Skip to main content
CVE-2024-7856 HIGH PATCH Act Now

The MP3 Audio Player - Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 77.0%.

Authentication Bypass RCE WordPress PHP Mp3 Audio Player For Music Radio Podcast
NVD
CVSS 3.1
8.1
EPSS
77.0%
CVE-2024-43804 HIGH POC This Week

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Apache Command Injection Nginx Roxy Wi
NVD GitHub
CVSS 3.1
8.8
EPSS
2.6%
CVE-2024-35133 HIGH POC This Week

IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

IBM Open Redirect Security Verify Access Security Verify Access Docker
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
1.6%
CVE-2024-45302 HIGH POC PATCH This Week

RestSharp is a Simple REST and HTTP API Client for .NET. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

SSRF Restsharp
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-6672 HIGH This Week

In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SQLi Whatsup Gold
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-43957 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP Animated Number Counters
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-43943 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Woocommerce Addon allows SQL Injection.9.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Greenshift Woocommerce Addon
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-43942 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Query and Meta Addon allows SQL Injection.9.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Greenshift Query Addon
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-39638 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roundup WP Registrations for the Events Calendar allows SQL Injection.12.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Registrations For The Events Calendar
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-38793 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PriceListo Best Restaurant Menu by PriceListo allows SQL Injection.4.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Great Restaurant Menu Wp
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-7607 HIGH PATCH This Week

The Front End Users plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.2.28 due to insufficient escaping on the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Front End Users
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-39620 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro-plugin allows SQL Injection.9.4. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
8.5
EPSS
0.6%
CVE-2024-8255 HIGH This Week

Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Dtn Soft
NVD
CVSS 4.0
8.4
EPSS
0.8%
CVE-2024-41964 HIGH PATCH This Week

Kirby is a CMS targeting designers and editors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Kirby
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-43700 HIGH PATCH This Week

xfpt versions prior to 1.01 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Xfpt
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-45436 HIGH PATCH This Week

extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Ollama
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2024-34019 HIGH This Week

Local privilege escalation due to DLL hijacking vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Snap Deploy
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-34017 HIGH This Week

Local privilege escalation due to DLL hijacking vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Snap Deploy
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-5622 HIGH This Week

An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL <= R 4.2.-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Industrial Automation Aprol
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2024-39658 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salon Booking System Salon booking system allows SQL Injection.7. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Salon Booking System
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-38693 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.0.7. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Wp User Frontend
NVD
CVSS 3.1
7.2
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy