Skip to main content
CVE-2024-10629 HIGH Act Now

The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 58.9% and no vendor patch available.

RCE WordPress Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
58.9%
CVE-2024-50854 HIGH POC This Week

Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow via the formSetPortMapping function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption G3 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-50853 HIGH POC This Week

Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection G3 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-50852 HIGH POC This Week

Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection G3 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-52298 HIGH POC This Week

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mozilla Pdf Viewer Macro
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-52291 HIGH POC PATCH This Week

Craft is a content management system (CMS). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Path Traversal Craft Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-52293 HIGH POC PATCH This Week

Craft is a content management system (CMS). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Path Traversal Craft Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-52554 HIGH PATCH This Week

Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Shared Library Version Override
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-52553 HIGH PATCH This Week

Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Openid Connect Authentication
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-50970 HIGH This Week

A SQL injection vulnerability in orderview1.php of Itsourcecode Online Furniture Shopping Project 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Online Furniture Shopping Project
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-10800 HIGH This Week

The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation User Extra Fields
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-41167 HIGH This Week

Improper input validation in UEFI firmware in some Intel(R) Server Board M10JNP2SB Family may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7). No vendor patch available.

Privilege Escalation Intel M10Jnp2Sb Firmware
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2024-40885 HIGH This Week

Use after free in the UEFI firmware of some Intel(R) Server M20NTP BIOS may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7). No vendor patch available.

Use After Free Memory Corruption Intel Denial Of Service Privilege Escalation
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-39609 HIGH PATCH This Week

Improper Access Control in UEFI firmware for some Intel(R) Server Board M70KLP may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7).

Authentication Bypass Privilege Escalation Intel Server Board M70Klp2Sb Firmware
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-31158 HIGH This Week

Improper input validation in UEFI firmware in some Intel(R) Server Board S2600BP Family may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2024-31154 HIGH This Week

Improper input validation in UEFI firmware for some Intel(R) Server S2600BPBR may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2024-9409 HIGH PATCH This Week

unresponsive resulting in communication loss when a large amount of IGMP packets is present in the network. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Powerlogic Pm5341 Firmware Powerlogic Pm5340 Firmware Powerlogic Pm5320 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.8%
CVE-2024-39368 HIGH This Week

Improper neutralization of special elements used in an SQL command ('SQL Injection') in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation SQLi Intel
NVD
CVSS 4.0
8.6
EPSS
0.3%
CVE-2024-24985 HIGH This Week

Exposure of resource to wrong sphere in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.5). No vendor patch available.

Intel Privilege Escalation Information Disclosure
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-22185 HIGH This Week

Time-of-check Time-of-use Race Condition in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.5). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2024-21820 HIGH This Week

Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via. Rated high severity (CVSS 8.5). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-21850 HIGH This Week

Sensitive information in resource not removed before reuse in some Intel(R) TDX Seamldr module software before version 1.5.02.00 may allow a privileged user to potentially enable escalation of. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
8.3
EPSS
0.2%
CVE-2024-8937 HIGH This Week

cause a potential arbitrary code execution after a successful Man-In-The Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in the authentication. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE
NVD
CVSS 4.0
8.3
EPSS
0.6%
CVE-2024-8936 HIGH This Week

after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call used to tamper with memory. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.3
EPSS
0.5%
CVE-2024-33617 HIGH This Week

Insufficient control flow management in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Intel Information Disclosure
NVD
CVSS 4.0
8.2
EPSS
0.4%
CVE-2024-31074 HIGH This Week

Observable timing discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Intel Information Disclosure
NVD
CVSS 4.0
8.2
EPSS
0.5%
CVE-2024-28885 HIGH This Week

Observable discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Intel Information Disclosure
NVD
CVSS 4.0
8.2
EPSS
0.4%
CVE-2024-40405 HIGH This Week

Incorrect access control in Cybele Software Thinfinity Workspace before v7.0.3.109 allows attackers to gain access to a secondary broker via a crafted request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Thinfinity Workspace
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-52552 HIGH PATCH This Week

Jenkins Authorize Project Plugin 1.7.2 and earlier evaluates a string containing the job name with JavaScript on the Authorization view, resulting in a stored cross-site scripting (XSS) vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Authorize Project
NVD
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-52551 HIGH PATCH This Week

Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Pipeline
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2024-52550 HIGH PATCH This Week

Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Pipeline
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2024-9413 HIGH This Week

The transport_message_handler function in SCP-Firmware release versions 2.11.0-2.15.0 does not properly handle errors, potentially allowing an Application Processor (AP) to cause a buffer overflow in. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Scp Firmware
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2024-43089 HIGH PATCH This Week

In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Java Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-43088 HIGH PATCH This Week

In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the device due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-43087 HIGH PATCH This Week

In getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to hide an enabled accessibility service in the accessibility service settings due to a logic error in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-43085 HIGH PATCH This Week

In handleMessage of UsbDeviceManager.java, there is a possible method to access device contents over USB without unlocking the device due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-43081 HIGH PATCH This Week

In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-43080 HIGH PATCH This Week

In onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40671 HIGH This Week

In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible way to achieve arbitrary code execution due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass RCE Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40661 HIGH PATCH This Week

In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40660 HIGH PATCH This Week

In setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display attributes due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34747 HIGH This Week

In DevmemXIntMapPages of devicemem_server.c, there is a possible use-after-free due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Use After Free Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34729 HIGH This Week

In multiple locations, there is a possible arbitrary code execution due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34719 HIGH PATCH This Week

In multiple locations, there is a possible permissions bypass due to a missing null check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Privilege Escalation Null Pointer Dereference Denial Of Service Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-31337 HIGH This Week

In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23715 HIGH This Week

In PMRWritePMPageList of pmr.c, there is a possible out of bounds write due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-10013 HIGH This Week

In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Telerik Ui For Winforms
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-10012 HIGH This Week

In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack is possible through an insecure deserialization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Ui For Wpf
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-47574 HIGH This Week

A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass RCE Fortinet Forticlient
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-39709 HIGH This Week

Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
7.8
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy