Skip to main content
CVE-2024-37085 MEDIUM KEV PATCH THREAT Act Now

VMware ESXi contains an authentication bypass vulnerability.

NVD
CVSS 3.1
6.8
EPSS
74.8%
CVE-2024-6028 CRITICAL POC PATCH THREAT Act Now

The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.3%.

SQLi WordPress Quiz Maker
NVD
CVSS 3.1
9.8
EPSS
80.3%
Threat
5.9
CVE-2024-37843 CRITICAL POC THREAT Act Now

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Craft Cms
NVD
CVSS 3.1
9.8
EPSS
51.3%
CVE-2024-4885 CRITICAL POC KEV THREAT Act Now

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Whatsup Gold
NVD
CVSS 3.1
9.8
EPSS
99.3%
CVE-2024-5806 CRITICAL POC THREAT Act Now

Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Moveit Transfer
NVD
CVSS 3.1
9.8
EPSS
75.8%
CVE-2024-5276 CRITICAL POC THREAT Act Now

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Filecatalyst Workflow
NVD
CVSS 3.1
9.1
EPSS
90.1%
CVE-2024-4757 HIGH POC This Week

The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Logo Manager For Enamad
NVD WPScan
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-4498 HIGH POC This Week

A Path Traversal and Remote File Inclusion (RFI) vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

RCE Path Traversal Lollms Web Ui
NVD
CVSS 3.0
7.7
EPSS
0.5%
CVE-2024-38952 HIGH POC This Week

PX4-Autopilot v1.14.3 was discovered to contain a buffer overflow via the topic_name parameter at /logger/logged_topics.cpp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Px4 Drone Autopilot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-5216 HIGH POC PATCH This Week

A vulnerability in mintplex-labs/anything-llm allows for a Denial of Service (DoS) condition due to uncontrolled resource consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Anythingllm
NVD GitHub
CVSS 3.0
7.5
EPSS
0.6%
CVE-2024-21827 HIGH POC This Week

A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link RCE Er7206 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-6308 MEDIUM POC This Month

A vulnerability was found in itsourcecode Simple Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Online Hotel Reservation System
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-5017 MEDIUM POC This Month

In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Whatsup Gold
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2024-38951 MEDIUM POC This Month

A buffer overflow in PX4-Autopilot v1.12.3 allows attackers to cause a Denial of Service (DoS) via a crafted MavLink message. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Px4 Drone Autopilot
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-5261 CRITICAL Act Now

Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for accessing LibreOffice functionality through. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice
NVD
CVSS 4.0
10.0
EPSS
0.4%
CVE-2024-6297 CRITICAL Act Now

Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection WordPress PHP
NVD
CVSS 3.1
10.0
EPSS
1.0%
CVE-2024-35527 CRITICAL Act Now

An arbitrary file upload vulnerability in /fileupload/upload.cfm in Daemon PTY Limited FarCry Core framework before 7.2.14 allows attackers to execute arbitrary code via uploading a crafted .cfm file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-21741 CRITICAL Act Now

GigaDevice GD32E103C8T6 devices have Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-4884 CRITICAL Act Now

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Whatsup Gold
NVD
CVSS 3.1
9.8
EPSS
24.3%
CVE-2024-4883 CRITICAL Act Now

In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Whatsup Gold
NVD
CVSS 3.1
9.8
EPSS
64.8%
CVE-2024-39462 CRITICAL PATCH Act Now

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: dvp: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-4641 CRITICAL Act Now

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oncell G3470A Lte Us T Firmware Oncell G3470A Lte Eu Firmware Oncell G3470A Lte Eu T Firmware Oncell G3470A Lte Us Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-4197 CRITICAL Act Now

An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft File Upload Ip Office
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-4196 CRITICAL Act Now

An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Ip Office
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-4759 MEDIUM POC This Month

The Mime Types Extended WordPress plugin through 0.11 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mime Types Extended
NVD WPScan
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-6060 CRITICAL Act Now

An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2024-5989 CRITICAL Act Now

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Rockwell SQLi Thinmanager Thinserver
NVD
CVSS 4.0
9.3
EPSS
2.4%
CVE-2024-5988 CRITICAL Act Now

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Rockwell Thinmanager Thinserver
NVD
CVSS 4.0
9.3
EPSS
2.7%
CVE-2024-5805 CRITICAL Act Now

Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.0.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Moveit Gateway
NVD
CVSS 3.1
9.1
EPSS
7.6%
CVE-2024-5431 HIGH This Week

The WPCafe - Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress PHP LFI Wpcafe
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-5015 HIGH This Week

In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Whatsup Gold
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-38516 HIGH PATCH This Week

ai-client-html is an Aimeos e-commerce HTML client component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5008 HIGH This Week

In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Whatsup Gold
NVD
CVSS 3.1
8.8
EPSS
17.3%
CVE-2024-6257 HIGH PATCH This Week

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Hashicorp Command Injection Go Getter
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-6303 HIGH This Week

Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the #admins alias. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Conduit
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-4639 HIGH This Week

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Oncell G3470A Lte Us T Firmware Oncell G3470A Lte Eu Firmware Oncell G3470A Lte Eu T Firmware Oncell G3470A Lte Us Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-4638 HIGH This Week

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Oncell G3470A Lte Eu T Firmware Oncell G3470A Lte Eu Firmware Oncell G3470A Lte Us Firmware Oncell G3470A Lte Us T Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-5990 HIGH This Week

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Thinmanager Thinserver
NVD
CVSS 4.0
8.7
EPSS
2.3%
CVE-2024-5012 HIGH This Week

In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Whatsup Gold
NVD
CVSS 3.1
8.6
EPSS
0.4%
CVE-2024-37855 HIGH This Week

An issue in Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, hardware verstion 1.0 firmware 2.0.1 allows a remote attacker to execute arbitrary code via the router's Telnet port 2345 without. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
8.4
EPSS
0.5%
CVE-2024-5009 HIGH This Week

In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Whatsup Gold
NVD
CVSS 3.1
8.4
EPSS
15.0%
CVE-2024-37742 HIGH This Week

Insecure Access Control in Safe Exam Browser (SEB) = 3.5.0 on Windows. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft
NVD GitHub
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-4640 HIGH This Week

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Oncell G3470A Lte Us T Firmware Oncell G3470A Lte Eu Firmware Oncell G3470A Lte Eu T Firmware Oncell G3470A Lte Us Firmware
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-39463 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: 9p: add missing locking around taking dentry fid list Fix a use-after-free on dentry's d_fsdata fid list when a thread looks up a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-37007 HIGH This Week

A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk applications, can cause a use-after-free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-37006 HIGH This Week

A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-37005 HIGH This Week

A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Read. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Advance Steel Civil 3D +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-37004 HIGH This Week

A maliciously crafted SLDPRT file, when parsed in ASMKERN229A.dll through Autodesk applications, can cause a use-after-free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-37003 HIGH This Week

A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Stack Overflow RCE Autocad +8
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-36999 HIGH This Week

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Write. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy