Skip to main content
CVE-2024-8956 CRITICAL POC KEV THREAT Act Now

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Information Disclosure Pt30X Sdi Firmware Pt30X Ndi Xx G2 Firmware
NVD
CVSS 3.1
9.1
EPSS
60.9%
CVE-2024-8904 HIGH POC This Week

Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-46362 HIGH POC This Week

FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_directory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Frogcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-5998 HIGH POC PATCH This Week

A vulnerability in the FAISS.deserialize_from_bytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Deserialization Langchain
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-8957 HIGH POC KEV THREAT This Week

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Pt30X Sdi Firmware Pt30X Ndi Xx G2 Firmware
NVD
CVSS 3.1
7.2
EPSS
82.0%
CVE-2024-8948 MEDIUM POC PATCH This Month

A vulnerability was found in MicroPython 1.23.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Heap Overflow Buffer Overflow Micropython
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.0%
CVE-2024-8946 MEDIUM POC PATCH This Month

A vulnerability was found in MicroPython 1.23.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Heap Overflow Buffer Overflow Micropython
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.0%
CVE-2024-8944 MEDIUM POC PATCH This Month

A vulnerability, which was classified as critical, was found in code-projects Hospital Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Hospital Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.1%
CVE-2024-8093 MEDIUM POC This Month

The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Posts Reminder
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-8091 MEDIUM POC This Month

The Enhanced Search Box WordPress plugin through 0.6.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Enhanced Search Box
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-8047 MEDIUM POC This Month

The Visual Sound (old) WordPress plugin through 1.06 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Visual Sound
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-8044 MEDIUM POC This Month

The infolinks Ad Wrap WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Infolinks Ad Wrap
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-8947 MEDIUM POC PATCH This Month

A vulnerability was found in MicroPython 1.22.2. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Micropython
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
1.0%
CVE-2024-8052 MEDIUM POC This Month

The Review Ratings WordPress plugin through 1.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Review Ratings
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-44148 CRITICAL Act Now

This issue was addressed with improved validation of file attributes. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2024-44146 CRITICAL Act Now

A logic issue was addressed with improved file handling. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2024-45798 CRITICAL Act Now

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection
NVD GitHub
CVSS 3.1
9.9
EPSS
0.8%
CVE-2024-8767 CRITICAL Act Now

Sensitive data disclosure and manipulation due to unnecessary privileges assignment. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure
NVD
CVSS 3.0
9.9
EPSS
0.5%
CVE-2024-45496 CRITICAL PATCH Act Now

A flaw was found in OpenShift. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.9
EPSS
0.9%
CVE-2024-38183 CRITICAL PATCH Act Now

An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Groupme
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-45682 CRITICAL Act Now

There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Proroute H685T W Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2024-38813 CRITICAL KEV THREAT Act Now

The vCenter Server contains a privilege escalation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation VMware Cloud Foundation Vcenter Server
NVD
CVSS 3.1
9.8
EPSS
16.7%
CVE-2024-38812 CRITICAL KEV THREAT Act Now

The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow VMware RCE Cloud Foundation +1
NVD
CVSS 3.1
9.8
EPSS
54.1%
CVE-2024-7873 CRITICAL Act Now

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, CWE - 83 Improper Neutralization of Script in Attributes in a Web. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 4.0
9.4
EPSS
0.2%
CVE-2024-43978 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp.9.8. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.3
EPSS
0.7%
CVE-2024-43976 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp.9.7. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.3
EPSS
0.5%
CVE-2024-8092 MEDIUM POC This Month

The Accordion Image Menu WordPress plugin through 3.1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Accordion Image Menu
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-8051 MEDIUM POC This Month

The Special Feed Items WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Special Feed Items
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-44004 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows SQL Injection.0.2. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.3
EPSS
0.4%
CVE-2024-8951 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Resort Reservation System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-8945 MEDIUM POC THREAT This Month

A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Rise Ultimate Project Manager
NVD VulDB Exploit-DB
CVSS 4.0
5.3
EPSS
14.5%
CVE-2024-7387 CRITICAL Act Now

A flaw was found in openshift/builder. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Privilege Escalation Path Traversal Docker
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-45398 HIGH PATCH This Week

Contao is an Open Source CMS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Contao
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-43460 HIGH PATCH This Week

Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Dynamics 365 Business Central
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-22303 HIGH This Week

Incorrect Privilege Assignment vulnerability in favethemes Houzez allows Privilege Escalation.2.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-21743 HIGH This Week

Privilege Escalation vulnerability in favethemes Houzez Login Register houzez-login-register.2.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-46085 HIGH This Week

FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Frogcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-5170 MEDIUM POC This Month

The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Logo Manager For Enamad
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-44132 HIGH This Week

This issue was addressed with improved handling of symlinks. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-47049 HIGH PATCH This Week

The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Path Traversal PHP File Handling
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2024-7788 HIGH This Week

Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOffice2 before < 24.2.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Libreoffice
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-44162 HIGH This Week

This issue was addressed by enabling hardened runtime. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Xcode
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-40861 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-43969 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.9.12. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-44165 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS Iphone Os Ipados +1
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-40848 HIGH This Week

A downgrade issue was addressed with additional code-signing restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-40856 HIGH This Week

An integrity issue was addressed with Beacon Protection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-46982 HIGH PATCH This Week

Next.js is a React framework for building full-stack web applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Next Js
NVD GitHub
CVSS 3.1
7.5
EPSS
58.8%
CVE-2024-8900 HIGH This Week

An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla Firefox
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-8768 HIGH PATCH This Week

A flaw was found in the vLLM library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy