Skip to main content
CVE-2024-56058 CRITICAL Emergency

Unsafe PHP object deserialization in the VRPConnector WordPress plugin (versions up to and including 2.0.1) by denniskravetstns enables remote code execution through PHP Object Injection. Remote attackers can submit crafted serialized payloads that, when unserialized, instantiate attacker-controlled objects and trigger magic methods leading to arbitrary code execution; no public exploit identified at time of analysis, but EPSS places this in the 97th percentile (36.92%) indicating elevated exploitation likelihood.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
36.9%
CVE-2024-56145 CRITICAL POC KEV PATCH THREAT Act Now

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection RCE Craft Cms
NVD GitHub
CVSS 4.0
9.3
EPSS
97.4%
CVE-2024-56059 CRITICAL Act Now

Prototype pollution in the farinspace Partners WordPress plugin (versions up to and including 0.2.0) enables remote unauthenticated attackers to inject properties into base Object prototypes, leading to object injection and potentially remote code execution. The CVSS 9.8 score combined with a notable EPSS of 26.25% (96th percentile) signals elevated exploitation risk, though no public exploit identified at time of analysis and the issue is not present in CISA KEV.

Code Injection Prototype Pollution
NVD
CVSS 3.1
9.8
EPSS
26.2%
CVE-2024-55461 CRITICAL POC Act Now

SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Seacms
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-42004 CRITICAL POC Act Now

A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack Microsoft Teams
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-41145 CRITICAL POC Act Now

A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack Microsoft Teams
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-41138 CRITICAL POC Act Now

A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack Microsoft Teams
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-43106 CRITICAL POC Act Now

A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack Microsoft Excel
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-42220 CRITICAL POC Act Now

A library injection vulnerability exists in Microsoft Outlook 16.83.3 for macOS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack Microsoft Outlook
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-41165 CRITICAL POC Act Now

A library injection vulnerability exists in Microsoft Word 16.83 for macOS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack Microsoft Word
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-39804 CRITICAL POC Act Now

A library injection vulnerability exists in Microsoft PowerPoint 16.83 for macOS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack Microsoft Powerpoint
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2024-55506 HIGH POC This Week

An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 (version with 0 updates) enables an attacker to execute arbitrary code and obtain sensitive information via the delete.php file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE PHP Complaint Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-49576 HIGH POC This Week

A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Buffer Overflow Memory Corruption Pdf Editor +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-47810 HIGH POC This Week

A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Buffer Overflow Memory Corruption Pdf Editor +1
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-55953 HIGH POC PATCH This Week

DataEase is an open source business analytics tool. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Dataease
NVD GitHub
CVSS 4.0
8.6
EPSS
1.1%
CVE-2024-55952 HIGH POC PATCH This Week

DataEase is an open source business analytics tool. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Dataease
NVD GitHub
CVSS 4.0
8.6
EPSS
0.9%
CVE-2024-53580 HIGH POC This Week

iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Iperf3 Ontap 9 Hci Compute Node
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-53270 HIGH POC PATCH This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-53269 HIGH POC PATCH This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-12025 HIGH POC This Week

The Collapsing Categories plugin for WordPress is vulnerable to SQL Injection via the 'taxonomy' parameter of the /wp-json/collapsing-categories/v1/get REST API in all versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2024-36694 HIGH POC This Week

OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Opencart
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-41159 HIGH POC This Week

A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack Microsoft Onenote
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2024-53271 HIGH POC PATCH This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
7.1
EPSS
0.6%
CVE-2024-54383 CRITICAL Act Now

Privilege escalation in the WooCommerce PDF Vouchers WordPress plugin (wpweb) affects all versions up to and including 4.9.8, allowing remote unauthenticated attackers to gain elevated privileges on affected sites due to incorrect privilege assignment. With a CVSS score of 9.8 and EPSS at the 90th percentile (5.34%), this represents a meaningful threat to WordPress sites running this plugin, though no public exploit identified at time of analysis. The vulnerability was reported by Patchstack and impacts the full confidentiality, integrity, and availability triad of affected WordPress installations.

Privilege Escalation WordPress
NVD
CVSS 3.1
9.8
EPSS
5.3%
CVE-2024-56115 MEDIUM POC This Month

A vulnerability in Amiro.CMS before 7.8.4 exists due to the failure to take measures to neutralize special elements. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Amiro Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-55492 MEDIUM POC This Month

Winmail Server 4.4 is vulnerable to f_user=%22%3E%3Csvg%20onload Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Winmail Server
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-56057 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.9.9.5.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2024-56052 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.9.9.5.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2024-56050 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.9.9.5.3. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2024-47040 CRITICAL Act Now

There is a possible UAF due to a logic error in the code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Use After Free Memory Corruption Android
NVD
CVSS 4.0
10.0
EPSS
0.2%
CVE-2024-47039 CRITICAL Act Now

In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out of bounds read due to a missing bounds check. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 4.0
10.0
EPSS
0.2%
CVE-2024-47038 CRITICAL Act Now

In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a possible outcof bounds write due to a missing bounds check. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
CVSS 4.0
10.0
EPSS
0.2%
CVE-2024-12287 CRITICAL Act Now

The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-55239 MEDIUM POC This Month

A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in Portabilis i-Educar 2.9 allows attacker to craft malicious urls with arbitrary javascript in the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS I Educar
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-55232 MEDIUM POC This Month

An IDOR vulnerability in the manage-notes.php module in PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to delete notes belonging to other accounts due to missing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Online Notes Sharing Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-10892 MEDIUM POC This Month

The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Cost Calculator Builder
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-12373 CRITICAL Act Now

A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Rockwell
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-12372 CRITICAL Act Now

A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Rockwell
NVD
CVSS 4.0
9.3
EPSS
0.9%
CVE-2024-12371 CRITICAL Act Now

A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rockwell
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-4996 CRITICAL Act Now

Use of a hard-coded password for a database administrator account created during Wapro ERP installation allows an attacker to retrieve embedded sensitive data stored in the database. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure
NVD
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-56054 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.9.9.5.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-4995 CRITICAL Act Now

Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification.00.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.1
EPSS
0.9%
CVE-2024-21546 HIGH PATCH This Week

Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection PHP RCE
NVD GitHub
CVSS 4.0
8.9
EPSS
1.3%
CVE-2024-56048 HIGH This Week

Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.9.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-56116 HIGH This Week

A Cross-Site Request Forgery vulnerability in Amiro.CMS before 7.8.4 allows remote attackers to create an administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Amiro Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-55505 HIGH This Week

An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the mess-view.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE Complaint Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-12695 HIGH This Week

Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google RCE Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-12692 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
6.1%
CVE-2024-52591 HIGH This Week

Misskey is an open source, federated social media platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Misskey
NVD GitHub
CVSS 4.0
8.8
EPSS
0.3%
CVE-2024-52590 HIGH This Week

Misskey is an open source, federated social media platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Misskey
NVD GitHub
CVSS 4.0
8.8
EPSS
0.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy