Skip to main content
CVE-2024-44845 HIGH POC This Week

DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-44844 HIGH POC This Week

DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-44739 HIGH POC This Week

Sourcecodester Simple Forum Website v1.0 has a SQL injection vulnerability in /php-sqlite-forum/?page=manage_user&id=. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Forum Website
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-44408 HIGH POC This Week

D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Information Disclosure Dir 823G Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-8428 HIGH This Week

The ForumWP - Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Authentication Bypass Forumwp
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-21898 HIGH This Week

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Qnap Qts Quts Hero
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-38486 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-8480 HIGH PATCH This Week

The Image Optimizer, Resizer and CDN - Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass RCE WordPress Sirv
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-8247 HIGH PATCH This Week

The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation WordPress Newsletters
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-45294 HIGH PATCH This Week

The HL7 FHIR Core Artifacts repository provides the java core object handling code, with utilities (including validator), for the Fast Healthcare Interoperability Resources (FHIR) specification. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XXE
NVD GitHub
CVSS 3.1
8.6
EPSS
1.0%
CVE-2024-39585 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Dell Smartfabric Os10
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-7652 HIGH This Week

An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Buffer Overflow Denial Of Service Mozilla Firefox +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-8509 HIGH This Week

A vulnerability was found in Forklift Controller. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-38641 HIGH This Week

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.3), this vulnerability is no authentication required. No vendor patch available.

Command Injection Qnap Qts Quts Hero
NVD
CVSS 4.0
7.3
EPSS
0.5%
CVE-2024-7349 HIGH PATCH This Week

The LifterLMS - WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to blind SQL Injection via the 'order' parameter in all versions up to, and including, 7.7.5 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Lifterlms
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-38640 HIGH This Week

A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Download Station
NVD
CVSS 4.0
7.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy