Skip to main content
CVE-2024-39747 CRITICAL Act Now

IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Sterling Connect Direct Web Services
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-7717 HIGH This Week

The WP Events Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 2.1.11 due to insufficient escaping on the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Wp Events Manager
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-7435 HIGH PATCH This Week

The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization WordPress Information Disclosure PHP Attire
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-0110 HIGH This Week

NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` where a user may cause an out-of-bound write by passing in a malformed ELF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption RCE Denial Of Service Nvidia +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-44945 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink: Initialise extack before use in ACKs Add missing extack initialisation when ACKing BATCH_BEGIN and BATCH_END. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-8366 MEDIUM This Month

A vulnerability was found in code-projects Pharmacy Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Pharmacy Management System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-39579 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-45304 MEDIUM PATCH This Month

Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Contracts
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-39578 MEDIUM This Month

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-5212 MEDIUM This Month

The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Tagdiv Composer
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-3886 MEDIUM This Month

The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Tagdiv Composer
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-44946 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: kcm: Serialise kcm_sendmsg() for the same socket. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Google Use After Free Memory Corruption Information Disclosure Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2024-8108 MEDIUM This Month

The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alignment' parameter in all versions up to, and including, 2.01 due to insufficient input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Share This Image
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-8276 MEDIUM PATCH This Month

The WPZOOM Portfolio Lite - Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:wpzoom-blocks' Gutenberg block in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wpzoom Portfolio
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-0111 MEDIUM This Month

NVIDIA CUDA Toolkit contains a vulnerability in command 'cuobjdump' where a user may cause a crash or produce incorrect output by passing a malformed ELF file. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nvidia Denial Of Service Cuda Toolkit
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-8006 MEDIUM PATCH This Month

Remote packet capture support is disabled by default in libpcap. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libpcap
NVD GitHub
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-0109 LOW Monitor

NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` where a user may cause a crash by passing in a malformed ELF file. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Nvidia Denial Of Service Cuda Toolkit
NVD
CVSS 3.1
3.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy