Skip to main content
CVE-2024-49668 CRITICAL Emergency

Remote code execution in the Verbalize WP WordPress plugin (versions through 1.0) allows unauthenticated attackers to upload arbitrary files, including web shells, to the target web server. With a maximum CVSS score of 10.0 and an EPSS probability of 58.95% (98th percentile), this represents a critical, easily exploitable flaw, though no public exploit was identified at time of analysis and the CVE is not currently listed in CISA KEV.

File Upload
NVD VulDB
CVSS 3.1
10.0
EPSS
59.0%
CVE-2024-49653 CRITICAL Emergency

Arbitrary web shell upload in james-eggers Portfolleo WordPress plugin (versions through 1.2) allows authenticated remote attackers to upload dangerous file types and achieve remote code execution on the underlying web server. CVSS 9.9 with scope change indicates the compromise extends beyond the plugin context to the hosting environment. EPSS of 58.97% (98th percentile) signals elevated exploitation probability, though no public exploit was identified and KEV does not list this CVE.

File Upload
NVD VulDB
CVSS 3.1
9.9
EPSS
59.0%
CVE-2024-47575 CRITICAL POC KEV THREAT Emergency

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Fortinet Fortimanager Fortimanager Cloud
NVD
CVSS 3.1
9.8
EPSS
94.8%
CVE-2024-49652 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Renata Bracichowicz 3D Work In Progress renee-work-in-progress allows Upload a Web Shell to a Web Server.0.3. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD VulDB
CVSS 3.1
9.9
EPSS
0.6%
CVE-2024-49658 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in ecomerciar Woocommerce Custom Profile Picture woo-custom-profile-picture allows Upload a Web Shell to a Web Server.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress
NVD VulDB
CVSS 3.1
9.9
EPSS
0.5%
CVE-2024-47901 CRITICAL Act Now

A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Intermesh 7177 Hybrid 2 0 Subscriber Intermesh 7707 Fire Subscriber Firmware
NVD
CVSS 4.0
10.0
EPSS
1.2%
CVE-2024-49671 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Dogu Pekgoz AI Image Generator for Your Content & Featured Images - AI Postpix ai-postpix allows Upload a Web Shell to a Web. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.5%
CVE-2024-49669 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Alexander De Ridder INK Official ink-official allows Upload a Web Shell to a Web Server.1.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD VulDB
CVSS 3.1
9.9
EPSS
0.5%
CVE-2024-20424 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Secure Firewall Management Center
NVD
CVSS 3.1
9.9
EPSS
0.9%
CVE-2024-20329 CRITICAL Act Now

A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as root. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD
CVSS 3.1
9.9
EPSS
1.2%
CVE-2024-43924 CRITICAL Act Now

Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.4.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Responsive Lightbox
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-9947 CRITICAL Act Now

The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Profilepress
NVD
CVSS 3.1
9.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy