Skip to main content
CVE-2024-6988 HIGH This Week

Use after free in Downloads in Google Chrome on iOS prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Memory Corruption Denial Of Service Apple +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-6720 HIGH This Week

The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Light Poll
NVD WPScan
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-41913 HIGH This Week

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Poly Clariti Manager
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-7530 HIGH This Week

Incorrect garbage collection interaction could have led to a use-after-free. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-7528 HIGH This Week

Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-7522 HIGH This Week

Editor code failed to check an attribute value. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Mozilla Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-7521 HIGH This Week

Incomplete WebAssembly exception handing could have led to a use-after-free. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-7520 HIGH This Week

A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Mozilla Memory Corruption Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-6358 HIGH This Week

Incorrect Authorization vulnerability identified in OpenText ArcSight Intelligence. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Arcsight Intelligence
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-6357 HIGH This Week

Insecure Direct Object Reference vulnerability identified in OpenText ArcSight Intelligence. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Arcsight Intelligence
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-7084 MEDIUM POC This Month

The Ajax Search Lite WordPress plugin before 4.12.1 does not sanitise and escape some parameters, which could allow users with a role as low as Admin+ to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ajax Search
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-5709 HIGH This Week

The WPBakery Visual Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.7 via the 'layout_name' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP WordPress RCE Information Disclosure +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-6315 HIGH This Week

The Blox Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handleUploadFile' function in all versions up to, and including, 1.0.65. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-7502 HIGH This Week

A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Diascreen
NVD
CVSS 4.0
8.5
EPSS
0.4%
CVE-2024-7525 HIGH This Week

It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Mozilla Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-7523 HIGH This Week

A select option could partially obscure security prompts. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Mozilla Firefox
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-6203 HIGH This Week

HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Haloitsm
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-42219 HIGH This Week

1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Hashicorp Information Disclosure 1Password
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-23460 HIGH This Week

The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Jwt Attack RCE Client Connector
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23458 HIGH This Week

While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation.2.0.190. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Client Connector
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-43114 HIGH This Week

In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-7547 HIGH This Week

oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Stack Overflow RCE Ofono
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-7546 HIGH This Week

oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation RCE Ofono
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-7545 HIGH This Week

oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation RCE Ofono
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-7544 HIGH This Week

oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation RCE Ofono
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-7543 HIGH This Week

oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation RCE Ofono
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-7539 HIGH This Week

oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Ofono
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-7538 HIGH This Week

oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Ofono
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-23456 HIGH This Week

Anti-tampering can be disabled under certain conditions without signature validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Client Connector
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-33973 HIGH This Week

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-33972 HIGH This Week

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-33971 HIGH This Week

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-33970 HIGH This Week

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-33969 HIGH This Week

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-33968 HIGH This Week

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal +2
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-33967 HIGH This Week

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-33966 HIGH This Week

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal +2
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-33965 HIGH This Week

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-33964 HIGH This Week

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal +2
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-33963 HIGH This Week

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal +2
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-33962 HIGH This Week

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal +2
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-33961 HIGH This Week

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal +2
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-33959 HIGH This Week

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-33958 HIGH This Week

SQL injection vulnerability in E-Negosyo System affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Young Entrepreneur E Negosyo System
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-33957 HIGH This Week

SQL injection vulnerability in E-Negosyo System affecting version 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Young Entrepreneur E Negosyo System
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-41995 HIGH This Week

Initialization of a resource with an insecure default vulnerability exists in JavaTM Platform Ver.12.89 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-28962 HIGH This Week

Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Alienware Update Command Update Update
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-7485 HIGH This Week

The Traffic Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page' parameter in the 'UserWebStat' AJAX function in all versions up to, and including, 1.4.5 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-7484 HIGH PATCH This Week

The CRM Perks Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'handle_uploaded_files' function in versions up to, and including, 1.1.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress File Upload Crm Perks Forms
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-5963 MEDIUM This Month

Unquoted Executable Path vulnerability in Hitachi Device Manager on Windows (Device Manager Server component).8.7-00. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD
CVSS 3.1
6.7
EPSS
0.2%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy