Skip to main content
CVE-2024-51248 HIGH POC This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-51247 HIGH POC This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-51245 HIGH POC This Week

In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-51244 HIGH POC This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-10662 HIGH POC This Week

A vulnerability was found in Tenda AC15 15.03.05.19 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac15 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2024-10661 HIGH POC This Week

A vulnerability has been found in Tenda AC15 15.03.05.19 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac15 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.1%
CVE-2024-49770 HIGH POC This Week

`oak` is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Path Traversal
NVD GitHub
CVSS 4.0
7.7
EPSS
0.7%
CVE-2024-22733 HIGH POC This Week

TP Link MR200 V4 Firmware version 210201 was discovered to contain a null-pointer-dereference in the web administration panel on /cgi/login via the sign, Action or LoginStatus query parameters which. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Mr200 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-48270 HIGH POC This Week

An issue in the component /logins of oasys v1.1 allows attackers to access sensitive information via a burst attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Oasys
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-27524 HIGH POC PATCH This Week

Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the new_ticket.php component. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Chamilo Lms
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%
CVE-2024-0105 HIGH This Week

NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. Rated high severity (CVSS 8.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nvidia Denial Of Service
NVD
CVSS 3.1
8.9
EPSS
0.3%
CVE-2024-51492 HIGH This Week

Zusam is a free and open-source way to self-host private forums. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-48217 HIGH This Week

An Insecure Direct Object Reference (IDOR) in the dashboard of SiSMART v7.4.0 allows attackers to execute a horizontal-privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-41744 HIGH This Week

IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Cics Tx
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-43982 HIGH This Week

Missing Authorization vulnerability in Geek Code Lab Login As Users allows Exploiting Incorrectly Configured Access Control Security Levels.4.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Login As Users
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-43981 HIGH This Week

Missing Authorization vulnerability in AyeCode - WP Business Directory Plugins GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels.3.70. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Geodirectory
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-43968 HIGH This Week

Broken Access Control vulnerability in Automattic Newspack allows Exploiting Incorrectly Configured Access Control Security Levels.8.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Newspack
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-43962 HIGH This Week

Missing Authorization vulnerability in LWS LWS Affiliation allows Exploiting Incorrectly Configured Access Control Security Levels.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Affiliation
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-43928 HIGH This Week

Missing Authorization vulnerability in eyecix JobSearch allows Exploiting Incorrectly Configured Access Control Security Levels.5.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jobsearch Wp Job Board
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-43925 HIGH This Week

Missing Authorization vulnerability in Envira Gallery Team Envira Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.8.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Envira Gallery
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-43355 HIGH This Week

Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Joomsport
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-43343 HIGH This Week

Missing Authorization vulnerability in Etoile Web Design Order Tracking allows Accessing Functionality Not Properly Constrained by ACLs.3.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Order Tracking
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-43332 HIGH This Week

Missing Authorization vulnerability in Jordy Meow Photo Engine allows Exploiting Incorrectly Configured Access Control Security Levels.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Photo Engine
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-43314 HIGH This Week

Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster allows Exploiting Incorrectly Configured Access Control Security Levels.3.9.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Asset Cleanup
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-43312 HIGH This Week

Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.1.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wpc Frequently Bought Together For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-43310 HIGH This Week

Missing Authorization vulnerability in UkrSolution Print Barcode Labels for your WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.4.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Print Labels With Barcodes
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-43302 HIGH This Week

Missing Authorization vulnerability in Fonts Plugin Fonts allows Exploiting Incorrectly Configured Access Control Security Levels.7.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fonts
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-43298 HIGH This Week

Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.4.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Clone
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-43297 HIGH This Week

Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.4.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Clone
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-43296 HIGH This Week

Missing Authorization vulnerability in bPlugins LLC Flash & HTML5 Video allows Exploiting Incorrectly Configured Access Control Security Levels.5.30. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Html5 Video Player
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-43293 HIGH This Week

Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.3.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Recipe Card Blocks For Gutenberg Elementor
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-43223 HIGH This Week

Missing Authorization vulnerability in EventPrime Events EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.0.3.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Eventprime
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-43162 HIGH This Week

Missing Authorization vulnerability in Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.2.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Easy Digital Downloads
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-43142 HIGH This Week

Missing Authorization vulnerability in Themeum Tutor LMS allows Exploiting Incorrectly Configured Access Control Security Levels.7.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Tutor Lms
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-39635 HIGH This Week

Missing Authorization vulnerability in KaineLabs Youzify allows Exploiting Incorrectly Configured Access Control Security Levels.2.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Youzify
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-38707 HIGH This Week

Missing Authorization vulnerability in WPDeveloper EmbedPress allows Exploiting Incorrectly Configured Access Control Security Levels.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Embedpress
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-37517 HIGH This Week

Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.13.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Spectra
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-37453 HIGH This Week

Missing Authorization vulnerability in ProfileGrid User Profiles ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels.8.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Profilegrid
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-37232 HIGH This Week

Missing Authorization vulnerability in Hercules Design Hercules Core allows Exploiting Incorrectly Configured Access Control Security Levels.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-0106 HIGH This Week

NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nvidia Denial Of Service
NVD
CVSS 3.1
8.7
EPSS
0.2%
CVE-2024-37423 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic Newspack Blocks allows Path Traversal.0.8. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2024-38744 HIGH This Week

Missing Authorization vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass XSS
NVD
CVSS 3.1
8.3
EPSS
0.3%
CVE-2024-37106 HIGH This Week

Missing Authorization vulnerability in WishList Products WishList Member X allows Exploiting Incorrectly Configured Access Control Security Levels.26.6. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-9191 HIGH This Week

The Okta Device Access features, provided by the Okta Verify agent for Windows, provides access to the OktaDeviceAccessPipe, which enables attackers in a compromised device to retrieve passwords. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Verify
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-43158 HIGH This Week

Missing Authorization vulnerability in masteriyo Masteriyo - LMS learning-management-system.11.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-37108 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WishList Products WishList Member X allows Path Traversal.26.6. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.7
EPSS
0.6%
CVE-2024-47939 HIGH This Week

Stack-based buffer overflow vulnerability exists in multiple laser printers and MFPs which implement Ricoh Web Image Monitor. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow RCE
NVD
CVSS 3.0
7.7
EPSS
0.7%
CVE-2024-48352 HIGH This Week

Yealink Meeting Server before V26.0.0.67 is vulnerable to sensitive data exposure in the server response via sending HTTP request with enterprise ID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Yealink Meeting Server
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-48353 HIGH This Week

Yealink Meeting Server before V26.0.0.67 allows attackers to obtain static key information from a front-end JS file and decrypt the plaintext passwords based on the obtained key information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Yealink Meeting Server
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-40490 HIGH This Week

An issue in Sourcebans++ before v.1.8.0 allows a remote attacker to obtain sensitive information via a crafted XAJAX call to the Forgot Password function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy