Skip to main content
CVE-2024-6132 HIGH Act Now

The Pexels: Free Stock Photos plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'pexels_fsp_images_options_validate' function in all versions up. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 40.4% and no vendor patch available.

File Upload WordPress RCE
NVD
CVSS 3.1
8.8
EPSS
40.4%
CVE-2024-36678 CRITICAL POC Act Now

In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can perform SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pk Themesettings
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-36116 CRITICAL POC PATCH Act Now

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Reposilite
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-5853 CRITICAL PATCH Act Now

The Image Optimizer, Resizer and CDN - Sirv plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the sirv_upload_file_by_chanks AJAX action in all. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.5%.

RCE WordPress File Upload Sirv
NVD
CVSS 3.1
9.9
EPSS
10.5%
CVE-2024-3229 CRITICAL PATCH Act Now

The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the SLN_Action_Ajax_ImportAssistants function along with missing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress File Upload RCE Salon Booking System
NVD
CVSS 3.1
9.8
EPSS
8.7%
CVE-2024-36117 HIGH POC PATCH This Week

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Reposilite
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2024-2381 HIGH This Week

The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload Aliexpress Dropshipping With Alinext
NVD
CVSS 3.1
8.8
EPSS
9.4%
CVE-2024-5208 MEDIUM POC PATCH This Month

An uncontrolled resource consumption vulnerability exists in the `upload-link` endpoint of mintplex-labs/anything-llm. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Anythingllm
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2024-36679 CRITICAL Act Now

In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) <=8.4.0, a guest can perform PHP Code injection. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection PHP RCE
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2024-34990 CRITICAL Act Now

In the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a customer can upload .php files. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload
NVD GitHub
CVSS 3.1
10.0
EPSS
0.5%
CVE-2024-38612 CRITICAL PATCH Act Now

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL is not. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-36684 CRITICAL Act Now

In the module "Custom links" (pk_customlinks) <= 2.3 from Promokit.eu for PrestaShop, a guest can perform SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Pk Customlinks
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-34994 CRITICAL Act Now

In the module "Channable" (channable) up to version 3.2.1 from Channable for PrestaShop, a guest can perform SQL injection via `ChannableFeedModuleFrontController::postProcess()`. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-33836 CRITICAL Act Now

In the module "JA Marketplace" (jamarketplace) up to version 9.0.1 from JA Module for PrestaShop, a guest can upload files with extensions .php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-38541 CRITICAL PATCH Act Now

In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-37124 CRITICAL Act Now

Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-36480 CRITICAL Act Now

Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-5021 CRITICAL Act Now

The WordPress Picture / Portfolio / Media Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.1 via the 'file_get_contents' function. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SSRF
NVD
CVSS 3.1
9.3
EPSS
0.7%
CVE-2024-37881 MEDIUM POC This Month

SiteGuard WP Plugin provides a functionality to customize the path to the login page wp-login.php and implements a measure to avoid redirection from other URLs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2024-5724 HIGH This Week

The Photo Video Gallery Master plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.3 via deserialization of untrusted input 'PVGM_all_photos_details'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP Information Disclosure Deserialization Photo Video Gallery Master
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-5343 HIGH This Week

The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.19. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-22263 HIGH This Week

Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Kubernetes File Upload
NVD
CVSS 3.1
8.8
EPSS
17.5%
CVE-2024-38605 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ALSA: core: Fix NULL module pointer assignment at card init The commit 81033c6b584b ("ALSA: core: Warn on empty module") introduced. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference RCE Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-6146 HIGH This Week

Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Wcb6200Q Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-6145 HIGH This Week

Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Wcb6200Q Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-6144 HIGH This Week

Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Wcb6200Q Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-6143 HIGH This Week

Actiontec WCB6200Q uh_tcp_recv_header Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Wcb6200Q Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-6142 HIGH This Week

Actiontec WCB6200Q uh_tcp_recv_content Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Wcb6200Q Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-35780 HIGH This Week

Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer.5.42. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2024-6125 HIGH This Week

The Login with phone number plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.7.34. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE WordPress
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2024-38616 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: re-fix fortified-memset warning The carl9170_tx_release() function sometimes triggers a fortified-memset warning in. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2024-32030 HIGH This Week

Kafka UI is an Open-Source Web UI for Apache Kafka Management. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Code Injection Apache RCE
NVD GitHub
CVSS 3.1
8.1
EPSS
34.1%
CVE-2024-36978 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: sched: sch_multiq: fix possible OOB write in multiq_tune() q->bands will be assigned to qopt->bands to execute subsequent code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-38578 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ecryptfs: Fix buffer size for tag 66 packet The 'TAG 66 Packet Format' description is missing the cipher code and checksum fields. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-38552 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential index out of bounds in color transformation function Fixes index out of bounds issue in the color. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Amd Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-38610 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() Patch series "mm: follow_pte() improvements and acrn follow_pte(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-38588 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix possible use-after-free issue in ftrace_location() KASAN reports a bug: BUG: KASAN: use-after-free in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-38586 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: r8169: Fix possible ring buffer corruption on fragmented Tx packets. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-38583 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-38581 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/mes: fix use-after-free issue Delete fence fallback timer to fix the ramdom use-after-free issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-38577 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow There is a possibility of buffer overflow in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-38570 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix potential glock use-after-free on unmount When a DLM lockspace is released and there ares still locks in that lockspace,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-38569 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group The perf tool allows users to create event groups through. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-38568 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group The perf tool allows users to create event groups through. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-38562 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: Avoid address calculations via out of bounds array indexing Before request->channels[] can be used,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-38556 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Add a timeout to acquire the command queue semaphore Prevent forced completion handling on an entry that has not yet been. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-38555 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Discard command completions in internal error Fix use after free when FW completion arrives while device is in internal. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Linux Denial Of Service Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-38545 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix UAF for cq async event The refcount of CQ is not protected by locks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-36979 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix vlan use-after-free syzbot reported a suspicious rcu usage[1] in bridge's mst code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Google Use After Free Memory Corruption Information Disclosure Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-38329 HIGH This Week

IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass VMware IBM Storage Protect For Virtual Environments
NVD
CVSS 3.1
7.7
EPSS
0.5%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy