Skip to main content
CVE-2024-6891 HIGH POC This Week

Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE Journyx
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-6893 HIGH POC THREAT This Week

The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XXE Journyx
NVD
CVSS 3.1
7.5
EPSS
32.9%
CVE-2024-0104 HIGH This Week

NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Nvidia Onyx Mlnx Os +2
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-0108 HIGH This Week

NVIDIA Jetson Linux contains a vulnerability in NvGPU where error handling paths in GPU MMU mapping code fail to clean up a failed mapping attempt. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Nvidia Denial Of Service Jetson Linux
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-22069 HIGH This Week

There is a permission and access control vulnerability of ZTE's ZXV10 XT802/ET301 product.Attackers with common permissions can log in the terminal web and change the password of the administrator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zte Zxv10 Et301 Firmware Zxv10 Xt802 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-7150 HIGH PATCH This Week

The Slider by 10Web - Responsive Image Slider plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.2.57 due to insufficient. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Slider
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-7492 HIGH PATCH This Week

The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Privilege Escalation WordPress CSRF Mainwp Child
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-7561 HIGH This Week

The The Next theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the wpeden_post_meta post meta value. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Information Disclosure PHP
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-7486 HIGH This Week

The MultiPurpose theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.0 via deserialization of untrusted input through the 'wpeden_post_meta' post meta. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Information Disclosure PHP
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-41161 HIGH This Week

Use of hard-coded credentials vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Var1200 H Firmware Var1200 L Firmware Var600 H Firmware Vap11Ac Firmware +10
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-3035 HIGH This Week

A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-0107 HIGH This Week

NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Information Disclosure Denial Of Service +4
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-42038 HIGH This Week

Vulnerability of PIN enhancement failures in the screen lock module Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-42035 HIGH This Week

Permission control vulnerability in the App Multiplier module Impact:Successful exploitation of this vulnerability may affect functionality and confidentiality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-42257 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ext4: use memtostr_pad() for s_volume_name As with the other strings in struct ext4_super_block, s_volume_name is not NUL. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0101 HIGH This Week

NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nvidia Denial Of Service Mlnx Os Mlnx Gw Onyx +1
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-2800 HIGH This Week

ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-6329 HIGH This Week

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-42036 HIGH This Week

Access permission verification vulnerability in the Notepad module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-42031 HIGH This Week

Access permission verification vulnerability in the Settings module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-38202 HIGH PATCH This Week

Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +8
NVD
CVSS 3.1
7.3
EPSS
1.7%
CVE-2024-37382 HIGH This Week

An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Authorization Gateway Metadata Hub
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-42356 HIGH PATCH This Week

Shopware is an open commerce platform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Code Injection PHP Ssti Shopware
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-41942 HIGH PATCH This Week

JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Jupyterhub
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-7560 HIGH This Week

The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the newsflash_post_meta meta value. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Information Disclosure PHP
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-42033 HIGH This Week

Access control vulnerability in the security verification module mpact: Successful exploitation of this vulnerability will affect integrity and confidentiality. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-6869 HIGH PATCH This Week

The Falang multilanguage for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Falang
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy