Skip to main content
CVE-2024-8522 CRITICAL POC PATCH THREAT Act Now

SQL injection in LearnPress LMS plugin for WordPress (versions ≤ 4.2.7) allows unauthenticated remote attackers to inject arbitrary SQL via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST endpoint, enabling extraction of sensitive database contents including user credentials and PII. Publicly available exploit code exists, and the EPSS score of 88.05% (99th percentile) indicates very high real-world exploitation likelihood, though the issue is not currently listed in CISA KEV.

SQLi WordPress Learnpress
NVD Exploit-DB
CVSS 3.1
10.0
EPSS
88.1%
Threat
6.1
CVE-2024-8529 CRITICAL POC PATCH THREAT Act Now

The LearnPress - WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 71.0%.

SQLi WordPress Learnpress
NVD
CVSS 3.1
10.0
EPSS
71.0%
Threat
5.6
CVE-2024-40457 CRITICAL POC Act Now

No-IP Dynamic Update Client (DUC) v3.x uses cleartext credentials that may occur on a command line or in a file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-45852 HIGH POC This Week

Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Mindsdb
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-45851 HIGH POC PATCH This Week

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE Microsoft Mindsdb
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-45850 HIGH POC PATCH This Week

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE Microsoft Mindsdb
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-45849 HIGH POC PATCH This Week

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE Microsoft Mindsdb
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-45848 HIGH POC PATCH This Week

An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE Mindsdb
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-45847 HIGH POC PATCH This Week

An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE Mindsdb
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-45846 HIGH POC PATCH This Week

An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE Mindsdb
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2024-34334 HIGH POC This Week

ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ordat Erp
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-45855 HIGH POC This Week

Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Deserialization RCE Mindsdb
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-45854 HIGH POC This Week

Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Deserialization RCE Mindsdb
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-45853 HIGH POC This Week

Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Deserialization RCE Mindsdb
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-7766 HIGH POC This Week

The Adicon Server WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Adicon Server
NVD WPScan
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-8711 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Food Ordering Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Food Ordering Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-42483 MEDIUM POC PATCH This Month

ESP-NOW Component provides a connectionless Wi-Fi communication protocol. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Code Injection Esp Now
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-7862 MEDIUM POC This Month

The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Blogintroduction Wordpress Plugin
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-7859 MEDIUM POC This Month

The Visual Sound WordPress plugin through 1.03 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Visual Sound
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-7820 MEDIUM POC This Month

The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Ilc Thickbox
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-7817 MEDIUM POC This Month

The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Misiek Photo Album
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-34335 MEDIUM POC This Month

ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ordat Erp
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-8056 MEDIUM POC This Month

The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mm Breaking News
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-8054 MEDIUM POC This Month

The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Mm Breaking News
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-7861 MEDIUM POC This Month

The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Misiek Paypal
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-7860 MEDIUM POC This Month

The Simple Headline Rotator WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Simple Headline Rotator
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-7822 MEDIUM POC This Month

The Quick Code WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Quick Code
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-7818 MEDIUM POC This Month

The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Misiek Photo Album
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-7816 MEDIUM POC This Month

The Gixaw Chat WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Gixaw Chat
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-6019 MEDIUM POC This Month

The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Music Request Manager
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-6018 MEDIUM POC This Month

The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Music Request Manager
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-6017 MEDIUM POC This Month

The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Music Request Manager
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-29847 CRITICAL Act Now

Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
9.8
EPSS
52.9%
CVE-2024-45856 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mindsdb
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-34336 MEDIUM POC This Month

User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ordat Erp
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-8710 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Inventory Management 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Inventory Management
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8709 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Best House Rental Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8706 MEDIUM POC This Month

A vulnerability was found in JFinalCMS up to 20240903. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Jfinalcms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-45823 CRITICAL Act Now

CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Factorytalk Batch View
NVD
CVSS 4.0
9.2
EPSS
0.5%
CVE-2024-45824 CRITICAL Act Now

CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal XSS Command Injection Factorytalk View
NVD
CVSS 4.0
9.2
EPSS
1.3%
CVE-2024-2743 CRITICAL Act Now

An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-45383 MEDIUM POC This Month

A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800). Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft High Definition Audio Bus Driver
NVD
CVSS 3.1
5.0
EPSS
1.5%
CVE-2024-8695 CRITICAL Act Now

A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE XSS Docker Desktop
NVD
CVSS 4.0
9.0
EPSS
1.3%
CVE-2024-8696 HIGH This Week

A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE XSS Docker Desktop
NVD
CVSS 4.0
8.9
EPSS
1.2%
CVE-2024-2010 HIGH This Week

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in TE Informatics V5 allows Reflected XSS.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS V5
NVD VulDB
CVSS 4.0
8.8
EPSS
0.2%
CVE-2024-3305 HIGH This Week

Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.4.0 for iOS, before 5.2.1 for Android. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Information Disclosure Soliclub
NVD VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2024-3306 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrectly Configured Access Control Security Levels.4.0 for iOS, before 5.2.1 for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Soliclub
NVD VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2024-7960 HIGH This Week

The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Rockwell Pavilion8
NVD
CVSS 4.0
8.8
EPSS
0.5%
CVE-2024-8641 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-6678 HIGH This Week

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
8.8
EPSS
2.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy