Skip to main content
CVE-2024-52475 CRITICAL Act Now

Authentication bypass in the Wawp automation-web-platform plugin (versions up to and including 3.0.18) allows remote unauthenticated attackers to circumvent authentication via an alternate path or channel and gain unauthorized access to protected functionality. With a CVSS of 9.8 and an EPSS of 23.59% (96th percentile), the flaw poses elevated exploitation interest, though no public exploit identified at time of analysis. The vulnerability is not currently listed in CISA KEV.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
23.6%
CVE-2024-11960 HIGH POC This Week

A vulnerability was found in D-Link DIR-605L 2.13B01. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 605l Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.7%
CVE-2024-11959 HIGH POC This Week

A vulnerability was found in D-Link DIR-605L 2.13B01. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 605l Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.7%
CVE-2024-11970 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Concert Ticket Ordering System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Concert Ticket Ordering System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-11967 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Complaint Management system 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complaint Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-11966 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Complaint Management system 1.0 and classified as critical.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complaint Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-11965 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Complaint Management system 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complaint Management System
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-11964 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management system 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complaint Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-11962 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Simple Car Rental System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Car Rental System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-11961 MEDIUM POC This Month

A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms 3.7. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Jeewms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-52490 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in pathomation Pathomation pathomation allows Upload a Web Shell to a Web Server.5.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.4%
CVE-2024-8672 CRITICAL Act Now

The Widget Options - The #1 WordPress Widget & Block Control Plugin plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.0.7 via the display logic. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection WordPress RCE
NVD
CVSS 3.1
9.9
EPSS
43.8%
CVE-2024-11082 CRITICAL Act Now

The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hypeanimations_panel() function in all versions up to, and. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload
NVD GitHub
CVSS 3.1
9.9
EPSS
1.2%
CVE-2024-52338 CRITICAL PATCH Act Now

Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Deserialization RCE Apache Python Arrow
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2024-11103 CRITICAL PATCH Act Now

The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation WordPress Contest Gallery
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-11925 CRITICAL Act Now

The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-10896 MEDIUM POC This Month

The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Command Injection Logo Slider
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-10493 MEDIUM POC This Month

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its block options. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Element Pack
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-10473 MEDIUM POC This Month

The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Logo Slider
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-52474 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Сервис “Экспресс Платежи” Express Payments Module express-pay allows Blind SQL. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.1%
CVE-2024-11971 MEDIUM POC This Month

A vulnerability classified as problematic was found in Guizhou Xiaoma Technology jpress 5.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jpress
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-11968 MEDIUM POC This Month

A vulnerability was found in code-projects Farmacia up to 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Farmacia
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-11963 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Responsive Hotel Site 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Responsive Hotel Site
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-11969 HIGH This Week

The NetCloud Exchange client for Windows, version 1.110.50, contains an insecure file and folder permissions vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Microsoft
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-8066 HIGH PATCH This Week

The File Manager Pro - Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress File Upload Filester
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-36466 HIGH This Week

A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zabbix
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-10510 MEDIUM POC This Month

The adBuddy+ (AdBlocker Detection) by NetfunkDesign WordPress plugin through 1.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Adbuddy Adblocker Detection
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-52495 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology Distance Based Shipping Calculator distance-based-shipping-calculator allows. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2024-9852 HIGH This Week

Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-8299 HIGH This Week

Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Hyper. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-38658 HIGH This Week

There is an Out-of-bounds read vulnerability in V-Server (v4.0.19.0 and earlier) and V-Server Lite (v4.0.19.0 and earlier). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-38389 HIGH This Week

There is an Out-of-bounds read vulnerability in TELLUS (v4.0.19.0 and earlier) and TELLUS Lite (v4.0.19.0 and earlier). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-38309 HIGH This Week

There are multiple stack-based buffer overflow vulnerabilities in V-SFT (v6.2.2.0 and earlier), TELLUS (v4.0.19.0 and earlier), and TELLUS Lite (v4.0.19.0 and earlier). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-11933 HIGH This Week

Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Monitouch V Sft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-11803 HIGH This Week

Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Tellus Lite V Simulator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-11802 HIGH This Week

Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Tellus Lite V Simulator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-11801 HIGH This Week

Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Tellus Lite V Simulator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-11800 HIGH This Week

Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Tellus Lite V Simulator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-11799 HIGH This Week

Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Tellus Lite V Simulator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-11798 HIGH This Week

Fuji Electric Monitouch V-SFT X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Monitouch V Sft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-11797 HIGH This Week

Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Monitouch V Sft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-11796 HIGH This Week

Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Monitouch V Sft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-11795 HIGH This Week

Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Monitouch V Sft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-11794 HIGH This Week

Fuji Electric Monitouch V-SFT V10 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Monitouch V Sft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-11793 HIGH This Week

Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Monitouch V Sft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-11792 HIGH This Week

Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Monitouch V Sft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-11791 HIGH This Week

Fuji Electric Monitouch V-SFT V8C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Monitouch V Sft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-11790 HIGH This Week

Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Monitouch V Sft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-11789 HIGH This Week

Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Monitouch V Sft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-11787 HIGH This Week

Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Monitouch V Sft
NVD
CVSS 3.1
7.8
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy