Skip to main content
CVE-2024-48325 HIGH POC This Week

Portabilis i-Educar 2.8.0 is vulnerable to SQL Injection in the "getDocuments" function of the "InstituicaoDocumentacaoController" class. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi I Educar
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2024-50340 HIGH POC PATCH THREAT This Week

symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure
NVD GitHub
CVSS 3.1
7.3
EPSS
63.4%
CVE-2024-20536 HIGH This Week

A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with read-only privileges to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cisco Nexus Dashboard Fabric Controller
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-10826 HIGH This Week

Use after free in Family Experiences in Google Chrome on Android prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-8614 HIGH This Week

The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_wp_handle_upload() function in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload Jobsearch Wp Job Board
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-9946 HIGH PATCH This Week

The Social Share, Social Login and Social Comments Plugin - Super Socializer plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.13.68. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass WordPress Super Socializer
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-10020 HIGH PATCH This Week

The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass WordPress Social Login
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-34678 HIGH This Week

Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20484 HIGH This Week

A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Enterprise Chat And Email
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-6861 HIGH This Week

A disclosure of sensitive information flaw was found in foreman via the GraphQL API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-10028 HIGH PATCH This Week

The Everest Backup - WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Information Disclosure Everest Backup
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-34676 HIGH This Week

Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-20528 HIGH This Week

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Cisco Identity Services Engine
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-49401 HIGH This Week

Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-34679 HIGH This Week

Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy