Skip to main content
CVE-2024-3604 CRITICAL Act Now

The OSM - OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'tagged_filter' attribute of the 'osm_map_v3' shortcode in all versions up to, and including, 6.0.3 due to. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Openstreetmap
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2024-6317 HIGH This Week

The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP CSRF WordPress RCE +1
NVD
CVSS 3.1
8.8
EPSS
6.0%
CVE-2024-40035 MEDIUM POC This Month

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-38089 CRITICAL PATCH Act Now

Microsoft Defender for IoT Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft Defender For Iot
NVD
CVSS 3.1
9.9
EPSS
1.2%
CVE-2024-37424 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Newspack Blocks allows Upload a Web Shell to a Web Server.0.8. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.5%
CVE-2024-37420 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in WPZita Zita Elementor Site Library allows Upload a Web Shell to a Web Server.6.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.5%
CVE-2024-39071 CRITICAL Act Now

Fujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in send_event.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection PHP RCE SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-38077 CRITICAL PATCH Act Now

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows Server 2008 +5
NVD
CVSS 3.1
9.8
EPSS
75.4%
CVE-2024-38076 CRITICAL PATCH Act Now

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows Server 2016 +3
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2024-38074 CRITICAL PATCH Act Now

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Microsoft Windows Server 2008 Windows Server 2012 +4
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2024-27782 CRITICAL Act Now

Multiple insufficient session expiration weaknesses [CWE-613] vulnerability in Fortinet FortiAIOps 2.0.0 may allow an attacker to re-use stolen old session tokens to perform unauthorized operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiaiops
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-6611 CRITICAL Act Now

A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-6602 CRITICAL Act Now

A mismatch between allocator and deallocator could have led to memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Buffer Overflow Mozilla Firefox +1
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-37934 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Saturday Drive Ninja Forms allows Code Injection.8.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Ninja Forms
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-37112 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Membership Software WishList Member X.26.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Wishlist Member
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-28747 CRITICAL Act Now

An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-39118 MEDIUM POC PATCH This Month

Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write arbitrary files via restoring a crafted back up. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Advanced Backups
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-39031 MEDIUM POC PATCH This Month

In Silverpeas Core <= 6.3.5, in Mes Agendas, a user can create new events and add them to their calendar. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Silverpeas
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2024-6316 HIGH This Week

The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload WordPress RCE CSRF Generate Pdf Using Contact Form 7
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2024-40038 MEDIUM POC This Month

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=rev. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-6527 CRITICAL Act Now

SQL Injection vulnerability in parameter "w" in file "druk.php" in MegaBIP software allows unauthorized attacker to disclose the contents of the database and obtain administrator's token to modify. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP
NVD
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-39872 CRITICAL PATCH Act Now

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Sinema Remote Connect Server
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-37555 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in ZealousWeb Generate PDF using Contact Form 7 generate-pdf-using-contact-form-7.1.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD VulDB
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-6310 HIGH This Week

The Advanced AJAX Page Loader plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 2.7.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress CSRF File Upload
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2024-6321 HIGH This Week

The ScrollTo Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress CSRF File Upload
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-6320 HIGH This Week

The ScrollTo Top plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress CSRF File Upload
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-6069 HIGH This Week

The Registration Forms - User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to unauthorized arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-6309 HIGH This Week

The Attachment File Icons (AF Icons) plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload WordPress RCE CSRF
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-28751 CRITICAL Act Now

An high privileged remote attacker can enable telnet access that accepts hardcoded credentials. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-6166 HIGH PATCH This Week

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘addons_order’ parameter in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi Unlimited Elements For Elementor Free Widgets Addons Templates Elementor
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-5793 HIGH This Week

The Houzez Theme - Functionality plugin for WordPress is vulnerable to SQL Injection via the ‘currency_code’ parameter in all versions up to, and including, 3.2.2 due to insufficient escaping on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-5456 HIGH This Week

The Panda Video plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.0 via the 'selected_button' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Path Traversal WordPress RCE
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-34722 HIGH PATCH This Week

In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-38104 HIGH PATCH This Week

Windows Fax Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-38092 HIGH PATCH This Week

Azure CycleCloud Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Azure Cyclecloud
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-38088 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-38087 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Sql Server 2016 Sql Server 2017 Sql Server 2019 Sql Server 2022
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-38060 HIGH PATCH This Week

Windows Imaging Component Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
15.9%
CVE-2024-38053 HIGH PATCH This Week

Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE Memory Corruption Windows 10 1507 +12
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-38021 HIGH PATCH This Week

Microsoft Outlook Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft 365 Apps Office Office Long Term Servicing Channel
NVD
CVSS 3.1
8.8
EPSS
3.5%
CVE-2024-37973 HIGH PATCH This Week

Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-37336 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Sql Server 2016 Sql Server 2017 Sql Server 2019 +1
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-37334 HIGH PATCH This Week

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Ole Db Driver For Sql Server +2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-37333 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-37332 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-37331 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-37330 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-37329 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-37328 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-37327 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.6%
Prev Page 2 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy