Skip to main content
CVE-2024-8326 HIGH This Week

The s2Member - Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-12293 HIGH This Week

The User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.64.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-11999 HIGH This Week

control of the device when an authenticated user installs malicious code into HMI product. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-10476 HIGH This Week

Default credentials are used in the above listed BD Diagnostic Solutions products. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2024-12671 HIGH This Week

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-12670 HIGH This Week

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Information Disclosure RCE Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-12669 HIGH This Week

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Information Disclosure RCE Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-12200 HIGH This Week

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-12199 HIGH This Week

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-12198 HIGH This Week

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-12197 HIGH This Week

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-12194 HIGH This Week

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-12193 HIGH This Week

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-12192 HIGH This Week

A maliciously crafted DWF file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-12191 HIGH This Week

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-12179 HIGH This Week

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Information Disclosure RCE Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-12178 HIGH This Week

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-11422 HIGH This Week

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-9624 HIGH This Week

The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxi_curl_download function. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-9779 HIGH PATCH This Week

A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-51175 HIGH This Week

An issue in H3C switch h3c-S1526 allows a remote attacker to obtain sensitive information via the S1526.cfg component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-51479 HIGH PATCH This Week

Next.js is a React framework for building full-stack web applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Next Js
NVD GitHub
CVSS 3.1
7.5
EPSS
4.0%
CVE-2024-49819 HIGH This Week

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-36832 HIGH This Week

A NULL pointer dereference in D-Link DAP-1513 REVA_FIRMWARE_1.01 allows attackers to cause a Denial of Service (DoS) via a crafted web request without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Null Pointer Dereference D-Link Denial Of Service Dap 1513 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-12024 HIGH PATCH This Week

The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Eventprime
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-49194 HIGH PATCH This Week

Databricks JDBC Driver 2.x before 2.6.40 could potentially allow remote code execution (RCE) by triggering a JNDI injection via a JDBC URL parameter. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 3.1
7.3
EPSS
0.7%
CVE-2024-38499 HIGH This Week

CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. Rated high severity (CVSS 7.3). No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
7.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy