Skip to main content
CVE-2024-48192 HIGH POC This Week

Tenda G3 v15.01.0.5(2848_755)_EN was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tenda G3 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2024-5429 HIGH POC This Week

The Logo Slider WordPress plugin before 4.1.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Logo Slider
NVD WPScan
CVSS 3.1
7.6
EPSS
0.5%
CVE-2024-10100 HIGH POC This Week

A path traversal vulnerability exists in binary-husky/gpt_academic version 3.83. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gpt Academic
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-9347 MEDIUM POC PATCH This Month

The The Ultimate WordPress Toolkit - WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpext-export' parameter in all versions up to, and including, 3.0.9 due. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Wp Extended
NVD
CVSS 3.1
6.1
EPSS
2.4%
CVE-2024-10073 MEDIUM POC PATCH This Month

A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection RCE Flair
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.5%
CVE-2024-49314 CRITICAL Act Now

Unrestricted file upload in JiangQie Free Mini Program (versions up to and including 2.5.2) allows remote unauthenticated attackers to upload web shells and achieve full server compromise. The CVSS 10.0 score with scope-changed impact reflects critical severity, though no public exploit is identified at time of analysis and EPSS of 0.89% places exploitation probability in the 75th percentile - elevated but not yet indicative of mass exploitation.

File Upload
NVD VulDB
CVSS 3.1
10.0
EPSS
0.9%
CVE-2024-49291 CRITICAL Act Now

Remote code execution in Gora Tech's Cooked Pro plugin (a premium WordPress recipe plugin) is possible through an unrestricted file upload flaw affecting all versions up through and including those below 1.8.0. The maximum CVSS score of 10.0 reflects network-reachable, unauthenticated exploitation with scope change, enabling attackers to upload arbitrary file types - typically webshells - and achieve full server compromise. No public exploit identified at time of analysis, and the EPSS probability of 0.82% (74th percentile) suggests the issue has not yet seen widespread automated exploitation despite its critical severity.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.8%
CVE-2024-10099 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Comfyui
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-9863 CRITICAL Act Now

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-49318 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Scott My Reading Library my-reading-library allows Object Injection.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-49217 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in madiriaashish Adding drop down roles in registration user-drop-down-roles-in-registration allows Privilege Escalation.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-49322 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress jemployee allows Privilege Escalation.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-43566 CRITICAL Act Now

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Google Microsoft Edge Chromium
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-49400 CRITICAL Act Now

Tacquito prior to commit 07b49d1358e6ec0b5aa482fcd284f509191119e2 was not properly performing regex matches on authorized commands and arguments. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-9263 CRITICAL Act Now

The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-9862 CRITICAL PATCH Act Now

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Otp Verification With Firebase
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-27766 MEDIUM POC This Month

An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE MariaDB
NVD GitHub
CVSS 3.1
5.7
EPSS
1.2%
CVE-2024-10101 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in binary-husky/gpt_academic version 3.83. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gpt Academic
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2024-9898 MEDIUM POC PATCH This Month

The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dd-parallax shortcode in all versions up to, and including, 1.8 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Parallax Image
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-49305 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Email Verification for WooCommerce emails-verification-for-woocommerce allows SQL. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress
NVD VulDB
CVSS 3.1
9.3
EPSS
0.3%
CVE-2024-49246 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anand23 Ajax Rating with Custom Login ajax-rating-with-custom-login allows SQL Injection.1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.3
EPSS
0.3%
CVE-2024-10072 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10071 MEDIUM POC This Month

A vulnerability classified as critical was found in ESAFENET CDG 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10070 MEDIUM POC This Month

A vulnerability classified as critical has been found in ESAFENET CDG 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10069 MEDIUM POC This Month

A vulnerability was found in ESAFENET CDG 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-49397 CRITICAL Act Now

The affected product is vulnerable to a cross-site scripting attack which may allow an attacker to bypass authentication and takeover admin accounts. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS
NVD
CVSS 4.0
9.2
EPSS
0.4%
CVE-2024-48920 CRITICAL Act Now

PutongOJ is online judging software. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-10025 CRITICAL Act Now

A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-49219 HIGH This Week

Incorrect Privilege Assignment vulnerability in themexpo RS-Members rs-members allows Privilege Escalation.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-43596 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

RCE Microsoft Google Memory Corruption Edge Chromium
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-43595 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Google RCE Microsoft Edge Chromium
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-49398 HIGH This Week

The affected product is vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 4.0
8.8
EPSS
0.5%
CVE-2024-9215 HIGH This Week

The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-45766 HIGH This Week

Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of Generation of Code ('Code Injection') vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Dell Openmanage Enterprise
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-48924 HIGH PATCH This Week

Deserialization Denial Of Service
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-49399 HIGH This Week

The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-49396 HIGH This Week

The affected product is vulnerable due to insufficiently protected credentials, which may allow an attacker to impersonate Elvaco and send false information. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-49315 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CodeFlock FREE DOWNLOAD MANAGER free-download-manager allows Path Traversal.0.0. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD VulDB
CVSS 3.1
8.6
EPSS
0.2%
CVE-2024-47304 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjahan Jewel Fluent Support fluent-support allows SQL Injection.8.0. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
8.5
EPSS
0.5%
CVE-2024-49297 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows SQL Injection.7.9.7. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
8.5
EPSS
0.5%
CVE-2024-47312 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Grim Classic Editor and Classic Widgets classic-editor-and-classic-widgets allows SQL. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
8.5
EPSS
0.5%
CVE-2024-49244 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vrinsoft CSV Product Import Export for WooCommerce csv-wc-product-import-export.0.0. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress
NVD VulDB
CVSS 3.1
8.5
EPSS
0.3%
CVE-2024-10093 HIGH This Week

A vulnerability, which was classified as critical, was found in VSO ConvertXtoDvd 7.0.0.83. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Convertxtodvd
NVD VulDB
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-10068 HIGH This Week

A vulnerability was found in OpenSight Software FlashFXP 5.4.0.3970. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-49317 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ZIPANG Point Maker point-maker allows PHP Local File Inclusion.1.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
7.5
EPSS
4.6%
CVE-2024-43579 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Google Buffer Overflow Microsoft RCE +1
NVD
CVSS 3.1
8.3
EPSS
0.7%
CVE-2024-43578 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Google Buffer Overflow Microsoft RCE +1
NVD
CVSS 3.1
8.3
EPSS
0.7%
CVE-2024-43587 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Heap Overflow Google Buffer Overflow Microsoft RCE +1
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2024-33453 HIGH This Week

Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to obtain sensitive information via the externalId component. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Esp Idf
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2024-9861 HIGH PATCH This Week

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass WordPress Otp Verification With Firebase
NVD
CVSS 3.1
8.1
EPSS
0.6%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy