Skip to main content
CVE-2024-42791 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_genre. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS CSRF Music Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-43798 HIGH POC PATCH This Week

Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.6
EPSS
0.4%
CVE-2024-45241 HIGH POC THREAT This Week

A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
7.5
EPSS
13.6%
CVE-2024-43325 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Naiche Dark Mode for WP Dashboard.2.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Dark Mode For Wp Dashboard
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-43287 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue.1.82. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Newsletter Smtp Email Marketing And Subscribe
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-43116 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in 10up Simple Local Avatars.7.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Simple Local Avatars
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-39657 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Sender Sender - Newsletter, SMS and Email Marketing Automation for WooCommerce.6.18. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Sender
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-39645 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS.7.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Tutor Lms
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-39641 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in ThimPress LearnPress.2.6.8.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Learnpress
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-39628 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.8.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ninja Forms
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-7401 HIGH This Week

Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Netskope
NVD
CVSS 4.0
8.5
EPSS
0.8%
CVE-2024-7987 HIGH This Week

A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Rockwell File Upload Thinmanager Thinserver
NVD
CVSS 4.0
8.5
EPSS
0.3%
CVE-2024-43444 HIGH This Week

Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-44941 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to cover read extent cache access with lock syzbot reports a f2fs bug as below: BUG: KASAN: slab-use-after-free in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Denial Of Service Google Linux +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-44940 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: fou: remove warn in gue_gro_receive on unsupported protocol Drop the WARN_ON_ONCE inn gue_gro_receive if the encapsulated type is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Debian Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-44942 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC syzbot reports a f2fs bug as below: ------------[ cut here. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-41879 HIGH PATCH This Week

Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe RCE Memory Corruption Acrobat Reader +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-44934 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mcast: wait for previous gc cycles when removing port syzbot hit a use-after-free[1] which is caused because the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Google Use After Free Memory Corruption Information Disclosure Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-44932 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: idpf: fix UAFs when destroying the queues The second tagged commit started sometimes (very rarely, but possible) throwing WARNs. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-43900 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: media: xc2028: avoid use-after-free in load_firmware_cb() syzkaller reported use-after-free in load_firmware_cb() [1]. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-43888 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: mm: list_lru: fix UAF for memory cgroup The mem_cgroup_from_slab_obj() is supposed to be called under rcu lock or cgroup_mutex or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-41996 HIGH This Week

Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-43258 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Store Locator Plus.17.01. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Store Locator Plus
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-28077 HIGH This Week

A denial-of-service issue was discovered on certain GL-iNet devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mt6000 Firmware X3000 Firmware Xe3000 Firmware A1300 Firmware +14
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-43289 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in gVectors Team wpForo Forum.3.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wpforo Forum
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-43966 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stark Digital WP Testimonial Widget.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Wp Testimonial Widget
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-43255 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookTable Bookstore mybooktable.3.9. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-43916 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.3.102. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zephyr Project Manager
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy