Skip to main content
CVE-2024-49668 CRITICAL Emergency

Remote code execution in the Verbalize WP WordPress plugin (versions through 1.0) allows unauthenticated attackers to upload arbitrary files, including web shells, to the target web server. With a maximum CVSS score of 10.0 and an EPSS probability of 58.95% (98th percentile), this represents a critical, easily exploitable flaw, though no public exploit was identified at time of analysis and the CVE is not currently listed in CISA KEV.

File Upload
NVD VulDB
CVSS 3.1
10.0
EPSS
59.0%
CVE-2024-49653 CRITICAL Emergency

Arbitrary web shell upload in james-eggers Portfolleo WordPress plugin (versions through 1.2) allows authenticated remote attackers to upload dangerous file types and achieve remote code execution on the underlying web server. CVSS 9.9 with scope change indicates the compromise extends beyond the plugin context to the hosting environment. EPSS of 58.97% (98th percentile) signals elevated exploitation probability, though no public exploit was identified and KEV does not list this CVE.

File Upload
NVD VulDB
CVSS 3.1
9.9
EPSS
59.0%
CVE-2024-47575 CRITICAL POC KEV THREAT Emergency

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Fortinet Fortimanager Fortimanager Cloud
NVD
CVSS 3.1
9.8
EPSS
94.8%
CVE-2024-49370 HIGH POC This Week

Pimcore is an open source data and experience management platform. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pimcore
NVD GitHub
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-49652 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Renata Bracichowicz 3D Work In Progress renee-work-in-progress allows Upload a Web Shell to a Web Server.0.3. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD VulDB
CVSS 3.1
9.9
EPSS
0.6%
CVE-2024-49658 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in ecomerciar Woocommerce Custom Profile Picture woo-custom-profile-picture allows Upload a Web Shell to a Web Server.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress
NVD VulDB
CVSS 3.1
9.9
EPSS
0.5%
CVE-2024-47901 CRITICAL Act Now

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Intermesh 7177 Hybrid 2 0 Subscriber Intermesh 7707 Fire Subscriber Firmware
NVD
CVSS 4.0
10.0
EPSS
1.2%
CVE-2024-49671 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Dogu Pekgoz AI Image Generator for Your Content & Featured Images - AI Postpix ai-postpix allows Upload a Web Shell to a Web. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.5%
CVE-2024-49669 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Alexander De Ridder INK Official ink-official allows Upload a Web Shell to a Web Server.1.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD VulDB
CVSS 3.1
9.9
EPSS
0.5%
CVE-2024-20424 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Secure Firewall Management Center
NVD
CVSS 3.1
9.9
EPSS
0.9%
CVE-2024-50383 MEDIUM POC PATCH This Month

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 (used in Chacha-Poly1305 and x25519). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Botan
NVD GitHub
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-50382 MEDIUM POC PATCH This Month

Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Botan
NVD GitHub
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-20329 CRITICAL Act Now

A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as root. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD
CVSS 3.1
9.9
EPSS
1.2%
CVE-2024-43924 CRITICAL Act Now

Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.4.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Responsive Lightbox
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-9947 CRITICAL Act Now

The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Profilepress
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-10279 MEDIUM POC This Month

A vulnerability was found in ESAFENET CDG 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-10278 MEDIUM POC This Month

A vulnerability was found in ESAFENET CDG 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-10277 MEDIUM POC This Month

A vulnerability was found in ESAFENET CDG 5 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-10276 MEDIUM POC This Month

A vulnerability has been found in Telestream Sentry 6.0.9 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sentry
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-49675 HIGH This Week

Authentication Bypass Using an Alternate Path or Channel vulnerability in Vitalii iBryl Switch User ibryl-switch-user allows Authentication Bypass.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-40431 HIGH This Week

A lack of input validation in Realtek SD card reader driver before 10.0.26100.21374 through the implementation of the IOCTL_SCSI_PASS_THROUGH control of the SD card reader driver allows an attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-10283 HIGH This Week

A vulnerability, which was classified as critical, has been found in Tenda RX9 and RX9 Pro 22.03.02.20. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Rx9 Pro Firmware
NVD VulDB
CVSS 4.0
8.7
EPSS
0.8%
CVE-2024-10282 HIGH This Week

A vulnerability classified as critical was found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Rx9 Pro Firmware
NVD VulDB
CVSS 4.0
8.7
EPSS
1.1%
CVE-2024-10281 HIGH This Week

A vulnerability classified as critical has been found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Rx9 Pro Firmware
NVD VulDB
CVSS 4.0
8.7
EPSS
0.9%
CVE-2024-20495 HIGH This Week

A vulnerability in the Remote Access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-20494 HIGH This Week

A vulnerability in the TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-20426 HIGH This Week

A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol for VPN termination of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Cisco Denial Of Service Microsoft Adaptive Security Appliance Software +1
NVD
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-20402 HIGH This Week

A vulnerability in the SSL VPN feature for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-20342 HIGH This Week

Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured rate. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Snort Firepower Threat Defense Software
NVD
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-20260 HIGH This Week

A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco Secure Firewall Threat Defense Virtual (FTDv), formerly Cisco Firepower Threat. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service
NVD
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-47904 HIGH This Week

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intermesh 7177 Hybrid 2 0 Subscriber Intermesh 7707 Fire Subscriber Firmware
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-20412 HIGH This Week

A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower Threat Defense
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-49690 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Qi Blocks qi-blocks.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
7.5
EPSS
2.6%
CVE-2024-49701 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehorse Mags mags.1.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-49657 HIGH This Week

Missing Authorization vulnerability in Renata Bracichowicz 3D Work In Progress renee-work-in-progress allows Exploiting Incorrectly Configured Access Control Security Levels.0.3. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
7.7
EPSS
0.2%
CVE-2024-20408 HIGH This Week

A vulnerability in the Dynamic Access Policies (DAP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
7.7
EPSS
0.4%
CVE-2024-20268 HIGH This Week

A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
7.7
EPSS
0.6%
CVE-2024-48964 HIGH PATCH This Week

The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Snyk Cli
NVD GitHub
CVSS 4.0
7.5
EPSS
0.4%
CVE-2024-48963 HIGH PATCH This Week

The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection Snyk Cli
NVD GitHub
CVSS 4.0
7.5
EPSS
0.4%
CVE-2024-20351 HIGH This Week

A vulnerability in the TCP/IP traffic handling function of the Snort Detection Engine of Cisco Firepower Threat Defense (FTD) Software and Cisco FirePOWER Services could allow an unauthenticated,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Firepower Threat Defense Software
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-20339 HIGH This Week

A vulnerability in the TLS processing feature of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Cisco Denial Of Service Firepower Threat Defense Software
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-20330 HIGH This Week

A vulnerability in the Snort 2 and Snort 3 TCP and UDP detection engine of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-49684 HIGH This Week

Deserialization of Untrusted Data vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Object Injection.22.21. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-20374 HIGH This Week

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Secure Firewall Management Center
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-9927 HIGH This Week

The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation Woocommerce Order Proposal
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-10280 HIGH This Week

A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Tenda Denial Of Service Ac15 Firmware Ac7 Firmware +8
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.8%
CVE-2024-50066 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix move_normal_pmd/retract_page_tables race In mremap(), move_page_tables() looks at the type of the PMD entry and the. Rated high severity (CVSS 7.0).

Privilege Escalation Race Condition Linux Linux Kernel
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2024-47903 MEDIUM This Month

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Intermesh 7177 Hybrid 2 0 Subscriber Intermesh 7707 Fire Subscriber Firmware
NVD
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-47902 MEDIUM This Month

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Intermesh 7177 Hybrid 2 0 Subscriber Intermesh 7707 Fire Subscriber Firmware
NVD
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-10290 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in ZZCMS 2023. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Zzcms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy