Skip to main content
CVE-2024-8484 HIGH POC THREAT Act Now

The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 88.9%.

WordPress SQLi Rest Api To Miniprogram
NVD
CVSS 3.1
7.5
EPSS
88.9%
Threat
5.7
CVE-2024-46612 CRITICAL POC Act Now

IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icecms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42797 CRITICAL POC Act Now

An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Music Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-46489 HIGH POC This Week

A remote command execution (RCE) vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Promptr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-9121 HIGH POC This Week

Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-46607 HIGH POC This Week

Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Icecms
NVD GitHub
CVSS 3.1
7.6
EPSS
0.6%
CVE-2024-46610 HIGH POC This Week

An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Icecms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-46609 HIGH POC This Week

An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Icecms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-8877 MEDIUM POC THREAT This Month

Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Netman 204 Firmware
NVD
CVSS 4.0
6.9
EPSS
77.0%
CVE-2024-46485 MEDIUM POC This Month

dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=addCate. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dingfanzu Cms
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-46655 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Ellevo
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-9148 MEDIUM POC PATCH This Month

Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Embed Flowise
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-8878 CRITICAL Act Now

The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.05. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Netman 204 Firmware
NVD
CVSS 4.0
10.0
EPSS
1.3%
CVE-2024-45066 CRITICAL Act Now

A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Progauge Maglink Lx Console Firmware Progauge Maglink Lx4 Console Firmware
NVD
CVSS 4.0
10.0
EPSS
0.8%
CVE-2024-43693 CRITICAL Act Now

A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Progauge Maglink Lx Console Firmware Progauge Maglink Lx4 Console Firmware
NVD
CVSS 4.0
10.0
EPSS
0.8%
CVE-2024-8436 CRITICAL Act Now

The WP Easy Gallery - WordPress Gallery Plugin plugin for WordPress is vulnerable to SQL Injection via the 'edit_imageId' and 'edit_imageDelete' parameters in all versions up to, and including, 4.8.5. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Wp Easy Gallery
NVD
CVSS 3.1
9.9
EPSS
0.5%
CVE-2024-8485 CRITICAL Act Now

The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo() due to missing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Authentication Bypass Rest Api To Miniprogram
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-47078 CRITICAL Act Now

Meshtastic is an open source, off-grid, decentralized, mesh network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Meshtastic Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-7576 CRITICAL Act Now

In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Ui For Wpf
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-7575 CRITICAL Act Now

In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ui For Wpf
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-8275 CRITICAL PATCH Act Now

The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tribe_has_next_event' function in all versions up to, and including, 6.6.4 due to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi WordPress The Events Calendar
NVD
CVSS 3.1
9.8
EPSS
49.5%
CVE-2024-8940 CRITICAL Act Now

Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Scriptcase
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-46957 CRITICAL PATCH Act Now

Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type is not checked. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42507 CRITICAL Act Now

Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-42506 CRITICAL Act Now

Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-42505 CRITICAL Act Now

Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-46488 MEDIUM POC PATCH This Month

sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npy_token_next function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Sqlite Vec
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-9142 CRITICAL Act Now

External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource vulnerability in Olgu Computer Systems e-Belediye allows Manipulating Web Input to File System. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
9.4
EPSS
0.1%
CVE-2024-4657 CRITICAL Act Now

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software BAP Automation allows Stored XSS. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 4.0
9.3
EPSS
0.3%
CVE-2024-20510 CRITICAL Act Now

A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Cisco Ios Xe
NVD
CVSS 3.1
9.3
EPSS
0.3%
CVE-2024-6845 MEDIUM POC This Month

The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Chatbot With Chatgpt
NVD WPScan
CVSS 3.1
5.3
EPSS
1.1%
CVE-2024-43692 CRITICAL Act Now

An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Progauge Maglink Lx Console Firmware Progauge Maglink Lx4 Console Firmware
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-43423 CRITICAL Act Now

The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Progauge Maglink Lx Console Firmware Progauge Maglink Lx4 Console Firmware
NVD
CVSS 4.0
9.3
EPSS
0.7%
CVE-2024-6593 CRITICAL Act Now

Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows allows an attacker with network access to execute restricted management commands.10.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Watchguard Microsoft Authentication Gateway
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-6592 CRITICAL Act Now

Incorrect Authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows and the WatchGuard Single Sign-On Client on. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Watchguard Microsoft Authentication Gateway +1
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2024-47083 HIGH This Week

Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Power Platform Terraform Provider
NVD GitHub
CVSS 4.0
8.8
EPSS
1.6%
CVE-2024-20437 HIGH This Week

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack and execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco CSRF Ios Xe
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-7481 HIGH This Week

Improper verification of cryptographic signature during installation of a Printer driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Microsoft
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-7479 HIGH This Week

Improper verification of cryptographic signature during installation of a VPN driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Microsoft
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-8290 HIGH PATCH This Week

The WCFM - Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Frontend Manager For Woocommerce Along With Bookings Subscription Listings Compatible
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-7878 MEDIUM POC This Month

The WP ULike WordPress plugin before 4.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Ulike
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-46600 MEDIUM POC This Month

dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/doAdminAction.php?act=delCate&id=31. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dingfanzu Cms
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-8497 HIGH This Week

Franklin Fueling Systems TS-550 EVO versions prior to 2.26.4.8967 possess a file that can be read arbitrarily that could allow an attacker obtain administrator credentials. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-45373 HIGH This Week

Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Progauge Maglink Lx Console Firmware Progauge Maglink Lx4 Console Firmware
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-41725 HIGH This Week

ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input fields that are used to render pages which may allow cross site scripting. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Progauge Maglink Lx Console Firmware Progauge Maglink Lx4 Console Firmware
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2024-20480 HIGH This Week

A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe
NVD
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-20467 HIGH This Week

A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.0%
CVE-2024-20464 HIGH This Week

A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe
NVD
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-20455 HIGH This Week

A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense (UTD) component of Cisco IOS XE Software in controller mode could allow an unauthenticated, remote. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe Ios Xe Sd Wan
NVD
CVSS 3.1
8.6
EPSS
0.7%
CVE-2024-7892 MEDIUM POC This Month

The adstxt Plugin WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Adstxt
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy