Skip to main content
CVE-2024-7886 HIGH POC This Week

A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5.15075 and classified as critical. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-42995 HIGH POC This Week

VTiger CRM <= 8.1.0 does not correctly check user privileges. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Vtiger Crm
NVD
CVSS 3.1
8.3
EPSS
0.4%
CVE-2024-42994 HIGH POC This Week

VTiger CRM <= 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Vtiger Crm
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-7646 HIGH This Week

A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nginx Kubernetes
NVD GitHub
CVSS 3.1
8.8
EPSS
27.0%
CVE-2024-7145 HIGH This Week

The JetElements plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.20 via the 'progress_type' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP WordPress RCE Information Disclosure +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-7146 HIGH This Week

The JetTabs for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.3 via the 'switcher_preset' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP WordPress RCE Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-7849 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325,. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow D-Link
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2024-42463 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.1.9. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Upkeeper Manager
NVD
CVSS 4.0
8.6
EPSS
0.4%
CVE-2024-43472 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Google Use After Free Microsoft Memory Corruption Information Disclosure +1
NVD
CVSS 3.1
8.3
EPSS
0.4%
CVE-2024-43395 HIGH This Week

CraftOS-PC 2 is a rewrite of the desktop port of CraftOS from the popular Minecraft mod ComputerCraft using C++ and a modified version of PUC Lua, as well as SDL for drawing. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft
NVD GitHub
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-4763 HIGH This Week

An insecure driver vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-2175 HIGH This Week

An insecure permissions vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-43378 HIGH This Week

calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Rated high severity (CVSS 7.8), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-42464 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.1.9. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Information Disclosure Upkeeper Manager
NVD
CVSS 4.0
7.6
EPSS
0.3%
CVE-2024-42486 HIGH PATCH This Week

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Cilium
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-43370 HIGH PATCH This Week

gettext.js is a GNU gettext port for node and the browser. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-43369 HIGH PATCH This Week

Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
7.2
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy