Skip to main content
CVE-2024-54385 HIGH POC THREAT Act Now

Server-Side Request Forgery (SSRF) vulnerability in princeahmed Radio Player radio-player allows Server Side Request Forgery.0.83. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 83.7%.

SSRF
NVD
CVSS 3.1
7.2
EPSS
83.7%
Threat
5.5
CVE-2024-54363 CRITICAL Emergency

Privilege escalation in the Wp NssUser Register WordPress plugin (versions through 1.0.0) by saiful.total allows remote unauthenticated attackers to gain elevated privileges due to incorrect privilege assignment. With a CVSS of 9.8 and an EPSS of 31.93% (97th percentile), this represents elevated exploitation likelihood relative to most CVEs, though no public exploit identified at time of analysis. The flaw permits full compromise of confidentiality, integrity, and availability of affected WordPress installations.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
31.9%
CVE-2024-55976 CRITICAL Act Now

SQL injection in the Critical Site Intel WordPress plugin (mikeleembruggen, versions through 1.0) allows remote unauthenticated attackers to manipulate backend database queries via the critical-site-intel-stats functionality, leading to data disclosure and limited availability impact with scope change to the underlying WordPress database. The vulnerability carries a CVSS 9.3 (Critical) rating and an EPSS score of 29.74% (97th percentile), placing it well above typical baseline exploitation likelihood, though no public exploit identified at time of analysis.

Intel SQLi
NVD
CVSS 3.1
9.3
EPSS
29.7%
CVE-2024-55988 CRITICAL Act Now

Unauthenticated blind SQL injection in the Navayan CSV Export WordPress plugin (versions through 1.0.9) allows remote attackers to inject arbitrary SQL into backend queries without any user interaction. With a CVSS of 9.3 and EPSS of 26.63% (96th percentile), the issue carries elevated exploitation probability, though no public exploit identified at time of analysis and it is not listed in CISA KEV.

SQLi
NVD
CVSS 3.1
9.3
EPSS
26.6%
CVE-2024-55982 CRITICAL Act Now

Blind SQL injection in the WordPress 'Share Buttons - Social Media' plugin (rich-web-share-button) by richteam through version 1.0.2 allows remote unauthenticated attackers to extract database contents via crafted requests. With a CVSS 9.3 (changed scope) and EPSS at the 96th percentile (26.03%), this represents a high-priority WordPress ecosystem risk despite no public exploit being identified at the time of analysis.

SQLi
NVD
CVSS 3.1
9.3
EPSS
26.0%
CVE-2024-29671 CRITICAL POC THREAT Act Now

Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 allows a remote attacker to execute arbitrary code via the POST request handler component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
20.9%
CVE-2024-55981 CRITICAL Act Now

SQL injection in Nabajit Roy's Nabz Image Gallery WordPress plugin (versions up to and including v1.00) allows remote unauthenticated attackers to inject arbitrary SQL into backend database queries. The flaw carries a critical CVSS 9.3 score with a scope-changed impact and an elevated EPSS exploitation probability of 20.15% (95th percentile), indicating notable likelihood of exploitation attempts, though no public exploit identified at time of analysis and not listed in CISA KEV.

SQLi
NVD
CVSS 3.1
9.3
EPSS
20.1%
CVE-2024-54369 CRITICAL Act Now

Missing authorization in ThemeHunk's Zita Site Builder WordPress plugin (versions through 1.0.2) allows remote unauthenticated attackers to invoke functionality that should be restricted by ACLs, leading to high integrity and availability impact. No public exploit identified at time of analysis, but the EPSS score of 19.29% (95th percentile) signals elevated likelihood of exploitation activity relative to most CVEs. The flaw is network-reachable with low attack complexity and no user interaction required, making it attractive for opportunistic mass-scanning against WordPress sites.

Authentication Bypass
NVD
CVSS 3.1
9.1
EPSS
19.3%
CVE-2024-53376 HIGH POC THREAT This Week

CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cyberpanel
NVD GitHub
CVSS 3.1
8.8
EPSS
11.0%
CVE-2024-52949 HIGH POC This Week

iptraf-ng 1.2.1 has a stack-based buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Iptraf Ng
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-55104 HIGH POC This Week

Online Nurse Hiring System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component /admin/add-nurse.php via the gender and emailid parameters. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Nurse Hiring System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-55103 HIGH POC This Week

Online Nurse Hiring System v1.0 was discovered to contain a SQL injection vulnerability in the component /admin/profile.php via the fullname parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Nurse Hiring System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-55972 CRITICAL Act Now

SQL injection in the chriscarvache eTemplates WordPress plugin (versions through 0.2.1) allows remote unauthenticated attackers to inject arbitrary SQL commands against the backing database. With CVSS 9.3 and a scope-changed impact (confidentiality high, availability low), successful exploitation can expose sensitive data stored beyond the plugin's own boundary. EPSS sits at 8.33% (92nd percentile), indicating meaningfully elevated exploitation probability, though no public exploit is identified at time of analysis.

SQLi
NVD
CVSS 3.1
9.3
EPSS
8.3%
CVE-2024-12662 MEDIUM POC This Month

A vulnerability classified as problematic has been found in IObit Advanced SystemCare Utimate up to 17.0.0. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Advanced Systemcare Ultimate
NVD VulDB
CVSS 4.0
6.8
EPSS
0.3%
CVE-2024-12661 MEDIUM POC This Month

A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Advanced Systemcare Ultimate
NVD VulDB
CVSS 4.0
6.8
EPSS
0.4%
CVE-2024-12660 MEDIUM POC This Month

A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Advanced Systemcare Ultimate
NVD VulDB
CVSS 4.0
6.8
EPSS
0.5%
CVE-2024-12659 MEDIUM POC This Month

A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Advanced Systemcare Ultimate
NVD VulDB
CVSS 4.0
6.8
EPSS
0.5%
CVE-2024-12658 MEDIUM POC This Month

A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0 and classified as problematic.sys of the component IOCTL Handler. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Advanced Systemcare Ultimate
NVD VulDB
CVSS 4.0
6.8
EPSS
0.5%
CVE-2024-12657 MEDIUM POC This Month

A vulnerability has been found in IObit Advanced SystemCare Utimate up to 17.0.0 and classified as problematic. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Advanced Systemcare Ultimate
NVD VulDB
CVSS 4.0
6.8
EPSS
0.4%
CVE-2024-12656 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in FabulaTech USB over Network 6.0.6.1. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Usb Over Network
NVD VulDB
CVSS 4.0
6.8
EPSS
0.3%
CVE-2024-12655 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in FabulaTech USB over Network 6.0.6.1. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Usb Over Network
NVD VulDB
CVSS 4.0
6.8
EPSS
0.5%
CVE-2024-12654 MEDIUM POC This Month

A vulnerability classified as problematic was found in FabulaTech USB over Network 6.0.6.1. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Usb Over Network
NVD VulDB
CVSS 4.0
6.8
EPSS
0.3%
CVE-2024-12653 MEDIUM POC This Month

A vulnerability classified as problematic has been found in FabulaTech USB over Network 6.0.6.1. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Usb Over Network
NVD VulDB
CVSS 4.0
6.8
EPSS
0.4%
CVE-2024-54374 HIGH Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sabri Sogrid sogrid allows PHP Local File Inclusion.5.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 16.3% and no vendor patch available.

Path Traversal PHP
NVD
CVSS 3.1
7.5
EPSS
16.3%
CVE-2024-55980 CRITICAL Act Now

SQL injection in the robindkumar Wr Age Verification WordPress plugin (versions up to and including 2.0.0) allows remote unauthenticated attackers to inject crafted SQL into backend queries, exposing database contents with a scope change that extends impact beyond the plugin itself. The flaw carries a CVSS 9.3 (Critical) and an EPSS of 4.91% (90th percentile), indicating meaningfully elevated exploitation likelihood relative to the broader CVE population, though no public exploit identified at time of analysis.

SQLi
NVD
CVSS 3.1
9.3
EPSS
4.9%
CVE-2024-55978 CRITICAL Act Now

Unauthenticated SQL injection in WalletStation Code Generator Pro (versions up to and including 1.2) allows remote attackers to inject arbitrary SQL into backend queries over the network without user interaction. The flaw carries a CVSS 9.3 with scope change and high confidentiality impact, and EPSS places it in the 90th percentile (4.91%) for exploitation likelihood, though no public exploit identified at time of analysis. Reported by Patchstack, the issue is tagged as SQLi and corresponds to CWE-89.

SQLi
NVD
CVSS 3.1
9.3
EPSS
4.9%
CVE-2024-54370 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member gallery-for-ultimate-member allows Upload a Web Shell to a Web Server.1.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.9%
CVE-2024-54367 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Ultimate Member ForumWP forumwp allows Object Injection.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-56012 CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Flash News / Post (Responsive) flashnews-fading-effect-pearlbells allows Privilege Escalation.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-43234 CRITICAL Act Now

Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice woffice allows Authentication Bypass.4.14. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-54229 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in straightvisions GmbH SV100 Companion sv100-companion allows Privilege Escalation.0.02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-55085 CRITICAL Act Now

GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an attacker to implement RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Getsimple Cms
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-55557 CRITICAL Act Now

ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-10095 CRITICAL Act Now

In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Ui For Wpf
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-54368 CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability in rubengarzajr GitSync git-sync allows Code Injection.1.0. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2024-54372 CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Insertify insertify allows Code Injection.1.4. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2024-12641 CRITICAL Act Now

TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js XSS CSRF Tenderdoctransfer
NVD
CVSS 3.1
9.6
EPSS
1.4%
CVE-2024-55452 MEDIUM POC This Month

A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper validation of URLs in the upload and rendering of new block / carousel items. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Ujcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-11841 MEDIUM POC This Month

The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tithe Ly Giving Button
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-54361 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tenteeglobal Instant Appointment instant-appointment allows SQL Injection.2. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.4%
CVE-2024-55977 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BinaryCarpenter LaunchPage.app Importer launchpage-app-importer allows SQL Injection.app. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.3%
CVE-2024-54280 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WPBookit wpbookit allows SQL Injection.6.0. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.3%
CVE-2024-35230 MEDIUM POC PATCH This Month

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Information Disclosure Geoserver
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-55949 CRITICAL PATCH Act Now

MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 4.0
9.3
EPSS
0.7%
CVE-2024-12665 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in ruifang-tech Rebuild 3.8.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rebuild
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-12664 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in ruifang-tech Rebuild 3.8.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rebuild
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-49775 CRITICAL Act Now

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2501.0001), Opcenter Intelligence (All versions < V2501.0001), Opcenter Quality (All versions < V2512), Opcenter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE
NVD
CVSS 4.0
9.3
EPSS
1.5%
CVE-2024-5333 MEDIUM POC This Month

The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure The Events Calendar
NVD WPScan
CVSS 3.1
5.3
EPSS
1.1%
CVE-2024-8650 MEDIUM POC This Month

An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-8116 MEDIUM POC This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
5.3
EPSS
0.4%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy