Skip to main content
CVE-2024-6365 CRITICAL Emergency

The Product Table by WBW plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'saveCustomTitle' function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 30.3% and no vendor patch available.

WordPress PHP RCE Code Injection
NVD
CVSS 3.1
9.8
EPSS
30.3%
CVE-2024-3596 CRITICAL CISA Emergency

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 19.0% and no vendor patch available.

Information Disclosure Freeradius Brocade Sannav Fabric Operating System Sonicos
NVD
CVSS 3.1
9.0
EPSS
19.0%
Threat
4.4
CVE-2024-6313 CRITICAL Act Now

The Gutenberg Forms plugin for WordPress is vulnerable to arbitrary file uploads due to the users can specify the allowed file types in the 'upload' function in versions up to, and including, 2.2.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 23.2% and no vendor patch available.

RCE WordPress File Upload
NVD
CVSS 3.1
9.8
EPSS
23.2%
CVE-2024-39171 CRITICAL POC Act Now

Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Phpvibe
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-48194 CRITICAL POC Act Now

Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac8 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-37873 CRITICAL POC Act Now

SQL injection vulnerability in view_payslip.php in Itsourcecode Payroll Management System Project In PHP With Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the id. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Payroll Management System Project In Php With Source Code
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-37870 CRITICAL POC Act Now

SQL injection vulnerability in processscore.php in Learning Management System Project In PHP With Source Code 1.0 allows attackers to execute arbitrary SQL commands via the id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Learning Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-36526 CRITICAL POC Act Now

ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zkbio Cvsecurity
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-5488 CRITICAL POC Act Now

The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another Object Injection vulnerability can allow unauthenticated attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization WordPress Seopress
NVD WPScan
CVSS 3.1
9.8
EPSS
3.7%
CVE-2024-37829 HIGH POC This Week

An issue in Outline <= v0.76.1 allows attackers to execute a session hijacking attack via user interaction with a crafted magic sign-in link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Outline
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-39063 HIGH POC This Week

Lime Survey <= 6.5.12 is vulnerable to Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Limesurvey
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-40039 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=del. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-40037 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=del. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-40036 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=add&nohrefStr=close. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-40034 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=del. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-6607 HIGH POC This Week

It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a `&lt;select&gt;` element over certain permission prompts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-5441 HIGH Act Now

The Modern Events Calendar plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_featured_image function in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 19.7% and no vendor patch available.

File Upload RCE WordPress Modern Events Calendar Modern Events Calendar Lite
NVD
CVSS 3.1
8.8
EPSS
19.7%
CVE-2024-6314 CRITICAL Act Now

The IQ Testimonials plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process_image_upload' function in versions up to, and including,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.3% and no vendor patch available.

PHP RCE WordPress File Upload
NVD
CVSS 3.1
9.8
EPSS
13.3%
CVE-2024-37871 HIGH POC This Week

SQL injection vulnerability in login.php in Itsourcecode Online Discussion Forum Project in PHP with Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the email parameter. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Discussion Forum
NVD GitHub
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-37872 HIGH POC This Week

SQL injection vulnerability in process.php in Itsourcecode Billing System in PHP 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Billing System
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-5549 HIGH POC PATCH This Week

A CORS misconfiguration in the stitionai/devika repository allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Devika
NVD GitHub
CVSS 3.0
8.1
EPSS
0.3%
CVE-2024-6161 HIGH Act Now

The Default Thumbnail Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'get_cache_image' function in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.9% and no vendor patch available.

File Upload RCE WordPress
NVD
CVSS 3.1
8.8
EPSS
13.9%
CVE-2024-39698 HIGH POC PATCH This Week

electron-updater allows for automatic updates for Electron apps. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

XSS Microsoft Electron Builder
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-2177 MEDIUM POC This Month

A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-6170 MEDIUM POC PATCH This Month

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘email’ parameter in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Unlimited Elements For Elementor Free Widgets Addons Templates Elementor
NVD GitHub
CVSS 3.1
6.4
EPSS
0.6%
CVE-2024-39181 MEDIUM POC This Month

Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered to contain a buffer overflow via the ApCliSsid parameter in thegenerate_conf_router() function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Lbt T300 T400 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-6169 MEDIUM POC PATCH This Month

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Unlimited Elements For Elementor Free Widgets Addons Templates Elementor
NVD GitHub
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-37418 CRITICAL PATCH Act Now

Remote code execution in the Church Admin WordPress plugin (versions up to and including 4.4.6) allows authenticated low-privilege users to upload files of dangerous types, leading to full compromise of the underlying WordPress site. The CVSS 9.9 score reflects scope change and complete confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and EPSS scores exploitation probability at 1.58% (82nd percentile).

File Upload
NVD VulDB
CVSS 3.1
9.9
EPSS
1.6%
CVE-2024-38963 MEDIUM POC This Month

Nopcommerce 4.70.1 is vulnerable to Cross Site Scripting (XSS) via the combined "AddProductReview.Title" and "AddProductReview.ReviewText" parameter(s) (Reviews) when creating a new review. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nopcommerce
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-38959 MEDIUM POC This Month

Cross Site Scripting vulnerability in Creativeitem Academy LMS Learning Management System v.6.8.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the string. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Academy Lms
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-37830 MEDIUM POC This Month

An issue in Outline <= v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Outline
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-40742 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-40741 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40740 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40739 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/add. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40738 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40737 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/add. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40736 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/add. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40735 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40734 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/add/. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40733 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40732 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/add/. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40731 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40730 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40729 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/add/. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40728 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40727 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40726 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-38972 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/add/. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-6334 MEDIUM POC This Month

The Easy Table of Contents WordPress plugin before 2.0.67.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Easy Table Of Contents
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
Page 1 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy