Skip to main content
CVE-2024-8862 MEDIUM POC PATCH This Month

A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization H2O
NVD VulDB
CVSS 4.0
6.9
EPSS
1.3%
CVE-2024-8039 CRITICAL Act Now

Improper permission configurationDomain configuration vulnerability of the mobile application (com.afmobi.boomplayer) can lead to account takeover risks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-8863 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Aim
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6482 HIGH PATCH This Week

The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation WordPress Login With Phone Number
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-8246 HIGH PATCH This Week

The Post Form - Registration Form - Profile Form for User Profiles - Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to privilege escalation in all versions up. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation WordPress Buddyforms
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-8479 HIGH PATCH This Week

The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection WordPress RCE Simple Spoiler
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2024-8271 HIGH PATCH This Week

The The FOX - Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection WordPress RCE Fox Currency Switcher Professional For Woocommerce
NVD
CVSS 3.1
7.3
EPSS
0.7%
CVE-2024-8669 HIGH PATCH This Week

The Backuply - Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter passed to the backuply_wp_clone_sql() function in all versions up to,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Backuply
NVD
CVSS 3.1
7.2
EPSS
16.7%
CVE-2024-8797 MEDIUM PATCH This Month

The WP Booking System - Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wp Booking System
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-8724 MEDIUM PATCH This Month

The Waitlist Woocommerce ( Back in stock notifier ) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Waitlist Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-8775 MEDIUM PATCH This Month

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Information Disclosure
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy