Skip to main content
CVE-2024-37829 HIGH POC This Week

An issue in Outline <= v0.76.1 allows attackers to execute a session hijacking attack via user interaction with a crafted magic sign-in link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Outline
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-39063 HIGH POC This Week

Lime Survey <= 6.5.12 is vulnerable to Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Limesurvey
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-40039 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=del. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-40037 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=del. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-40036 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=add&nohrefStr=close. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-40034 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=del. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-6607 HIGH POC This Week

It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a `&lt;select&gt;` element over certain permission prompts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-5441 HIGH Act Now

The Modern Events Calendar plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_featured_image function in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 19.7% and no vendor patch available.

File Upload RCE WordPress Modern Events Calendar Modern Events Calendar Lite
NVD
CVSS 3.1
8.8
EPSS
19.7%
CVE-2024-37871 HIGH POC This Week

SQL injection vulnerability in login.php in Itsourcecode Online Discussion Forum Project in PHP with Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the email parameter. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Discussion Forum
NVD GitHub
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-37872 HIGH POC This Week

SQL injection vulnerability in process.php in Itsourcecode Billing System in PHP 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Billing System
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-5549 HIGH POC PATCH This Week

A CORS misconfiguration in the stitionai/devika repository allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Devika
NVD GitHub
CVSS 3.0
8.1
EPSS
0.3%
CVE-2024-6161 HIGH Act Now

The Default Thumbnail Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'get_cache_image' function in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.9% and no vendor patch available.

File Upload RCE WordPress
NVD
CVSS 3.1
8.8
EPSS
13.9%
CVE-2024-39698 HIGH POC PATCH This Week

electron-updater allows for automatic updates for Electron apps. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

XSS Microsoft Electron Builder
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-6317 HIGH This Week

The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP CSRF WordPress RCE +1
NVD
CVSS 3.1
8.8
EPSS
6.0%
CVE-2024-6316 HIGH This Week

The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload WordPress RCE CSRF Generate Pdf Using Contact Form 7
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2024-6310 HIGH This Week

The Advanced AJAX Page Loader plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 2.7.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress CSRF File Upload
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2024-6321 HIGH This Week

The ScrollTo Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress CSRF File Upload
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-6320 HIGH This Week

The ScrollTo Top plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress CSRF File Upload
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-6069 HIGH This Week

The Registration Forms - User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to unauthorized arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-6309 HIGH This Week

The Attachment File Icons (AF Icons) plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload WordPress RCE CSRF
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-6166 HIGH PATCH This Week

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘addons_order’ parameter in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi Unlimited Elements For Elementor Free Widgets Addons Templates Elementor
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-5793 HIGH This Week

The Houzez Theme - Functionality plugin for WordPress is vulnerable to SQL Injection via the ‘currency_code’ parameter in all versions up to, and including, 3.2.2 due to insufficient escaping on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-5456 HIGH This Week

The Panda Video plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.0 via the 'selected_button' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Path Traversal WordPress RCE
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-34722 HIGH PATCH This Week

In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-38104 HIGH PATCH This Week

Windows Fax Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-38092 HIGH PATCH This Week

Azure CycleCloud Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Azure Cyclecloud
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-38088 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-38087 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Sql Server 2016 Sql Server 2017 Sql Server 2019 Sql Server 2022
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-38060 HIGH PATCH This Week

Windows Imaging Component Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
15.9%
CVE-2024-38053 HIGH PATCH This Week

Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE Memory Corruption Windows 10 1507 +12
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-38021 HIGH PATCH This Week

Microsoft Outlook Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft 365 Apps Office Office Long Term Servicing Channel
NVD
CVSS 3.1
8.8
EPSS
3.5%
CVE-2024-37973 HIGH PATCH This Week

Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-37336 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Sql Server 2016 Sql Server 2017 Sql Server 2019 +1
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-37334 HIGH PATCH This Week

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Ole Db Driver For Sql Server +2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-37333 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-37332 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-37331 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-37330 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-37329 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-37328 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-37327 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-37326 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-37324 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-37323 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Sql Server 2016 Sql Server 2017 Sql Server 2019 +1
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-37322 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-37321 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-37320 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-37319 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-37318 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-35272 HIGH PATCH This Week

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Sql Server 2016 Sql Server 2017 +2
NVD
CVSS 3.1
8.8
EPSS
1.9%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy