Skip to main content
CVE-2024-37404 HIGH POC PATCH THREAT Act Now

Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
8.8
EPSS
67.3%
CVE-2024-10130 HIGH POC This Week

A vulnerability classified as critical was found in Tenda AC8 16.03.34.06. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac8 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.0%
CVE-2024-10123 HIGH POC This Week

A vulnerability was found in Tenda AC8 16.03.34.06. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac8 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.0%
CVE-2024-9593 HIGH POC THREAT This Week

The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection WordPress RCE Time Clock
NVD
CVSS 3.1
8.3
EPSS
12.5%
CVE-2024-48016 HIGH This Week

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Secure Connect Gateway
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-10079 HIGH This Week

The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input from the 'text' parameter in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Information Disclosure PHP Wp Easy Post Types
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-49361 HIGH This Week

ACON is a widely-used library of tools for machine learning that focuses on adaptive correlation optimization. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 4.0
8.1
EPSS
0.7%
CVE-2024-47241 HIGH This Week

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains an Improper Certificate Validation vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Secure Connect Gateway
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2024-49243 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ramjon27 Dynamic Elementor Addons dynamic-elementor-addons allows PHP Local. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure LFI PHP Elementor
NVD VulDB
CVSS 3.1
7.5
EPSS
2.5%
CVE-2024-29821 HIGH This Week

Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Desktop Server Management
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2024-29213 HIGH This Week

Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Desktop Server Management
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2024-4740 HIGH This Week

MXsecurity software versions v1.1.0 and prior are vulnerable because of the use of hard-coded credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Mxsecurity
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-4739 HIGH This Week

The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mxsecurity
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-47487 HIGH This Week

There is a SQL injection vulnerability in some HikCentral Professional versions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Hikcentral Professional
NVD
CVSS 4.0
7.2
EPSS
0.4%
CVE-2024-49224 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mahesh_9696 Mitm Bug Tracker mitm-bug-tracker allows Reflected XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-49239 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nikhilvaghela Add Categories Post Footer add-categories-post-footer allows Reflected XSS.2.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-49238 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emka73 ADIF Log Search Widget adif-log-search-widget allows Reflected XSS.0f. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-49240 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ajberasategui AB Categories Search Widget ab-categories-search-widget allows Reflected XSS.2.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy