Skip to main content
CVE-2024-6220 CRITICAL POC PATCH THREAT Act Now

The 简数采集器 (Keydatas) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatas_downloadImages function in all versions up to, and including,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 70.4%.

File Upload WordPress RCE Keydatas
NVD
CVSS 3.1
9.8
EPSS
70.4%
Threat
5.6
CVE-2024-20419 CRITICAL POC THREAT Act Now

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Smart Software Manager On Prem
NVD GitHub Exploit-DB
CVSS 3.1
10.0
EPSS
80.6%
CVE-2024-38447 HIGH POC This Week

NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request for a private draft report (that belongs to an arbitrary user). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Advisor Network
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-40641 HIGH POC PATCH This Week

Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-40492 HIGH POC This Week

Cross Site Scripting vulnerability in Heartbeat Chat v.15.2.1 allows a remote attacker to execute arbitrary code via the setname function. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Heartbeat
NVD GitHub
CVSS 3.1
7.1
EPSS
0.8%
CVE-2024-6808 MEDIUM POC This Month

A vulnerability was found in itsourcecode Simple Task List 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Task List
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-38446 MEDIUM POC This Month

NATO NCI ANET 3.4.1 mishandles report ownership. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Advisor Network
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-40402 MEDIUM POC This Month

A SQL injection vulnerability was found in 'ajax.php' of Sourcecodester Simple Library Management System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Library Management System
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-20401 CRITICAL Act Now

A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cisco Denial Of Service Secure Email Gateway
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2024-5471 CRITICAL Act Now

Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zoho Manageengine Ddi Central
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2024-36491 CRITICAL Act Now

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Futurenet Nxr 1300 Firmware Futurenet Nxr 155 C Firmware Futurenet Nxr 610X Firmware Futurenet Nxr G050 Firmware +18
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-40636 MEDIUM POC PATCH This Month

Steeltoe is an open source project that provides a collection of libraries that helps users build production-grade cloud-native applications using externalized configuration, service discovery,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-6830 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Simple Inventory Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Inventory Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-6803 MEDIUM POC This Month

A vulnerability has been found in itsourcecode Document Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Document Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6802 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Computer Laboratory Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Computer Laboratory Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
9.8%
CVE-2024-6801 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Online Student Management System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Student Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-6595 MEDIUM POC This Month

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Node.js Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-31070 CRITICAL Act Now

Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Futurenet Nxr 1300 Firmware Futurenet Nxr 155 C Firmware Futurenet Nxr 610X Firmware Futurenet Nxr G050 Firmware +18
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-6467 HIGH PATCH This Week

The BookingPress - Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP RCE WordPress Bookingpress
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-6834 CRITICAL Act Now

A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Java
NVD GitHub
CVSS 3.1
9.0
EPSS
0.3%
CVE-2024-6660 HIGH PATCH This Week

The BookingPress - Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

WordPress Privilege Escalation Bookingpress
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-40119 HIGH This Week

Nepstech Wifi Router xpon (terminal) model NTPL-Xpon1GFEVN v.1.0 Firmware V2.0.1 contains a Cross-Site Request Forgery (CSRF) vulnerability in the password change function, which allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-28074 HIGH This Week

It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Access Rights Manager
NVD
CVSS 3.1
8.8
EPSS
10.9%
CVE-2024-23475 HIGH This Week

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Access Rights Manager
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2024-23474 HIGH This Week

The SolarWinds Access Rights Manager was found to be susceptible to an Arbitrary File Deletion and Information Disclosure vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Access Rights Manager
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-23471 HIGH This Week

The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Access Rights Manager
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-23470 HIGH This Week

The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Access Rights Manager
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-23469 HIGH This Week

SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Access Rights Manager
NVD
CVSS 3.1
8.8
EPSS
17.9%
CVE-2024-23467 HIGH This Week

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Information Disclosure Access Rights Manager
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2024-23466 HIGH This Week

SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code Execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Access Rights Manager
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2024-23465 HIGH This Week

The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Access Rights Manager
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-27311 HIGH This Week

Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Zoho File Upload Manageengine Ddi Central
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-31411 HIGH PATCH This Week

Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Apache File Upload Streampipes
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-36475 HIGH This Week

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Futurenet Nxr 1300 Firmware Futurenet Nxr 155 C Firmware Futurenet Nxr 610X Firmware Futurenet Nxr G050 Firmware +18
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-39877 HIGH PATCH This Week

Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Apache RCE Airflow
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-28993 HIGH This Week

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Access Rights Manager
NVD
CVSS 3.1
8.3
EPSS
1.0%
CVE-2024-28992 HIGH This Week

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Path Traversal Information Disclosure Access Rights Manager
NVD
CVSS 3.1
8.3
EPSS
1.9%
CVE-2024-23468 HIGH This Week

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Access Rights Manager
NVD
CVSS 3.1
8.3
EPSS
3.4%
CVE-2024-23472 HIGH This Week

SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Access Rights Manager
NVD
CVSS 3.1
8.0
EPSS
18.6%
CVE-2024-20435 HIGH This Week

A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Asyncos
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20323 HIGH This Week

A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote attacker to hijack the TLS connection between Cisco iNode Manager and associated intelligent nodes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Denial Of Service Inode Inode Manager
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-20395 HIGH This Week

A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Teams
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-20429 HIGH This Week

A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Asyncos
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-20296 HIGH This Week

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to upload arbitrary files to an affected device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco File Upload Identity Services Engine
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-20416 MEDIUM This Month

A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-20396 MEDIUM This Month

A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Teams
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-40617 MEDIUM This Month

Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 (M2M-GW for FENICS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Network Edgiot Gw1500 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2024-5582 MEDIUM This Month

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' attribute within the Q&A Block widget in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Schema Structured Data For Wp Amp
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-5255 MEDIUM This Month

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_dual_color shortcode in all versions up to, and including, 3.19.20 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Ultimate Addons For Wpbakery Page Builder WPBakery Page Builder
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5254 MEDIUM This Month

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_info_banner shortcode in all versions up to, and including, 3.19.20 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Ultimate Addons For Wpbakery Page Builder WPBakery Page Builder
NVD
CVSS 3.1
6.4
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy