Skip to main content
CVE-2024-7656 HIGH This Week

The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.5 via deserialization of untrusted input in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress PHP Code Injection RCE +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-45239 HIGH This Week

An issue was discovered in Fort before 1.6.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Fort Validator
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-45238 HIGH This Week

An issue was discovered in Fort before 1.6.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference OpenSSL Denial Of Service Fort Validator
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-45236 HIGH PATCH This Week

An issue was discovered in Fort before 1.6.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fort Validator
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-45235 HIGH This Week

An issue was discovered in Fort before 1.6.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Fort Validator
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-45234 HIGH This Week

An issue was discovered in Fort before 1.6.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Canonical Fort Validator
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-45240 HIGH This Week

The TikTok (aka com.zhiliaoapp.musically) application before 34.5.5 for Android allows the takeover of Lynxview JavaScript interfaces via deeplink traversal (in the application's exposed WebView). Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Google
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-7351 HIGH PATCH This Week

The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.12.3 via deserialization of untrusted input when editing job applications. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization WordPress Information Disclosure PHP Simple Job Board
NVD
CVSS 3.1
7.2
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy