Skip to main content
CVE-2024-28000 CRITICAL POC THREAT Emergency

Privilege escalation in LiteSpeed Cache plugin for WordPress (versions up to and including 6.3.0.1) allows unauthenticated remote attackers to forge user identities and gain administrator-level access by exploiting a weak hash check in the plugin's user simulation feature. Publicly available exploit code exists, and the EPSS score of 88.85% (100th percentile) indicates extremely high likelihood of exploitation activity. The vulnerability stems from predictable security hash values that can be brute-forced to impersonate any logged-in user, including administrators.

Information Disclosure
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
88.8%
Threat
6.1
CVE-2024-6386 CRITICAL POC THREAT Emergency

Remote code execution in the WPML WordPress multilingual plugin (versions up to and including 4.6.12) allows Contributor-level authenticated users to execute arbitrary code on the underlying server via Twig Server-Side Template Injection in the shortcode render function. Publicly available exploit code exists and EPSS rates the exploitation probability at 73.91% (99th percentile), making this a high-priority issue for any WordPress site running WPML.

Ssti RCE WordPress Wpml
NVD
CVSS 3.1
9.9
EPSS
73.9%
Threat
5.7
CVE-2024-42784 CRITICAL POC Act Now

A SQL injection vulnerability in "/music/controller.php?page=view_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Music Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42783 CRITICAL POC Act Now

Kashipara Music Management System v1.0 is vulnerable to SQL Injection via /music/manage_playlist_items.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Music Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-42782 CRITICAL POC Act Now

A SQL injection vulnerability in "/music/ajax.php?action=find_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Music Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-42781 CRITICAL POC Act Now

A SQL injection vulnerability in "/music/ajax.php?action=login" of Kashipara Music Management System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Music Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-42777 CRITICAL POC Act Now

An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Music Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-40453 CRITICAL POC PATCH Act Now

squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection RCE Squirrelly
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-7854 CRITICAL POC Act Now

The Woo Inquiry plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 0.1 due to insufficient escaping on the user supplied parameter 'dbid' and lack of sufficient. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress Woo Inquiry
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2024-28987 CRITICAL POC KEV THREAT Act Now

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Web Help Desk
NVD GitHub
CVSS 3.1
9.1
EPSS
93.3%
CVE-2024-42786 HIGH POC This Week

A SQL injection vulnerability in "/music/view_user.php" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter of View User Profile Page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Music Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-42785 HIGH POC This Week

A SQL injection vulnerability in /music/index.php?page=view_playlist in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Music Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-42780 HIGH POC This Week

An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_genre" in Kashipara Music Management System v1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Music Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-42779 HIGH POC This Week

An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Music Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-42778 HIGH POC This Week

An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Music Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-43027 HIGH POC This Week

DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor300b Firmware Vigor2960 Firmware Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.3%
CVE-2024-43410 HIGH POC PATCH This Week

Russh is a Rust SSH client & server library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Russh Warpgate
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-5335 CRITICAL PATCH Act Now

The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization WordPress Information Disclosure PHP Ultimate Store Kit
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-42939 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yzncms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8023 MEDIUM POC This Month

A vulnerability classified as critical has been found in chillzhuang SpringBlade 4.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Springblade
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7968 HIGH This Week

Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had convinced the user to engage in specific UI interactions to potentially exploit heap corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-7964 HIGH This Week

Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-20486 HIGH This Week

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Identity Services Engine
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-5725 HIGH PATCH This Week

Centreon initCurveList SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Apache RCE Centreon Web
NVD
CVSS 3.1
8.8
EPSS
47.6%
CVE-2024-5723 HIGH This Week

Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apache RCE Centreon Web
NVD
CVSS 3.1
8.8
EPSS
40.7%
CVE-2024-7795 HIGH This Week

Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Maxicharger Ac Elite Business C50 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-7725 HIGH This Week

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-7724 HIGH This Week

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-7723 HIGH This Week

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Editor Pdf Reader
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-6814 HIGH This Week

NETGEAR ProSAFE Network Management System getFilterString SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Netgear Prosafe Network Management System
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2024-6813 HIGH This Week

NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Netgear Prosafe Network Management System
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-21690 HIGH This Week

This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.1, 8.8.0, and. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2024-20417 HIGH This Week

Multiple vulnerabilities in the REST API of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct blind SQL injection attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Identity Services Engine
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-5762 HIGH This Week

Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

LFI RCE PHP Zen Cart
NVD
CVSS 3.1
8.1
EPSS
71.6%
CVE-2024-7603 HIGH This Week

Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Unified Secops Platform
NVD
CVSS 3.1
8.1
EPSS
2.0%
CVE-2024-7601 HIGH This Week

Logsign Unified SecOps Platform Directory data_export_delete_all Traversal Arbitrary File Deletion Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Unified Secops Platform
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2024-7600 HIGH This Week

Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Unified Secops Platform
NVD
CVSS 3.1
8.1
EPSS
2.0%
CVE-2024-39344 HIGH This Week

An issue was discovered in the Docusign API package 8.142.14 for Salesforce. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-8007 HIGH This Week

A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Red Hat Information Disclosure Openstack Platform
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-7448 HIGH This Week

Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Google Axiom
NVD
CVSS 3.1
8.0
EPSS
1.7%
CVE-2024-6508 HIGH This Week

An insufficient entropy vulnerability was found in the Openshift Console. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

CSRF
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2024-7980 HIGH This Week

Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Microsoft Chrome
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-7979 HIGH This Week

Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Microsoft Chrome
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-7977 HIGH This Week

Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a malicious file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Microsoft Chrome
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-6141 HIGH This Week

Windscribe Directory Traversal Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Path Traversal Windscribe
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-5930 HIGH This Week

VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Advanced Security
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-5929 HIGH This Week

VIPRE Advanced Security PMAgent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Advanced Security
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-5928 HIGH This Week

VIPRE Advanced Security PMAgent Link Following Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Advanced Security
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-33657 HIGH This Week

This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Aptio V
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-33656 HIGH This Week

The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Aptio V
NVD
CVSS 3.1
7.8
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy