Skip to main content
CVE-2024-6075 HIGH POC This Week

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp Estore
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-5630 HIGH POC This Week

The Insert or Embed Articulate Content into WordPress plugin before 4.3000000024 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Insert Or Embed Articulate Content
NVD WPScan
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-6737 HIGH This Week

The access control in the Electronic Official Document Management System from 2100 TECHNOLOGY is not properly implemented, allowing remote attackers with regular privileges to access the account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Electronic Official Document Management System
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-38494 HIGH This Week

This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling
NVD
CVSS 4.0
8.6
EPSS
0.6%
CVE-2024-21513 HIGH PATCH This Week

Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval'. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Python RCE Langchain Experimental
NVD GitHub
CVSS 3.1
8.5
EPSS
1.9%
CVE-2024-38491 HIGH This Week

The vulnerability allows an unauthenticated attacker to read arbitrary information from the database. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.4
EPSS
0.3%
CVE-2024-40631 HIGH PATCH This Week

Plate media is an open source, rich-text editor for React. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-27240 HIGH This Week

Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a privilege escalation via local access. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Rooms Workplace Desktop Workplace Virtual Desktop Infrastructure
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-6689 HIGH This Week

Local Privilege Escalation in MSI-Installer in baramundi Management Agent v23.1.172.0 on Windows allows a local unprivileged user to escalate privileges to SYSTEM. Rated high severity (CVSS 7.8). No vendor patch available.

Privilege Escalation Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-36434 HIGH This Week

An SMM callout vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-36433 HIGH This Week

An arbitrary memory write vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-36432 HIGH This Week

An arbitrary memory write vulnerability was discovered in Supermicro X11DPG-HGX2, X11PDG-QT, X11PDG-OT, and X11PDG-SN motherboards with BIOS firmware before 4.4. Rated high severity (CVSS 7.5). No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-27241 HIGH This Week

Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Meeting Software Development Kit Rooms Workplace Workplace Desktop +1
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-40554 HIGH This Week

An access control issue in Tmall_demo v2024.07.03 allows attackers to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tmall Demo
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-23794 HIGH This Week

An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Otrs
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-39731 HIGH This Week

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-36438 HIGH This Week

eLinkSmart Hidden Smart Cabinet Lock 2024-05-22 has Incorrect Access Control and fails to perform an authorization check which can lead to card duplication and other attacks. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-39819 HIGH This Week

Integrity check in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct a privilege escalation via local access. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Meeting Software Development Kit Rooms Workplace Desktop
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-40560 HIGH This Week

Tmall_demo before v2024.07.03 was discovered to contain a SQL injection vulnerability. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Tmall Demo
NVD
CVSS 3.1
7.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy