Skip to main content
CVE-2024-6420 HIGH POC This Week

The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Hide My Wp Ghost
NVD WPScan
CVSS 3.1
8.6
EPSS
1.8%
CVE-2024-6714 HIGH POC PATCH This Week

An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Ubuntu Desktop Provision
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-41655 HIGH POC PATCH This Week

TF2 Item Format helps users format TF2 items to the community standards. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-40060 HIGH POC This Week

go-chart v2.1.1 was discovered to contain an infinite loop via the drawCanvas() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Go Chart
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-38164 HIGH PATCH This Week

An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Groupme
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-6717 HIGH PATCH This Week

HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Nomad
NVD
CVSS 3.1
8.6
EPSS
0.4%
CVE-2024-4081 HIGH This Week

A memory corruption issue due to an improper length check in NI LabVIEW may disclose information or result in arbitrary code execution. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Labview
NVD
CVSS 4.0
8.4
EPSS
0.3%
CVE-2024-4080 HIGH This Week

A memory corruption issue due to an improper length check in LabVIEW tdcore.dll may disclose information or result in arbitrary code execution. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Labview
NVD
CVSS 4.0
8.4
EPSS
0.3%
CVE-2024-41668 HIGH This Week

The cBioPortal for Cancer Genomics provides visualization, analysis, and download of large-scale cancer genomics data sets. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Nginx
NVD GitHub
CVSS 3.1
8.3
EPSS
0.6%
CVE-2024-38176 HIGH PATCH This Week

An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Groupme
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2024-6885 HIGH This Week

The MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal PHP WordPress
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2024-5602 HIGH This Week

A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-4079 HIGH This Week

An out of bounds read due to a missing bounds check in LabVIEW may disclose information or result in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Labview
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-41178 HIGH PATCH This Week

Exposure of temporary credentials in logs in Apache Arrow Rust Object Store (`object_store` crate), version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Arrow
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-6828 HIGH This Week

The Redux Framework plugin for WordPress is vulnerable to unauthenticated JSON file uploads due to missing authorization and capability checks on the Redux_Color_Scheme_Import function in versions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress XSS File Upload
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-0981 HIGH This Week

Okta Browser Plugin versions 6.5.0 through 6.31.0 (Chrome/Edge/Firefox/Safari) are vulnerable to cross-site scripting. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Google Mozilla
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-7014 HIGH This Week

EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4 and older. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Google Telegram
NVD
CVSS 4.0
7.1
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy