Skip to main content
CVE-2024-45237 CRITICAL PATCH Act Now

An issue was discovered in Fort before 1.6.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Fort Validator
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-7568 CRITICAL PATCH Act Now

The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Favicon Generator
NVD
CVSS 3.1
9.6
EPSS
0.4%
CVE-2024-8137 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Record Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-8136 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-8134 MEDIUM POC This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 1550 04 Firmware Dns 1200 05 Firmware Dns 1100 4 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
7.9%
CVE-2024-8133 MEDIUM POC This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 1550 04 Firmware Dns 1200 05 Firmware Dns 1100 4 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
7.9%
CVE-2024-8132 MEDIUM POC THREAT This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 1550 04 Firmware Dns 1200 05 Firmware Dns 1100 4 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
23.4%
CVE-2024-8131 MEDIUM POC This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 1550 04 Firmware Dns 1200 05 Firmware Dns 1100 4 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
8.2%
CVE-2024-8130 MEDIUM POC This Month

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 1550 04 Firmware Dns 1200 05 Firmware Dns 1100 4 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
7.9%
CVE-2024-8129 MEDIUM POC THREAT This Month

A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 1550 04 Firmware Dns 1200 05 Firmware Dns 1100 4 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
22.9%
CVE-2024-8128 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 1550 04 Firmware Dns 1200 05 Firmware Dns 1100 4 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
8.0%
CVE-2024-8127 MEDIUM POC This Month

A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 1550 04 Firmware Dns 1200 05 Firmware Dns 1100 4 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
6.7%
CVE-2024-7656 HIGH This Week

The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.5 via deserialization of untrusted input in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress PHP Code Injection RCE +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-45239 HIGH This Week

An issue was discovered in Fort before 1.6.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Fort Validator
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-45238 HIGH This Week

An issue was discovered in Fort before 1.6.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference OpenSSL Denial Of Service Fort Validator
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-45236 HIGH PATCH This Week

An issue was discovered in Fort before 1.6.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fort Validator
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-45235 HIGH This Week

An issue was discovered in Fort before 1.6.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Fort Validator
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-45234 HIGH This Week

An issue was discovered in Fort before 1.6.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Canonical Fort Validator
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-45240 HIGH This Week

The TikTok (aka com.zhiliaoapp.musically) application before 34.5.5 for Android allows the takeover of Lynxview JavaScript interfaces via deeplink traversal (in the application's exposed WebView). Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Google
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-7351 HIGH PATCH This Week

The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.12.3 via deserialization of untrusted input when editing job applications. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization WordPress Information Disclosure PHP Simple Job Board
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-2254 MEDIUM This Month

The RT Easy Builder - Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.3 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Rt Easy Builder
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-8135 MEDIUM PATCH This Month

A vulnerability classified as critical has been found in Go-Tribe gotribe up to cd3ccd32cd77852c9ea73f986eaf8c301cfb6310. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Gotribe
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6499 MEDIUM PATCH This Month

The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Maxbuttons
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-8120 MEDIUM PATCH This Month

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.14. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF PHP Imagerecycle Pdf Image Compression
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-6631 MEDIUM PATCH This Month

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Imagerecycle Pdf Image Compression
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy