Skip to main content
CVE-2024-50492 HIGH Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson ScottCart scottcart allows Code Injection.1. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 56.8% and no vendor patch available.

Code Injection RCE
NVD VulDB
CVSS 3.1
8.3
EPSS
56.8%
CVE-2024-50450 HIGH Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Code Injection.3.3.4. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 52.5% and no vendor patch available.

Code Injection RCE
NVD VulDB
CVSS 3.1
7.3
EPSS
52.5%
CVE-2024-50488 HIGH Act Now

Authentication Bypass Using an Alternate Path or Channel vulnerability in yespbs Token Login token-login allows Authentication Bypass.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 38.5% and no vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
8.8
EPSS
38.5%
CVE-2024-48594 HIGH POC Act Now

File Upload vulnerability in Prison Management System v.1.0 allows a remote attacker to execute arbitrary code via the file upload component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Prison Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
3.3%
CVE-2024-48177 HIGH POC This Week

MRCMS 3.1.2 contains a SQL injection vulnerability via the RID parameter in /admin/article/delete.do. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mrcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-48826 HIGH POC This Week

Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Tenda Command Injection Ac7 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-48825 HIGH POC This Week

Tenda AC7 v.15.03.06.44 ate_ifconfig_set has pre-authentication command injection allowing remote attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Tenda Command Injection Ac7 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-10434 HIGH POC This Week

A vulnerability was found in Tenda AC1206 up to 20241027. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac1206 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2024-48178 HIGH POC This Week

newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the goodsCoverImg parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Newbee Mall
NVD GitHub
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-48074 HIGH POC This Week

An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor2960 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-10455 HIGH POC This Week

Reachable Assertion in BPv7 parser in µD3TN v0.14.0 allows attacker to disrupt service via malformed Extension Block. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ud3Tn
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-50408 HIGH This Week

Deserialization of Untrusted Data vulnerability in Bob Namaste!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-50416 HIGH This Week

Deserialization of Untrusted Data vulnerability in WPClever WPC Shop as a Customer for WooCommerce wpc-shop-as-customer allows Object Injection.2.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Deserialization
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-44122 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2024-42028 HIGH This Week

A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ubiquiti
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-44270 HIGH This Week

A logic issue was addressed with improved validation. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD VulDB
CVSS 3.1
8.6
EPSS
0.2%
CVE-2024-44256 HIGH This Week

The issue was addressed with improved input sanitization. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2024-50465 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP SEO - Calin Vingan Premium SEO Pack premium-seo-pack allows SQL Injection.6.001. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2024-50497 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wdesco Advanced Online Ordering and Delivery Platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
8.1
EPSS
2.1%
CVE-2024-50457 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Qode Essential Addons qode-essential-addons.6.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
7.5
EPSS
3.1%
CVE-2024-44285 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Use After Free Memory Corruption Information Disclosure Ipados +4
NVD VulDB
CVSS 3.1
7.8
EPSS
1.4%
CVE-2024-50436 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehorse Clean Retina clean-retina.0.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
7.5
EPSS
2.5%
CVE-2024-50435 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehorse Meta News meta-news.1.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
7.5
EPSS
2.5%
CVE-2024-50434 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehorse NewsCard newscard.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
7.5
EPSS
2.5%
CVE-2024-50067 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: uprobe: avoid out-of-bounds memory access of fetching args Uprobe needs to fetch args into a percpu buffer, and then copy to ring. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Linux Buffer Overflow Memory Corruption Red Hat Debian Linux +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-44255 HIGH This Week

A path handling issue was addressed with improved logic. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apple Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-44277 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow Ipados Iphone Os +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-44126 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow Ipados Iphone Os +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-44218 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow Ipados Iphone Os +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-50453 HIGH This Week

Relative Path Traversal vulnerability in webangon The Pack Elementor addons the-pack-addon allows PHP Local File Inclusion.0.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal PHP Elementor
NVD VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-44289 HIGH This Week

A privacy issue was addressed with improved private data redaction for log entries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-44259 HIGH This Week

This issue was addressed through improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +2
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-44228 HIGH This Week

This issue was addressed with improved permissions checking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Xcode
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-44208 HIGH This Week

This issue was addressed through improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-44203 HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-42011 HIGH This Week

The Spotify app 8.9.58 for iOS has a buffer overflow in its use of strcat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-48196 HIGH This Week

An issue in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eyoucms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-45802 HIGH This Week

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Squid
NVD GitHub
CVSS 3.1
7.5
EPSS
45.3%
CVE-2024-50574 HIGH This Week

In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Youtrack
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-10439 HIGH This Week

The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ehrd Ctms
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-10438 HIGH This Week

The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ehrd Ctms
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-44258 HIGH This Week

This issue was addressed with improved handling of symlinks. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os Tvos +1
NVD VulDB
CVSS 3.1
7.1
EPSS
1.7%
CVE-2024-6245 HIGH This Week

Use of Default Credentials vulnerability in Maruti Suzuki SmartPlay on Linux (Infotainment Hub modules) allows attacker to try common or default usernames and passwords.The issue was detected on a. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-9162 HIGH This Week

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to arbitrary PHP Code Injection due to missing file type validation during the export in all versions up to, and including,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection WordPress RCE PHP
NVD GitHub
CVSS 3.1
7.2
EPSS
2.7%
CVE-2024-50448 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons.14.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-50438 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin church-admin allows Reflected XSS.0.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-44252 HIGH This Week

A logic issue was addressed with improved file handling. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os Tvos +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-44159 HIGH This Week

A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-44156 HIGH This Week

A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass macOS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy