Skip to main content
CVE-2024-35537 HIGH POC This Week

TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Information Disclosure Google Tvs Connect
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-5455 HIGH This Week

The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazine_style' parameter within the Dynamic. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP WordPress RCE +2
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-5503 HIGH This Week

The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP WordPress RCE +1
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-35778 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John West Slideshow SE PHP Local File Inclusion.5.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP Slideshow Se
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-37230 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Book Landing Page.2.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Book Landing Page
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-37227 HIGH This Week

Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.9.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Newsletters
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-37212 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Ali2Woo Lite.3.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Aliexpress Dropshipping With Alinext
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-37198 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in blazethemes Digital Newspaper.1.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Digital Newspaper
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-37118 HIGH This Week

Cross Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Automator Pro.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Uncanny Automator
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-35772 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Hueman.7.24. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Hueman
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-35771 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Customizr.4.21. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Customizr
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-35770 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Dave Kiss Vimeography: Vimeo Video Gallery WordPress Plugin.4.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Vimeography
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-39277 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle NUMA_NO_NODE correctly cpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-36477 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer The TPM SPI transfer mechanism uses MAX_SPI_FRAMESIZE for. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-38631 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: iio: adc: PAC1934: fix accessing out of bounds array index Fix accessing out of bounds array index for average current and voltage. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-38630 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger When the cpu5wdt module is removing, the origin code uses. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-38629 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Avoid unnecessary destruction of file_ida file_ida is allocated during cdev open and is freed accordingly during. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-38627 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: stm class: Fix a double free in stm_register_device() The put_device(&stm->dev) call will trigger stm_device_release() which frees. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-31890 HIGH This Week

IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation IBM
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-5059 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Event Management Tickets Booking.4.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Event Monster
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-35776 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exeebit phpinfo() WP.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Phpinfo Wp
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-2003 HIGH This Week

Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from quarantine. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Eset
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-35767 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Code Injection.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Squeeze
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-38635 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: soundwire: cadence: fix invalid PDI offset For some reason, we add an offset to the PDI, presumably to skip the PDI0 and PDI1 which. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-38659 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: enic: Validate length of nl attributes in enic_set_vf_port enic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE is of. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-38381 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_rx_work syzbot reported the following uninit-value access issue [1] nci_rx_work() parses received. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-34777 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: fix node id validation While validating node ids in map_benchmark_ioctl(), node_possible() may be provided. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-38621 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: media: stk1160: fix bounds checking in stk1160_copy_video() The subtract in this condition is reversed. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy