
8.2
EPSS
0.5%
CVE-2024-37367 HIGH This Week

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rockwell Factorytalk View
NVD
CVSS 4.0
8.2
EPSS
0.5%
CVE-2024-36598 HIGH This Week

An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary code via uploading a crafted image file. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE File Upload
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-37882 HIGH PATCH This Week

Nextcloud Server is a self hosted personal cloud system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-34694 HIGH PATCH This Week

LNbits is a Lightning wallet and accounts system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-5685 HIGH PATCH This Week

Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.6.17 through v6.4.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Snipe It
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-37885 HIGH PATCH This Week

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Nextcloud RCE Apple Desktop
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-3498 HIGH This Week

Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-27165 HIGH This Week

Toshiba printers contain a suidperl binary and it has a Local Privilege Escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27155 HIGH This Week

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.7
EPSS
0.4%
CVE-2024-5551 HIGH PATCH This Week

The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress PHP CSRF Wp Staging
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-37313 HIGH PATCH This Week

Nextcloud server is a self hosted personal cloud system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-2122 MEDIUM PATCH This Month

The Best WordPress Gallery Plugin - FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Foogallery
NVD
CVSS 3.1
6.4
EPSS
5.1%
CVE-2024-27171 HIGH This Week

A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation RCE Python
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2024-27170 HIGH This Week

It was observed that all the Toshiba printers contain credentials used for WebDAV access in the readable file. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-27167 HIGH This Week

Toshiba printers use Sendmail to send emails to recipients. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-27166 HIGH This Week

Coredump binaries in Toshiba printers have incorrect permissions. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-27158 HIGH This Week

All the Toshiba printers share the same hardcoded root password. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-27153 HIGH This Week

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-27152 HIGH This Week

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-27151 HIGH This Week

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2024-27150 HIGH This Week

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-27149 HIGH This Week

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-27148 HIGH This Week

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-27147 HIGH This Week

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-1094 HIGH This Week

The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-31163 HIGH This Week

ASUS Download Master has a buffer overflow vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-31162 HIGH This Week

The specific function parameter of ASUS Download Master does not properly filter user input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-31161 HIGH This Week

The upload functionality of ASUS Download Master does not properly filter user input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Download Master
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-27178 HIGH This Week

An attacker can get Remote Code Execution by overwriting files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2024-27177 HIGH This Week

An attacker can get Remote Code Execution by overwriting files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2024-27176 HIGH This Week

An attacker can get Remote Code Execution by overwriting files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2024-3079 HIGH This Week

Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-27168 HIGH This Week

It appears that some hardcoded keys are used for authentication to internal API. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-27164 HIGH This Week

Toshiba printers contain hardcoded credentials. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-6003 MEDIUM This Month

A vulnerability was found in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-5731 MEDIUM This Month

A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows an attacker to control the destination of a request by manipulating the parameter, thereby. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-27157 MEDIUM This Month

The sessions are stored in clear-text logs. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-27156 MEDIUM This Month

The session cookies, used for authentication, are stored in clear-text logs. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.8
EPSS
0.4%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy