Skip to main content
CVE-2024-40711 CRITICAL POC KEV THREAT Act Now

A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Veeam Backup Replication
NVD
CVSS 3.1
9.8
EPSS
88.2%
CVE-2024-8565 MEDIUM POC This Month

A vulnerability was found in SourceCodesters Clinics Patient Management System 2.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Clinic S Patient Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-8555 MEDIUM POC This Month

A vulnerability was found in SourceCodester Clinics Patient Management System 2.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Open Redirect Clinic S Patient Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-8521 MEDIUM POC PATCH This Month

A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Wavelog
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-39714 CRITICAL Act Now

A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.0
9.9
EPSS
1.2%
CVE-2024-38650 CRITICAL Act Now

An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure
NVD
CVSS 3.0
9.9
EPSS
0.9%
CVE-2024-8563 MEDIUM POC PATCH This Month

A vulnerability was found in SourceCodester PHP CRUD 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Php Crud
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-8558 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Food Ordering Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Food Ordering Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8557 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Food Ordering Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-8554 MEDIUM POC This Month

A vulnerability was found in SourceCodester Clinics Patient Management System 2.0 and classified as problematic.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Clinic S Patient Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-8523 MEDIUM POC This Month

A vulnerability was found in lmxcms up to 1.4 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Lmxcms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
1.0%
CVE-2024-42024 HIGH This Week

A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE One
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-42023 HIGH This Week

An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass One
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-40718 HIGH This Week

A server side request forgery vulnerability allows a low-privileged user to perform local privilege escalation through exploiting an SSRF vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Privilege Escalation
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2024-40710 HIGH This Week

A series of related high-severity vulnerabilities, the most notable enabling remote code execution (RCE) as the service account and extraction of sensitive information (savedcredentials and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Veeam Backup Replication
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-40681 HIGH This Week

IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Mq Operator Supplied Mq Advanced Container Images
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-45498 HIGH PATCH This Week

Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Airflow
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-45034 HIGH PATCH This Week

Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Airflow
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-39715 HIGH This Week

A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.0
8.5
EPSS
0.9%
CVE-2024-38651 HIGH This Week

A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.0
8.5
EPSS
0.9%
CVE-2024-40714 HIGH This Week

An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Veeam Backup Replication
NVD
CVSS 3.1
8.3
EPSS
0.3%
CVE-2024-39718 HIGH This Week

An improper input validation vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Veeam Backup Replication
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2024-42019 HIGH This Week

A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure One
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2024-40713 HIGH This Week

A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Veeam Backup Replication
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-40712 HIGH This Week

A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Veeam Backup Replication
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-40709 HIGH This Week

A missing authorization vulnerability allows a local low-privileged user on the machine to escalate their privileges to root level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2024-37068 HIGH This Week

IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Maximo Application Suite
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-7620 MEDIUM PATCH This Month

The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_import' function in all versions up to, and including, 0.9.7. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress File Upload Customizer Export Import
NVD
CVSS 3.1
6.6
EPSS
0.7%
CVE-2024-42021 MEDIUM This Month

An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass One
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-7112 MEDIUM PATCH This Month

The Pinpoint Booking System - #1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘schedule’ parameter in all versions up to, and including, 2.9.9.5.0 due to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Pinpoint Booking System
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-1596 MEDIUM This Month

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Ninja Forms File Uploads
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-40680 MEDIUM This Month

IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Denial Of Service Mq Operator
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-42020 MEDIUM This Month

A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS One
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-6849 MEDIUM This Month

The Preloader Plus - WordPress Loading Screen Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Preloader Plus
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8564 MEDIUM This Month

A vulnerability was found in SourceCodester PHP CRUD 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Php Crud
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-8562 MEDIUM This Month

A vulnerability was found in SourceCodester PHP CRUD 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Php Crud
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-8561 MEDIUM This Month

A vulnerability has been found in SourceCodester PHP CRUD 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Php Crud
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-8560 MEDIUM This Month

A vulnerability, which was classified as critical, was found in SourceCodester Simple Invoice Generator System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Simple Invoice Generator System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-42022 MEDIUM This Month

An incorrect permission assignment vulnerability allows an attacker to modify product configuration files. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass One
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-6010 MEDIUM This Month

The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Cost Calculator Builder
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-8559 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Online Food Menu 1.0.php. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Online Food Menu
NVD VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-8538 MEDIUM PATCH This Month

The Big File Uploads - Increase Maximum File Upload Size plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure File Upload Big File Uploads
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy