Skip to main content
CVE-2024-26020 HIGH POC PATCH THREAT This Week

An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Anki
NVD
CVSS 3.1
8.8
EPSS
15.1%
CVE-2024-41320 HIGH POC This Week

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2024-6244 HIGH POC This Week

The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Pz Frontend Manager
NVD WPScan Exploit-DB
CVSS 3.1
8.8
EPSS
2.8%
CVE-2024-5973 HIGH POC This Week

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Masterstudy Lms
NVD WPScan
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-6911 HIGH POC This Week

Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.11.6507.0. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Microsoft Processplus
NVD
CVSS 4.0
8.7
EPSS
4.9%
CVE-2024-6965 HIGH POC This Week

A vulnerability has been found in Tenda O3 1.0.0.10 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow O3 Firmware1 0 0 10 2478
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-6964 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Tenda O3 1.0.0.10. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow O3 Firmware1 0 0 10 2478
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2024-6963 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Tenda O3 1.0.0.10. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow O3 Firmware1 0 0 10 2478
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-6962 HIGH POC This Week

A vulnerability classified as critical was found in Tenda O3 1.0.0.10. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow O3 Firmware1 0 0 10 2478
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2024-37261 HIGH POC This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for Amazon wp-lister-for-amazon.6.16. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
6.6%
CVE-2024-32484 HIGH POC THREAT This Week

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Python Anki
NVD
CVSS 3.1
8.2
EPSS
25.9%
CVE-2024-41317 HIGH POC This Week

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
2.3%
CVE-2024-37259 HIGH POC This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit - WP Extended wpextended.4.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
4.5%
CVE-2024-40634 HIGH POC PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Kubernetes Denial Of Service Argo Cd
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2024-40051 HIGH POC This Week

IP Guard v4.81.0307.0 was discovered to contain an arbitrary file read vulnerability via the file name parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ip Guard
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-25638 HIGH PATCH This Week

dnsjava is an implementation of DNS in Java. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.9
EPSS
0.4%
CVE-2024-38755 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Designinvento DirectoryPress allows SQL Injection.6.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Directorypress
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-38701 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Academy Lms
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-23321 HIGH PATCH This Week

For RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Rocketmq
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-38708 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dmitry V. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
8.5
EPSS
0.5%
CVE-2024-34329 HIGH This Week

Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.5 and earlier without the dxp1-patch-E24-004 patch allows unauthenticated attackers to execute arbitrary code as SYSTEM via a. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
8.4
EPSS
0.6%
CVE-2024-6791 HIGH This Week

A directory path traversal vulnerability exists when loading a vsmodel file in NI VeriStand that may result in remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Veristand
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-6675 HIGH This Week

A deserialization of untrusted data vulnerability exists in NI VeriStand that may result in remote code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization RCE
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-6121 HIGH This Week

An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Redis Information Disclosure Flexlogger Systemlink
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-37391 HIGH PATCH This Week

ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Microsoft Protonvpn
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-41829 HIGH This Week

In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-41132 HIGH PATCH This Week

ImageSharp is a 2D graphics API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagesharp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-41131 HIGH PATCH This Week

ImageSharp is a 2D graphics API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Denial Of Service Memory Corruption Imagesharp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-38788 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bởi Admin 2020 UiPress lite allows SQL Injection.4.06. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Uipress Lite
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-38692 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.9.11. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Spiffy Calendar
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-37942 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Berqier Ltd BerqWP.7.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Berqwp
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-37275 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NextScripts NextScripts social-networks-auto-poster-facebook-twitter-g allows DOM-Based XSS.4.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-37433 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EverPress Mailster mailster.0.9. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-39601 HIGH This Week

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.1
EPSS
0.5%
CVE-2024-37436 HIGH This Week

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Reflected XSS.1.4.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy