Skip to main content
CVE-2020-36836 HIGH POC PATCH THREAT Act Now

Arbitrary file deletion in the WP Fastest Cache WordPress plugin (versions up to and including 0.9.0.2) allows authenticated low-privileged users to remove arbitrary files from the underlying server due to missing capability checks and inadequate path validation. Publicly available exploit code exists, and the EPSS score of 43.15% (97th percentile) indicates a notably elevated exploitation probability relative to the broader CVE population. The flaw is tagged as CSRF (CWE-352), meaning the deletion action can also be triggered via a forged request against an authenticated victim.

WordPress CSRF Wp Fastest Cache
NVD
CVSS 3.1
8.0
EPSS
43.1%
Threat
4.4
CVE-2024-45844 HIGH POC THREAT This Week

BIG-IP monitor functionality may allow an attacker to bypass access control restrictions, regardless of the port lockdown settings. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +17
NVD
CVSS 4.0
8.6
EPSS
10.6%
CVE-2024-46213 HIGH POC This Week

REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Redaxo
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-47637 HIGH This Week

Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Path Traversal.4.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-49226 HIGH This Week

Deserialization of Untrusted Data vulnerability in taketin TAKETIN To WP Membership taketin-to-wp-membership allows Object Injection.8.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-9348 HIGH This Week

Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Docker
NVD
CVSS 4.0
8.9
EPSS
0.5%
CVE-2024-38814 HIGH This Week

An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi VMware RCE Vmware Hcx
NVD
CVSS 3.1
8.8
EPSS
14.7%
CVE-2024-20420 HIGH This Week

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Ata 191 Firmware Ata 192 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-45711 HIGH This Week

SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Serv U
NVD
CVSS 3.1
8.8
EPSS
6.3%
CVE-2024-45693 HIGH This Week

Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache CSRF Information Disclosure Cloudstack
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-8746 HIGH This Week

The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mk_file_folder_manager_shortcode' ajax action in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress File Upload File Manager
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-8507 HIGH This Week

The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF File Manager
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-49340 HIGH This Week

IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Watson Studio Local
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-49253 HIGH This Week

Relative Path Traversal vulnerability in JamesPark.ninja Analyse Uploads analyse-uploads allows Relative Path Traversal.5. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 3.1
8.6
EPSS
0.4%
CVE-2024-45219 HIGH This Week

Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Apache Denial Of Service Cloudstack
NVD
CVSS 3.1
8.5
EPSS
1.2%
CVE-2024-49251 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Acnoo Maan Addons For Elementor maan-elementor-addons allows Local Code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
7.5
EPSS
3.9%
CVE-2024-20458 HIGH This Week

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Command Injection Ata 191 Firmware Ata 192 Firmware
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2024-48029 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hung Trang Si SB Random Posts Widget sb-random-posts-widget allows PHP Local. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
7.5
EPSS
3.3%
CVE-2024-48918 HIGH This Week

RDS Light is a simplified version of the Reflective Dialogue System (RDS), a self-reflecting AI framework. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 4.0
8.1
EPSS
0.4%
CVE-2024-45217 HIGH PATCH This Week

Insecure Default Initialization of Resource vulnerability in Apache Solr. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Solr
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-22030 HIGH PATCH This Week

A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle (MITM) attack. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.0
EPSS
0.4%
CVE-2024-7994 HIGH This Week

A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Stack Overflow RCE Revit
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-7993 HIGH This Week

A maliciously crafted PDF file, when parsed through Autodesk Revit, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Revit
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-22029 HIGH This Week

Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Tomcat Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-45710 HIGH This Week

SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Solarwinds Platform
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-49245 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in nahimsalami Ahime Image Printer ahime-image-printer.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-8040 HIGH This Week

An authorization bypass through user-controlled key vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an authenticated attacker to access some unauthorized data. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2024-47351 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The CSSIgniter Team MaxSlider maxslider allows Path Traversal.2.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-47645 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Danish Ali Malik Top Bar - PopUps - by WPOptin wpoptin allows PHP Local File Inclusion.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal PHP
NVD VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-20459 HIGH This Week

A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with high privileges to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Ata 191 Firmware Ata 192 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-49268 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sunburntkamel disconnected disconnected allows Reflected XSS.3.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-20463 HIGH This Week

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Ata 191 Firmware Ata 192 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-22032 HIGH PATCH This Week

A vulnerability has been identified in which an RKE1 cluster keeps constantly reconciling when secrets encryption configuration is enabled. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
7.1
EPSS
0.4%
CVE-2024-45462 HIGH This Week

The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Cloudstack
NVD
CVSS 3.1
7.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy