Skip to main content
CVE-2024-8484 HIGH POC THREAT Act Now

The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 88.9%.

WordPress SQLi Rest Api To Miniprogram
NVD
CVSS 3.1
7.5
EPSS
88.9%
Threat
5.7
CVE-2024-46489 HIGH POC This Week

A remote command execution (RCE) vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Promptr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-9121 HIGH POC This Week

Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-46607 HIGH POC This Week

Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Icecms
NVD GitHub
CVSS 3.1
7.6
EPSS
0.6%
CVE-2024-46610 HIGH POC This Week

An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Icecms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-46609 HIGH POC This Week

An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Icecms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-47083 HIGH This Week

Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Power Platform Terraform Provider
NVD GitHub
CVSS 4.0
8.8
EPSS
1.6%
CVE-2024-20437 HIGH This Week

A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack and execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco CSRF Ios Xe
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-7481 HIGH This Week

Improper verification of cryptographic signature during installation of a Printer driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Microsoft
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-7479 HIGH This Week

Improper verification of cryptographic signature during installation of a VPN driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Microsoft
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-8290 HIGH PATCH This Week

The WCFM - Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Frontend Manager For Woocommerce Along With Bookings Subscription Listings Compatible
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-8497 HIGH This Week

Franklin Fueling Systems TS-550 EVO versions prior to 2.26.4.8967 possess a file that can be read arbitrarily that could allow an attacker obtain administrator credentials. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-45373 HIGH This Week

Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Progauge Maglink Lx Console Firmware Progauge Maglink Lx4 Console Firmware
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-41725 HIGH This Week

ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input fields that are used to render pages which may allow cross site scripting. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Progauge Maglink Lx Console Firmware Progauge Maglink Lx4 Console Firmware
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2024-20480 HIGH This Week

A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe
NVD
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-20467 HIGH This Week

A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.0%
CVE-2024-20464 HIGH This Week

A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe
NVD
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-20455 HIGH This Week

A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense (UTD) component of Cisco IOS XE Software in controller mode could allow an unauthenticated, remote. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe Ios Xe Sd Wan
NVD
CVSS 3.1
8.6
EPSS
0.7%
CVE-2024-8942 HIGH This Week

Vulnerability in Scriptcase version 9.4.019 that consists of a Cross-Site Scripting (XSS), due to the lack of input validation, affecting the “id_form_msg_title” parameter, among others. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Scriptcase
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-21545 HIGH This Week

Proxmox Virtual Environment is an open-source server management platform for enterprise virtualization. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-20350 HIGH This Week

A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection Cisco Catalyst Center
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-47082 HIGH PATCH This Week

Strawberry GraphQL is a library for creating GraphQL APIs. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Python CSRF File Upload Strawberry
NVD GitHub
CVSS 3.1
8.0
EPSS
0.2%
CVE-2024-44678 HIGH This Week

Gigastone TR1 Travel Router R101 v1.0.2 is vulnerable to Command Injection. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.0
EPSS
1.3%
CVE-2024-46461 HIGH This Week

VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream (heap based overflow). Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Denial Of Service
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2024-8996 HIGH PATCH This Week

Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM43.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Grafana Microsoft Agent
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-8975 HIGH PATCH This Week

Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM3.3, from 1.4.0-rc.0 through 1.4.0-rc.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Grafana Microsoft Alloy
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-8316 HIGH This Week

In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization RCE Ui For Wpf
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-7679 HIGH This Week

In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Ui For Wpf
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-8481 HIGH This Week

The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.4. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE WordPress Special Text Boxes
NVD
CVSS 3.1
7.3
EPSS
1.4%
CVE-2024-41708 HIGH This Week

An issue was discovered in AdaCore ada_web_services 20.0 allows an attacker to escalate privileges and steal sessions via the Random_String() function in the src/core/aws-utils.adb module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-20436 HIGH This Week

A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Cisco Apple Denial Of Service Ios Xe
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-20433 HIGH This Week

A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Cisco Denial Of Service Apple +2
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-44825 HIGH This Week

Directory Traversal vulnerability in Centro de Tecnologia da Informaco Renato Archer InVesalius3 v3.1.99995 allows attackers to write arbitrary files unto the system via a crafted .inv3 file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-22893 HIGH This Week

OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Openslides
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-22892 HIGH This Week

OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openslides
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-6594 HIGH This Week

Improper Handling of Exceptional Conditions vulnerability in the WatchGuard Single Sign-On Client on Windows causes the client to crash while handling malformed commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Watchguard Denial Of Service Microsoft Single Sign On Client
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-31146 HIGH PATCH This Week

When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective guests individually cannot really be guaranteed without. Rated high severity (CVSS 7.5). This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Xen
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-31145 HIGH PATCH This Week

Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. Rated high severity (CVSS 7.5). This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Intel Denial Of Service Amd Xen
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-8175 HIGH This Week

An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-46936 HIGH This Week

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-46935 HIGH PATCH This Week

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Rocket Chat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-39928 HIGH PATCH This Week

In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Linkis
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-7617 HIGH This Week

The Contact Form to Any API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 form fields in all versions up to, and including, 1.2.4 due to insufficient input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Contact Form To Any Api
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-8914 HIGH This Week

The Thanh Toán Quét Mã QR Code Tự Động - MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Thanh Toan Quet Ma Qr Code Tu Dong
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-45750 HIGH This Week

An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN Client 6.87.109 (and older), Windows Enterprise VPN Client 7.5.007 (and older), Android VPN Client. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Authentication Bypass RCE Apple
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2024-45817 HIGH PATCH This Week

In x86's APIC (Advanced Programmable Interrupt Controller) architecture, error conditions are reported in a status register. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xen
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2024-8514 HIGH PATCH This Week

The Prisna GWT - Google Website Translator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.11 via deserialization of untrusted input from the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Google Deserialization WordPress PHP Information Disclosure +1
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-7385 HIGH PATCH This Week

The WordPress Simple HTML Sitemap plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.1 due to insufficient escaping on the user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Wordpress Simple Html Sitemap
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2024-8349 HIGH This Week

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation Uncanny Groups For Learndash
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-43959 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Testimonials super-testimonial allows Reflected XSS.0.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy