Skip to main content
CVE-2024-9224 MEDIUM This Month

The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 50.8% and no vendor patch available.

Path Traversal WordPress Hello World
NVD
CVSS 3.1
6.5
EPSS
50.8%
CVE-2024-45999 CRITICAL POC Act Now

A SQL Injection vulnerability was discovered in Cloudlog 2.6.15, specifically within the get_station_info()function located in the file /application/models/Oqrs_model.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Cloudlog
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-46084 HIGH POC This Week

Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Scriptcase
NVD
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-46080 HIGH POC This Week

Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Scriptcase
NVD
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-46276 HIGH POC This Week

cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_chunk() function at cute_png.h. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Cute Png
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-46274 HIGH POC This Week

cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_stored() function at cute_png.h. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Cute Png
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-46267 HIGH POC This Week

cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_block() function at cute_png.h. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Cute Png
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-46264 HIGH POC This Week

cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_find() function at cute_png.h. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Cute Png
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-46263 HIGH POC This Week

cute_png v1.05 was discovered to contain a stack overflow via the cp_dynamic() function at cute_png.h. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Cute Png
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-46261 HIGH POC This Week

cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_make32() function at cute_png.h. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Cute Png
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-46259 HIGH POC This Week

cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_unfilter() function at cute_png.h. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Cute Png
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-46258 HIGH POC This Week

cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_load_png_mem() function at cute_png.h. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Cute Png
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-9360 MEDIUM POC This Month

A vulnerability was found in code-projects Restaurant Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Restaurant Reservation System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-9359 MEDIUM POC This Month

A vulnerability was found in code-projects Restaurant Reservation System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Restaurant Reservation System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-46079 MEDIUM POC This Month

Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in proj_new.php via the Descricao parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Scriptcase
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-9358 MEDIUM POC This Month

A vulnerability has been found in ThingsBoard up to 3.7.0 and classified as problematic. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Thingsboard
NVD VulDB
CVSS 4.0
6.0
EPSS
0.8%
CVE-2024-9402 CRITICAL Act Now

Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Firefox Thunderbird
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-9401 CRITICAL Act Now

Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Firefox Thunderbird
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-9392 CRITICAL Act Now

A compromised content process could have allowed for the arbitrary loading of cross-origin pages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-41276 CRITICAL Act Now

A vulnerability in Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code authentication mechanism. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-9289 CRITICAL Act Now

The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Affiliate Pro
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-9265 CRITICAL Act Now

The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Echo Rss Feed Post Generator
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-9108 CRITICAL Act Now

The Wechat Social login plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'convert_remoteimage_to_local' function in versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress File Upload
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-9106 CRITICAL Act Now

The Wechat Social login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-44610 MEDIUM POC This Month

PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before 2.11.0 are vulnerable to Command injection via shell metacharacters in a Software Update to processing.php. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection
NVD GitHub
CVSS 3.1
5.6
EPSS
1.0%
CVE-2024-47527 MEDIUM POC PATCH This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-47525 MEDIUM POC PATCH THREAT This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
26.6%
CVE-2024-47523 MEDIUM POC PATCH This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-46082 MEDIUM POC This Month

Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Scriptcase
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-46083 MEDIUM POC This Month

Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Scriptcase
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-46081 MEDIUM POC This Month

Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Scriptcase
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7434 HIGH This Week

The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.2 via deserialization of untrusted input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure WordPress Ultrapress
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-25660 CRITICAL Act Now

The WebDAV service in Infinera TNMS (Transcend Network Management System) 19.10.3 allows a low-privileged remote attacker to conduct unauthorized file operations, because of execution with. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Transcend Network Management System
NVD
CVSS 3.1
9.0
EPSS
0.6%
CVE-2024-47524 MEDIUM POC PATCH This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Java Librenms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-31835 MEDIUM POC This Month

Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Flatpress
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2024-9400 HIGH This Week

A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Firefox Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-9396 HIGH This Week

It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Firefox Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-25632 HIGH This Week

eLabFTW is an open source electronic lab notebook for research labs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Elabftw
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-9018 HIGH This Week

The WP Easy Gallery - WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘key’ parameter in all versions up to, and including, 4.8.5 due to insufficient. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Wp Easy Gallery
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-7433 HIGH This Week

The Empowerment theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.2 via deserialization of untrusted input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Information Disclosure PHP Empowerment
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-7432 HIGH This Week

The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Information Disclosure PHP Unseen Blog
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-45967 MEDIUM POC This Month

Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in index.php/admin/site/widget. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pagekit
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-47528 MEDIUM POC PATCH This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Librenms
NVD GitHub
CVSS 4.0
4.6
EPSS
0.4%
CVE-2024-8548 HIGH This Week

The KB Support - WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress PHP Kb Support
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-47534 HIGH PATCH This Week

go-tuf is a Go implementation of The Update Framework (TUF). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure
NVD GitHub
CVSS 4.0
8.2
EPSS
0.5%
CVE-2024-21489 HIGH PATCH This Week

Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Information Disclosure
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2024-42514 HIGH This Week

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Micontact Center Business
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-47295 HIGH This Week

Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2024-47560 HIGH This Week

RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2024-25661 HIGH This Week

In Infinera TNMS (Transcend Network Management System) 19.10.3, cleartext storage of sensitive information in memory of the desktop application TNMS Client allows guest OS administrators to obtain. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Transcend Network Management System
NVD
CVSS 3.1
7.7
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy