Skip to main content
CVE-2024-42850 CRITICAL POC Act Now

An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Brute Force Silverpeas
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-43042 CRITICAL POC Act Now

Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pluck
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42639 CRITICAL POC Act Now

H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gr1100 P Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42638 CRITICAL POC Act Now

H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Magic B1St Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42637 CRITICAL POC Act Now

H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass R3010 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42634 CRITICAL POC Act Now

A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Command Injection Tenda RCE Ac9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2024-6460 CRITICAL POC Act Now

The Grow by Tradedoubler WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure PHP Grow
NVD WPScan
CVSS 3.1
9.8
EPSS
4.8%
CVE-2024-7886 HIGH POC This Week

A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5.15075 and classified as critical. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-42995 HIGH POC This Week

VTiger CRM <= 8.1.0 does not correctly check user privileges. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Vtiger Crm
NVD
CVSS 3.1
8.3
EPSS
0.4%
CVE-2024-42994 HIGH POC This Week

VTiger CRM <= 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Vtiger Crm
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-42849 MEDIUM POC This Month

An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a denial of service via the password change function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Silverpeas
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2024-42462 CRITICAL Act Now

Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Bypass.1.9. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Upkeeper Manager
NVD
CVSS 4.0
10.0
EPSS
0.5%
CVE-2024-42466 CRITICAL Act Now

Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.1.9. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Upkeeper Manager
NVD
CVSS 4.0
9.5
EPSS
0.7%
CVE-2024-43381 MEDIUM POC PATCH This Month

reNgine is an automated reconnaissance framework for web applications. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Rengine
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-7853 MEDIUM POC This Month

A vulnerability was found in SourceCodester Yoga Class Registration System up to 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Yoga Class Registration System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7852 MEDIUM POC This Month

A vulnerability was found in SourceCodester Yoga Class Registration System 1.0 and classified as problematic.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Yoga Class Registration System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7851 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Yoga Class Registration System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Yoga Class Registration System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7845 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Graduate Tracer System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-42465 CRITICAL Act Now

Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.1.9. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Upkeeper Manager
NVD
CVSS 4.0
9.0
EPSS
0.5%
CVE-2024-7646 HIGH This Week

A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nginx Kubernetes
NVD GitHub
CVSS 3.1
8.8
EPSS
27.0%
CVE-2024-7145 HIGH This Week

The JetElements plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.20 via the 'progress_type' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP WordPress RCE Information Disclosure +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-7146 HIGH This Week

The JetTabs for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.3 via the 'switcher_preset' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP WordPress RCE Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-7849 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325,. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow D-Link
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2024-42463 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.1.9. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Upkeeper Manager
NVD
CVSS 4.0
8.6
EPSS
0.4%
CVE-2024-43472 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Google Use After Free Microsoft Memory Corruption Information Disclosure +1
NVD
CVSS 3.1
8.3
EPSS
0.4%
CVE-2024-43395 HIGH This Week

CraftOS-PC 2 is a rewrite of the desktop port of CraftOS from the popular Minecraft mod ComputerCraft using C++ and a modified version of PUC Lua, as well as SDL for drawing. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft
NVD GitHub
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-4763 HIGH This Week

An insecure driver vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-2175 HIGH This Week

An insecure permissions vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-43378 HIGH This Week

calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Rated high severity (CVSS 7.8), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-42464 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.1.9. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Information Disclosure Upkeeper Manager
NVD
CVSS 4.0
7.6
EPSS
0.3%
CVE-2024-42486 HIGH PATCH This Week

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Cilium
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-43370 HIGH PATCH This Week

gettext.js is a GNU gettext port for node and the browser. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-43369 HIGH PATCH This Week

Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-25008 MEDIUM This Month

Ericsson RAN Compute and Site Controller 6610 contains a vulnerability in the Control System where Improper Input Validation can lead to arbitrary code execution, for example to obtain a Linux Shell. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Ericsson RCE
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-6004 MEDIUM This Month

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printer connections until the system is rebooted. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-5210 MEDIUM This Month

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to prevent printer services from being reachable until the. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-5209 MEDIUM This Month

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printing capabilities until the system is rebooted. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-4782 MEDIUM This Month

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to disrupt the printer's functionality until a manual system. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-4781 MEDIUM This Month

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to crash printer communications until the system is rebooted. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-7147 MEDIUM This Month

The JetBlocks for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple placeholder parameters in all versions up to, and including, 1.3.12 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-7136 MEDIUM This Month

The JetSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-43809 MEDIUM This Month

In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-7301 MEDIUM PATCH This Month

The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.24.8 due to insufficient input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS File Upload Wordpress File Upload
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-6098 MEDIUM This Month

When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
5.9
EPSS
0.4%
CVE-2024-7630 MEDIUM PATCH This Month

The Relevanssi - A Better Search plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.22.2 (Free) and 2.25.1 (Premium) via the relevanssi_do_query() due. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Relevanssi
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2024-43006 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Zzcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-42758 MEDIUM This Month

A Cross-site Scripting (XSS) vulnerability exists in version v2024-01-05 of the indexmenu plugin when is used and enabled in Dokuwiki (Open Source Wiki Engine). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-25837 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in October CMS Bloghub Plugin v1.3.8 and lower allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS October
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-43810 MEDIUM This Month

In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-43808 MEDIUM This Month

In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy