Skip to main content
CVE-2024-9796 CRITICAL POC Act Now

The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Wp Advanced Search
NVD WPScan
CVSS 3.1
9.8
EPSS
3.0%
CVE-2024-9487 CRITICAL POC THREAT Act Now

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jwt Attack Denial Of Service Enterprise Server
NVD GitHub
CVSS 4.0
9.5
EPSS
22.4%
CVE-2024-47636 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch allows Object Injection.5.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-9201 CRITICAL Act Now

The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘id_order’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Seur
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-45115 CRITICAL Act Now

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Privilege Escalation Commerce Commerce B2b +1
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-9518 CRITICAL Act Now

The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Userplus
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-48949 CRITICAL PATCH Act Now

The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Jwt Attack Information Disclosure Elliptic
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy