Skip to main content
CVE-2024-53677 CRITICAL PATCH Act Now

File upload logic in Apache Struts is flawed. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Atlassian RCE Apache File Upload Struts
NVD
CVSS 4.0
9.5
EPSS
78.2%
CVE-2024-11737 CRITICAL Act Now

confidentiality, integrity of the controller when an unauthenticated crafted Modbus packet is sent to the device. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-28139 HIGH This Week

The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-53290 HIGH This Week

Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Dell Thinos
NVD
CVSS 3.1
8.4
EPSS
0.8%
CVE-2024-9845 HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Automation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-8496 HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Workspace Control
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-11598 HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Application Control
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-11597 HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Performance Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-10251 HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Security Controls
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-47758 HIGH This Week

GLPI is a free asset and IT management software package. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Glpi
NVD GitHub
CVSS 4.0
7.6
EPSS
0.4%
CVE-2024-47761 HIGH This Week

GLPI is a free asset and IT management software package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Glpi
NVD GitHub
CVSS 4.0
7.5
EPSS
0.5%
CVE-2024-47760 HIGH This Week

GLPI is a free asset and IT management software package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Glpi
NVD GitHub
CVSS 4.0
7.5
EPSS
0.5%
CVE-2024-48912 HIGH This Week

GLPI is a free asset and IT management software package. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Glpi
NVD GitHub
CVSS 4.0
7.2
EPSS
0.4%
CVE-2024-11840 HIGH This Week

The RapidLoad - Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the uucss_data,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi WordPress
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-12363 HIGH This Week

Insufficient permissions in the TeamViewer Patch & Asset Management component prior to version 24.12 on Windows allows a local authenticated user to delete arbitrary files. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-53289 HIGH This Week

Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Dell Thinos
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2024-53292 MEDIUM This Month

Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Vxrail Hyperconverged Infrastructure
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-52537 MEDIUM This Month

Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Dock Hd22Q Firmware Update Utility Dock Wd19 Firmware Update Utility Dock Wd22Tb4 Firmware Update Utility
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-28141 MEDIUM This Month

The web application is not protected against cross-site request forgery attacks. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-10511 MEDIUM This Month

when someone on the local network repeatedly requests the /accessdenied URL. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
6.3
EPSS
1.0%
CVE-2024-28140 MEDIUM This Month

The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-12325 MEDIUM This Month

The Waymark plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 1.4.1 due to insufficient input sanitization and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-12283 MEDIUM PATCH This Month

The WP Pipes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘x1’ parameter in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wp Pipes
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-12004 MEDIUM This Month

The WPC Order Notes for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-11351 MEDIUM This Month

The Restrict - membership, site, content and user access restrictions for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-12294 MEDIUM This Month

The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the 'get_legacy_cookies' function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-11008 MEDIUM This Month

The Members - Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-11401 MEDIUM This Month

Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-50585 MEDIUM This Month

Users who click on a malicious link or visit a website under the control of an attacker can be infected with arbitrary JavaScript which is running in the context of the "Numerix License Server. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-35117 MEDIUM This Month

IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Openpages With Watson
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-54269 MEDIUM This Month

Missing Authorization vulnerability in Ninja Team Notibar notibar allows Exploiting Incorrectly Configured Access Control Security Levels.1.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-51460 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy