Skip to main content
CVE-2024-1845 HIGH POC This Week

The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Vikrentcar
NVD WPScan
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-6666 HIGH PATCH This Week

The WP ERP plugin for WordPress is vulnerable to SQL Injection via the ‘vendor_id’ and 'status' parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Wp Erp
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-39904 HIGH This Week

VNote is a note-taking platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-39552 HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-39551 HIGH This Week

An Uncontrolled Resource Consumption vulnerability in the H.323 ALG (Application Layer Gateway) of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 and MS-MPC/MIC, allows an. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-39549 HIGH This Week

A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-39545 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in the the IKE daemon (iked) of Juniper Networks Junos OS on SRX Series, MX Series with SPC3 and NFX350 allows allows an. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-39542 HIGH This Week

An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MPC10/11 or LC9600, MX304, and Junos OS. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-39540 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on SRX Series, and MX Series with SPC3 allows an. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-39531 HIGH This Week

An Improper Handling of Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows a network-based, unauthenticated attacker to cause a. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-39530 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis management daemon (chassisd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-39529 HIGH This Week

A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-39524 HIGH This Week

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-39523 HIGH This Week

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-39522 HIGH This Week

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-39521 HIGH This Week

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-39520 HIGH This Week

An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos Os Evolved
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-28872 HIGH This Week

The TLS certificate validation code is flawed. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Stork
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-22280 HIGH This Week

VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi VMware Aria Automation Cloud Foundation
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-5681 HIGH This Week

privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ecostruxure Foxboro Dcs Control Core Services
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-2602 HIGH This Week

Traversal') vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file that has been tampered by a malicious actor. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Foxrtu Station
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-6447 HIGH This Week

The FULL - Cliente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the license plan parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-6468 HIGH PATCH This Week

Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Denial Of Service Vault
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-6407 HIGH This Week

credentials when a specially crafted message is sent to the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Whc 5918A Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-39550 HIGH This Week

A Missing Release of Memory after Effective Lifetime vulnerability in the rtlogd process of Juniper Networks Junos OS on MX Series with SPC3 allows an unauthenticated, adjacent attacker to trigger. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-39548 HIGH This Week

An Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to consume memory resources, resulting. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.5%
CVE-2024-39543 HIGH This Week

A Buffer Copy without Checking Size of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-39541 HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-39538 HIGH This Week

A Buffer Copy without Checking Size of Input vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Juniper Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-39535 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, adjacent. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-39519 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2024-5679 HIGH This Week

kernel memory leak when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ecostruxure Foxboro Dcs Control Core Services
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-39546 HIGH This Week

A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Juniper Junos Os Evolved
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2024-32753 HIGH This Week

Under certain circumstances the camera may be susceptible to known vulnerabilities associated with the JQuery versions prior to 3.5.0 third-party component. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy