Skip to main content
CVE-2024-2376 HIGH POC This Week

The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wpqa Builder
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-29509 HIGH This Week

Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ghostscript
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-29506 HIGH This Week

Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ghostscript
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-34750 HIGH PATCH This Week

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Denial Of Service Ontap Tools
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2024-29511 HIGH This Week

Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ghostscript
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-35227 HIGH PATCH This Week

Discourse is an open-source discussion platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-6427 HIGH This Week

Uncontrolled Resource Consumption vulnerability in MESbook 20221021.03 version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mesbook
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-38453 HIGH This Week

The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-5672 HIGH This Week

A high privileged remote attacker can execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-6426 HIGH This Week

Information exposure vulnerability in MESbook 20221021.03 version, the exploitation of which could allow a local attacker, with user privileges, to access different resources by changing the API. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Mesbook
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy