Skip to main content
CVE-2024-39681 HIGH POC This Week

Cooked is a recipe plugin for WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Cooked
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-39680 HIGH POC This Week

Cooked is a recipe plugin for WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Cooked
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-39679 HIGH POC This Week

Cooked is a recipe plugin for WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Cooked
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-39678 HIGH POC This Week

Cooked is a recipe plugin for WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Cooked
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-40642 HIGH POC PATCH This Week

The netty incubator codec.bhttp is a java language binary http parser. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

SSRF Java Netty Incubator Codec Ohttp
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-3242 HIGH PATCH This Week

The Brizy - Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

PHP RCE WordPress File Upload Brizy
NVD
CVSS 3.1
8.8
EPSS
6.6%
CVE-2024-5726 HIGH This Week

The Timeline Event History plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1 via deserialization of untrusted input 'timelines-data' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Deserialization PHP Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-29178 HIGH PATCH This Week

On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Streampark
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-29014 HIGH This Week

Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Sonicwall Microsoft Netextender
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-34013 HIGH This Week

Local privilege escalation due to OS command injection vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Command Injection Privilege Escalation
NVD VulDB
CVSS 3.0
7.8
EPSS
0.2%
CVE-2024-41011 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: don't allow mapping the MMIO HDP page with large pages We don't get the right offset in that case. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-31143 HIGH PATCH This Week

An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Information Disclosure Xen
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-40764 HIGH This Week

Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service Sonicos
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-41111 HIGH PATCH This Week

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy