Skip to main content
CVE-2024-54330 HIGH POC THREAT Act Now

Server-Side Request Forgery (SSRF) vulnerability in hurraki Hurrakify hurrakify allows Server Side Request Forgery.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 63.1%.

SSRF
NVD
CVSS 3.1
7.2
EPSS
63.1%
Threat
4.8
CVE-2024-54262 CRITICAL Emergency

Arbitrary file upload in the Import Export For WooCommerce WordPress plugin (versions through 1.6.2) by sidngr allows authenticated low-privileged users to upload web shells, leading to full server compromise with a CVSS of 9.9 and changed scope. EPSS places this in the 98th percentile (~48% exploitation probability), indicating significant attacker interest, though no public exploit identified at time of analysis. CISA KEV does not list this CVE.

File Upload WordPress
NVD
CVSS 3.1
9.9
EPSS
48.4%
CVE-2024-55956 CRITICAL POC KEV THREAT Emergency

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Harmony Lexicom Vltrader
NVD
CVSS 3.1
9.8
EPSS
93.8%
CVE-2024-10783 HIGH POC THREAT Act Now

The MainWP Child - Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 23.2%.

Authentication Bypass Privilege Escalation WordPress
NVD
CVSS 3.1
8.1
EPSS
23.2%
CVE-2024-55889 HIGH POC PATCH This Week

phpMyFAQ is an open source FAQ web application. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Phpmyfaq
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
2.2%
CVE-2024-54239 CRITICAL Act Now

Privilege escalation in the dugudlabs Eyewear Prescription Form WordPress plugin (versions up to and including 4.0.18) allows remote unauthenticated attackers to perform unauthorized actions by exploiting missing authorization checks. The CVSS 9.8 score with network attack vector and no privileges required indicates trivial exploitation against any WordPress site running this plugin, and the EPSS score of 3.05% (87th percentile) suggests elevated exploitation probability though no public exploit identified at time of analysis.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2024-54261 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK Digital Agency LLC TAX SERVICE Electronic HDM virtual-hdm-for-taxservice-am allows SQL. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
10.0
EPSS
0.5%
CVE-2024-54292 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in appsplate Appsplate appsplate allows SQL Injection.1.3. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
3.9%
CVE-2024-21577 CRITICAL Act Now

ComfyUI-Ace-Nodes is vulnerable to Code Injection. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 4.0
10.0
EPSS
0.6%
CVE-2024-21576 CRITICAL Act Now

ComfyUI-Bmad-Nodes is vulnerable to Code Injection. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 4.0
10.0
EPSS
0.5%
CVE-2024-54273 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in PickPlugins Mail Picker mail-picker allows Object Injection.0.14. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-54293 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite ce21-suite allows Privilege Escalation.2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-54296 CRITICAL Act Now

Authentication Bypass Using an Alternate Path or Channel vulnerability in Codexpert, Inc CoSchool LMS coschool allows Authentication Bypass.4.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-54295 CRITICAL Act Now

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder ListApp Mobile Manager listapp-mobile-manager allows Authentication Bypass.7.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-54297 CRITICAL Act Now

Authentication Bypass Using an Alternate Path or Channel vulnerability in extremeidea vBSSO-lite vbsso-lite allows Authentication Bypass.4.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-54294 CRITICAL Act Now

Authentication Bypass Using an Alternate Path or Channel vulnerability in Appgenix Infotech Firebase OTP Authentication authentication-via-otp-using-firebase allows Authentication Bypass.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-28980 CRITICAL Act Now

Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Recoverpoint For Virtual Machines
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-48007 CRITICAL Act Now

Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Recoverpoint For Virtual Machines
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-38488 CRITICAL Act Now

Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Recoverpoint For Virtual Machines
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-9290 CRITICAL Act Now

The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress File Upload
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2024-12603 CRITICAL Act Now

A logic vulnerability in the the mobile application (com.transsion.applock) can lead to bypassing the application password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-54139 CRITICAL Act Now

Combodo iTop is an open source and web-based IT service management platform. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Itop
NVD GitHub
CVSS 3.1
9.6
EPSS
0.2%
CVE-2024-11986 CRITICAL Act Now

Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2024-10678 MEDIUM POC This Month

The Ultimate Blocks WordPress plugin before 3.2.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ultimate Blocks
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-54234 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wp-buy Limit Login Attempts wp-limit-failed-login-attempts allows SQL Injection.5. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.4%
CVE-2022-46838 CRITICAL Act Now

Missing Authorization vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.7.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-52057 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTI Connext Professional (Queuing Service) allows SQL Injection.0.0 before 7.3.0, from 6.1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Connext Professional
NVD
CVSS 4.0
9.1
EPSS
0.4%
CVE-2023-33996 HIGH This Week

Missing Authorization vulnerability in CleanTalk Inc Spam protection, AntiSpam, FireWall by CleanTalk cleantalk-spam-protect allows Exploiting Incorrectly Configured Access Control Security Levels.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-11834 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrary file writes.61.3 before 2.8.1. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Plextrac
NVD
CVSS 4.0
8.9
EPSS
0.5%
CVE-2024-11833 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrary file writes.61.3 before 2.8.1. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Plextrac
NVD
CVSS 4.0
8.9
EPSS
0.5%
CVE-2024-54248 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in eewee eewee admin custom eewee-admincustom allows Privilege Escalation.8.2.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-54336 HIGH This Week

Authentication Bypass Using an Alternate Path or Channel vulnerability in Projectopia Projectopia projectopia-core allows Authentication Bypass.1.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-22461 HIGH This Week

Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Command Injection Dell Recoverpoint For Virtual Machines
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-12581 MEDIUM POC This Month

The Gutenberg Blocks with AI by Kadence WP - Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.53. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gutenberg Blocks With Ai
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-10939 MEDIUM POC This Month

The Image Widget WordPress plugin before 4.4.11 does not sanitise and escape some of its Image Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Image Widget
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-55946 HIGH This Week

Playloom Engine is an open-source, high-performance game development engine. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-55661 HIGH POC PATCH THREAT This Week

Laravel Pulse is a real-time application performance monitoring tool and dashboard for Laravel applications. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Pulse
NVD GitHub Exploit-DB
CVSS 4.0
8.7
EPSS
28.6%
CVE-2024-55887 HIGH PATCH This Week

Ucum-java is a FHIR Java library providing UCUM Services. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XXE
NVD GitHub
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-52058 HIGH This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in RTI Connext Professional (System Designer) allows OS Command Injection.0.0 before 7.3.0.2,. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Connext Professional
NVD
CVSS 4.0
8.6
EPSS
0.6%
CVE-2024-11839 HIGH This Week

Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.61.3 before 2.8.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Plextrac
NVD
CVSS 4.0
8.6
EPSS
0.3%
CVE-2024-11838 HIGH This Week

External Control of File Name or Path vulnerability in PlexTrac allows Local Code Inclusion through use of an undocumented API endpoint.61.3 before 2.8.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Plextrac
NVD
CVSS 4.0
8.6
EPSS
0.4%
CVE-2024-11837 HIGH This Week

Improper Neutralization of Special Elements used in an N1QL Command ('N1QL Injection') vulnerability in PlexTrac allows N1QL Injection.61.3 before 2.8.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Plextrac
NVD
CVSS 4.0
8.6
EPSS
0.5%
CVE-2024-11836 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in PlexTrac allowing requests to internal system resources.61.3 before 2.8.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Plextrac
NVD
CVSS 4.0
8.6
EPSS
0.3%
CVE-2024-54258 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Anzar Ahmed Ni CRM Lead ni-crm-lead allows SQL Injection.3.0. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2024-54304 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hive Support Hive Support hive-support allows SQL Injection.1.2. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2024-9508 HIGH This Week

Horner Automation Cscape contains a memory corruption vulnerability, which could allow an attacker to disclose information and execute arbitrary code. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-12212 HIGH This Week

The vulnerability occurs in the parsing of CSP files. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2023-38385 HIGH This Week

Missing Authorization vulnerability in artbees JupiterX Core jupiterx-core allows Exploiting Incorrectly Configured Access Control Security Levels.0.0-3.3.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.3
EPSS
0.6%
CVE-2024-52066 HIGH This Week

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service) allows Overflow Variables and Tags.4.0 before 7.5.0, from 7.0.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Connext Professional
NVD
CVSS 4.0
8.3
EPSS
0.3%
CVE-2024-52063 HIGH This Week

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Routing Service) allows Overflow Variables and Tags.0.0 before. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Connext Professional
NVD
CVSS 4.0
8.3
EPSS
0.3%
Page 1 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy