Skip to main content
CVE-2024-10629 HIGH Act Now

The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 58.9% and no vendor patch available.

RCE WordPress Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
58.9%
CVE-2024-52295 CRITICAL POC PATCH Act Now

DataEase is an open source data visualization analysis tool. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Dataease
NVD GitHub
CVSS 4.0
9.3
EPSS
0.8%
CVE-2024-50854 HIGH POC This Week

Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow via the formSetPortMapping function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption G3 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-50853 HIGH POC This Week

Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection G3 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-50852 HIGH POC This Week

Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection G3 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-52298 HIGH POC This Week

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mozilla Pdf Viewer Macro
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-52291 HIGH POC PATCH This Week

Craft is a content management system (CMS). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Path Traversal Craft Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-52293 HIGH POC PATCH This Week

Craft is a content management system (CMS). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Path Traversal Craft Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-52292 MEDIUM POC PATCH This Month

Craft is a content management system (CMS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Craft Cms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-10575 CRITICAL PATCH Act Now

the network and potentially impacting connected devices. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Ecostruxure It Gateway
NVD
CVSS 4.0
10.0
EPSS
0.6%
CVE-2024-40404 CRITICAL Act Now

Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the API endpoint where Web Sockets connections are established. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Thinfinity Workspace
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-43091 CRITICAL PATCH Act Now

In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-52306 CRITICAL PATCH Act Now

FileManager provides a Backpack admin interface for files and folder. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Filemanager
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-48510 CRITICAL PATCH Act Now

Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Path Traversal Prodotnetzip Dotnetzip Semverd
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2024-11028 CRITICAL Act Now

The MultiManager WP - Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Multimanager Wp
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-11150 CRITICAL Act Now

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal PHP WordPress User Extra Fields
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-10828 CRITICAL Act Now

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE WordPress PHP Advanced Order Export For Woocommerce
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-10820 CRITICAL Act Now

The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress File Upload Woocommerce Upload Files
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-21541 MEDIUM POC PATCH This Month

Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Dom Iterator
NVD GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2024-11175 MEDIUM POC This Month

A vulnerability was found in Public CMS 5.202406.d and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Publiccms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-49505 MEDIUM POC This Month

A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in openSUSE Tumbleweed MirrorCache allows the execution of arbitrary JS via reflected XSS in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mirrorcache
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-8938 CRITICAL Act Now

cause a potential arbitrary code execution after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in memory size. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE
NVD
CVSS 4.0
9.2
EPSS
0.5%
CVE-2024-39712 CRITICAL Act Now

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ivanti Connect Secure Policy Secure
NVD
CVSS 3.0
9.1
EPSS
1.7%
CVE-2024-39711 CRITICAL Act Now

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ivanti Connect Secure Policy Secure
NVD
CVSS 3.0
9.1
EPSS
1.7%
CVE-2024-39710 CRITICAL Act Now

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ivanti Connect Secure Policy Secure
NVD
CVSS 3.0
9.1
EPSS
1.9%
CVE-2024-38656 CRITICAL Act Now

Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
9.1
EPSS
1.7%
CVE-2024-52300 CRITICAL Act Now

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mozilla Pdf Viewer Macro
NVD GitHub
CVSS 3.1
9.0
EPSS
0.4%
CVE-2024-52554 HIGH PATCH This Week

Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Shared Library Version Override
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-52553 HIGH PATCH This Week

Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Openid Connect Authentication
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-52305 MEDIUM POC PATCH This Month

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Unopim
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-50970 HIGH This Week

A SQL injection vulnerability in orderview1.php of Itsourcecode Online Furniture Shopping Project 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Online Furniture Shopping Project
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-10800 HIGH This Week

The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation User Extra Fields
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-41167 HIGH This Week

Improper input validation in UEFI firmware in some Intel(R) Server Board M10JNP2SB Family may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7). No vendor patch available.

Privilege Escalation Intel M10Jnp2Sb Firmware
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2024-40885 HIGH This Week

Use after free in the UEFI firmware of some Intel(R) Server M20NTP BIOS may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7). No vendor patch available.

Use After Free Memory Corruption Intel Denial Of Service Privilege Escalation
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-39609 HIGH PATCH This Week

Improper Access Control in UEFI firmware for some Intel(R) Server Board M70KLP may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7).

Authentication Bypass Privilege Escalation Intel Server Board M70Klp2Sb Firmware
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-31158 HIGH This Week

Improper input validation in UEFI firmware in some Intel(R) Server Board S2600BP Family may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2024-31154 HIGH This Week

Improper input validation in UEFI firmware for some Intel(R) Server S2600BPBR may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2024-9409 HIGH PATCH This Week

unresponsive resulting in communication loss when a large amount of IGMP packets is present in the network. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Powerlogic Pm5341 Firmware Powerlogic Pm5340 Firmware Powerlogic Pm5320 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.8%
CVE-2024-39368 HIGH This Week

Improper neutralization of special elements used in an SQL command ('SQL Injection') in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation SQLi Intel
NVD
CVSS 4.0
8.6
EPSS
0.3%
CVE-2024-24985 HIGH This Week

Exposure of resource to wrong sphere in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.5). No vendor patch available.

Intel Privilege Escalation Information Disclosure
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-22185 HIGH This Week

Time-of-check Time-of-use Race Condition in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.5). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2024-21820 HIGH This Week

Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via. Rated high severity (CVSS 8.5). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-21850 HIGH This Week

Sensitive information in resource not removed before reuse in some Intel(R) TDX Seamldr module software before version 1.5.02.00 may allow a privileged user to potentially enable escalation of. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
8.3
EPSS
0.2%
CVE-2024-40443 MEDIUM POC This Month

SQL Injection vulnerability in Simple Laboratory Management System using PHP and MySQL v.1.0 allows a remote attacker to cause a denial of service via the delete_users function in the Useres.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Denial Of Service Computer Laboratory Management System
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2024-8937 HIGH This Week

cause a potential arbitrary code execution after a successful Man-In-The Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in the authentication. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE
NVD
CVSS 4.0
8.3
EPSS
0.6%
CVE-2024-8936 HIGH This Week

after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call used to tamper with memory. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.3
EPSS
0.5%
CVE-2024-33617 HIGH This Week

Insufficient control flow management in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Intel Information Disclosure
NVD
CVSS 4.0
8.2
EPSS
0.4%
CVE-2024-31074 HIGH This Week

Observable timing discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Intel Information Disclosure
NVD
CVSS 4.0
8.2
EPSS
0.5%
CVE-2024-28885 HIGH This Week

Observable discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Intel Information Disclosure
NVD
CVSS 4.0
8.2
EPSS
0.4%
CVE-2024-40405 HIGH This Week

Incorrect access control in Cybele Software Thinfinity Workspace before v7.0.3.109 allows attackers to gain access to a secondary broker via a crafted request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Thinfinity Workspace
NVD
CVSS 3.1
8.1
EPSS
0.4%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy