Skip to main content
CVE-2024-11622 HIGH This Week

An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Insight Remote Support
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-8237 HIGH This Week

A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-8177 HIGH This Week

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-11828 HIGH This Week

A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-11669 HIGH This Week

An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-11702 HIGH This Week

Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Mozilla Firefox Thunderbird
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-51569 HIGH PATCH This Week

Out-of-bounds Read vulnerability in Apache NimBLE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Apache Information Disclosure Nimble
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-47257 HIGH This Week

Florent Thiéry has found that selected Axis devices were vulnerable to handling certain ethernet frames which could lead to the Axis device becoming unavailable in the network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-36254 HIGH This Week

Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-36251 HIGH This Week

The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2024-10781 HIGH PATCH This Week

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'api_key' value in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE WordPress Spam Protection Antispam Firewall
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2024-10570 HIGH This Week

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-10542 HIGH PATCH This Week

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass RCE WordPress Anti Spam
NVD
CVSS 3.1
7.5
EPSS
15.2%
CVE-2024-8676 HIGH PATCH This Week

A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Checkpoint
NVD
CVSS 3.1
7.4
EPSS
0.8%
CVE-2024-36249 HIGH This Week

Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2024-9461 HIGH This Week

The Total Upkeep - WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress Command Injection Total Upkeep
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50369 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50368 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50367 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50366 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50365 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50364 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50363 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50362 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50361 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-50360 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50359 HIGH This Week

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2024-50358 HIGH This Week

A CWE-15 "External Control of System or Configuration Setting" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Eki 6333Ac 1Gpo Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 2G Firmware
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-9504 HIGH This Week

The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.2.15 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS File Upload
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-49597 HIGH This Week

Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive Authentication Attempts vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Wyse Management Suite
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-11407 MEDIUM PATCH This Month

There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable.

Denial Of Service Grpc
NVD GitHub
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-11708 MEDIUM This Month

Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Mozilla Firefox Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-11706 MEDIUM This Month

A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when handling malformed or improperly formatted input files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Mozilla Firefox Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-50377 MEDIUM This Month

A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<=. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Eki 6333Ac 2G Firmware Eki 6333Ac 2Gd Firmware Eki 6333Ac 1Gpo Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-10857 MEDIUM PATCH This Month

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handle_downloads() function due to insufficient. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress Path Traversal Product Input Fields For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-49596 MEDIUM This Month

Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Denial Of Service Wyse Management Suite
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-38832 MEDIUM This Month

VMware Aria Operations contains a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS VMware Aria Operations Cloud Foundation
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-11192 MEDIUM This Month

The Spotify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spotifyplaybutton shortcode in all versions up to, and including, 2.11 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-11119 MEDIUM This Month

The BNE Gallery Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gallery' shortcode in all versions up to, and including, 1.2.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-11091 MEDIUM This Month

The Support SVG - Upload svg files in wordpress without hassle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-53844 MEDIUM This Month

E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to connect and manage LLM API bots. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Docker
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-47248 MEDIUM PATCH This Month

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Apache Nimble
NVD GitHub
CVSS 3.1
6.3
EPSS
0.7%
CVE-2024-6749 MEDIUM This Month

Seth Fogie, member of the AXIS Camera Station Pro Bug Bounty Program, has found that the Incident report feature may expose sensitive credentials on the AXIS Camera Station windows client. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-11002 MEDIUM PATCH This Month

The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action in all versions up to, and including, 2.1.4.2. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection WordPress RCE Inpost Gallery
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2024-51058 MEDIUM PATCH This Month

Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Path Traversal Information Disclosure Tcpdf
NVD GitHub
CVSS 3.1
6.2
EPSS
0.8%
CVE-2024-10878 MEDIUM PATCH This Month

The Sugar Calendar - Simple Event Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Sugar Calendar
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-11032 MEDIUM This Month

The Parsi Date plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-11202 MEDIUM This Month

Multiple plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the cminds_free_guide shortcode in various versions due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-11418 MEDIUM This Month

The Additional Order Filters for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shipping_method_filter' parameter in all versions up to, and including, 1.21. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-11342 MEDIUM This Month

The Skt NURCaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
6.1
EPSS
0.2%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy