Skip to main content
CVE-2024-46084 HIGH POC This Week

Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Scriptcase
NVD
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-46080 HIGH POC This Week

Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Scriptcase
NVD
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-46276 HIGH POC This Week

cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_chunk() function at cute_png.h. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Cute Png
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-46274 HIGH POC This Week

cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_stored() function at cute_png.h. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Cute Png
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-46267 HIGH POC This Week

cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_block() function at cute_png.h. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Cute Png
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-46264 HIGH POC This Week

cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_find() function at cute_png.h. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Cute Png
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-46263 HIGH POC This Week

cute_png v1.05 was discovered to contain a stack overflow via the cp_dynamic() function at cute_png.h. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Cute Png
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-46261 HIGH POC This Week

cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_make32() function at cute_png.h. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Cute Png
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-46259 HIGH POC This Week

cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_unfilter() function at cute_png.h. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Cute Png
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-46258 HIGH POC This Week

cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_load_png_mem() function at cute_png.h. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Cute Png
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-7434 HIGH This Week

The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.2 via deserialization of untrusted input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure WordPress Ultrapress
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-9400 HIGH This Week

A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Firefox Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-9396 HIGH This Week

It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Firefox Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-25632 HIGH This Week

eLabFTW is an open source electronic lab notebook for research labs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Elabftw
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-9018 HIGH This Week

The WP Easy Gallery - WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘key’ parameter in all versions up to, and including, 4.8.5 due to insufficient. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Wp Easy Gallery
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-7433 HIGH This Week

The Empowerment theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.2 via deserialization of untrusted input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Information Disclosure PHP Empowerment
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-7432 HIGH This Week

The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Information Disclosure PHP Unseen Blog
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-8548 HIGH This Week

The KB Support - WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress PHP Kb Support
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-47534 HIGH PATCH This Week

go-tuf is a Go implementation of The Update Framework (TUF). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure
NVD GitHub
CVSS 4.0
8.2
EPSS
0.5%
CVE-2024-21489 HIGH PATCH This Week

Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Information Disclosure
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2024-42514 HIGH This Week

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Micontact Center Business
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-47295 HIGH This Week

Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2024-47560 HIGH This Week

RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2024-25661 HIGH This Week

In Infinera TNMS (Transcend Network Management System) 19.10.3, cleartext storage of sensitive information in memory of the desktop application TNMS Client allows guest OS administrators to obtain. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Transcend Network Management System
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2024-9399 HIGH This Week

A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Firefox Thunderbird
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-9394 HIGH This Week

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Mozilla Firefox Firefox Esr +1
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-9393 HIGH This Week

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Mozilla Firefox Firefox Esr +1
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-30132 HIGH This Week

HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nomad Server On Domino
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-9403 HIGH This Week

Memory safety bugs present in Firefox 130. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Firefox Thunderbird
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2024-25659 HIGH This Week

In Infinera TNMS (Transcend Network Management System) 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Transcend Network Management System
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-7869 HIGH This Week

The 123.chat - Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-41673 HIGH PATCH This Week

Decidim is a participatory democracy framework. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-9145 HIGH This Week

Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz (legacy) Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
7.1
EPSS
0.8%
CVE-2024-8981 HIGH This Week

The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg in /app/admin-notices/features/class-view.php without appropriate escaping. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
7.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy