Skip to main content
CVE-2024-55506 HIGH POC This Week

An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 (version with 0 updates) enables an attacker to execute arbitrary code and obtain sensitive information via the delete.php file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE PHP Complaint Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-49576 HIGH POC This Week

A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Buffer Overflow Memory Corruption Pdf Editor +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-47810 HIGH POC This Week

A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Buffer Overflow Memory Corruption Pdf Editor +1
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-55953 HIGH POC PATCH This Week

DataEase is an open source business analytics tool. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Dataease
NVD GitHub
CVSS 4.0
8.6
EPSS
1.1%
CVE-2024-55952 HIGH POC PATCH This Week

DataEase is an open source business analytics tool. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Dataease
NVD GitHub
CVSS 4.0
8.6
EPSS
0.9%
CVE-2024-53580 HIGH POC This Week

iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Iperf3 Ontap 9 Hci Compute Node
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-53270 HIGH POC PATCH This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-53269 HIGH POC PATCH This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-12025 HIGH POC This Week

The Collapsing Categories plugin for WordPress is vulnerable to SQL Injection via the 'taxonomy' parameter of the /wp-json/collapsing-categories/v1/get REST API in all versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2024-36694 HIGH POC This Week

OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Opencart
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-41159 HIGH POC This Week

A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack Microsoft Onenote
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2024-53271 HIGH POC PATCH This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
7.1
EPSS
0.6%
CVE-2024-21546 HIGH PATCH This Week

Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection PHP RCE
NVD GitHub
CVSS 4.0
8.9
EPSS
1.3%
CVE-2024-56048 HIGH This Week

Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.9.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-56116 HIGH This Week

A Cross-Site Request Forgery vulnerability in Amiro.CMS before 7.8.4 allows remote attackers to create an administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Amiro Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-55505 HIGH This Week

An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the mess-view.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP RCE Complaint Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-12695 HIGH This Week

Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google RCE Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-12692 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
6.1%
CVE-2024-52591 HIGH This Week

Misskey is an open source, federated social media platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Misskey
NVD GitHub
CVSS 4.0
8.8
EPSS
0.3%
CVE-2024-52590 HIGH This Week

Misskey is an open source, federated social media platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Misskey
NVD GitHub
CVSS 4.0
8.8
EPSS
0.3%
CVE-2024-55088 HIGH This Week

GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF CSRF Getsimple Cms
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-12259 HIGH This Week

The CRM WordPress Plugin - RepairBuddy plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.8120. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-39703 HIGH This Week

In ThreatQuotient ThreatQ before 5.29.3, authenticated users are able to execute arbitrary commands by sending a crafted request to an API endpoint. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-1610 HIGH This Week

In OPPO Store APP, there's a possible escalation of privilege due to improper input validation. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-54270 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axeptio Axeptio axeptio-sdk-integration allows PHP Local File Inclusion.5.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
8.1
EPSS
2.9%
CVE-2024-56051 HIGH This Week

Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows Code Injection.9.9.5. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
8.5
EPSS
0.7%
CVE-2024-56055 HIGH This Week

Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.9.9.5.2. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
8.5
EPSS
0.5%
CVE-2024-56047 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.9.9.5.3. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2024-56049 HIGH This Week

Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.9.9.5.2. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2024-55985 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ydesignservices YDS Support Ticket System yds-support-ticket-system allows SQL Injection.0. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2024-55984 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susheelhbti Saksh Escrow System saksh-escrow-system allows SQL Injection.4. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2024-55975 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rohit Urane Dr Affiliate dr-affiliate allows SQL Injection.2.3. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2024-55983 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PowerFormBuilder PowerFormBuilder power-forms-builder allows SQL Injection.0.6. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2024-12741 HIGH This Week

A deserialization of untrusted data vulnerability exists in NI DAQExpress that may result in remote code execution. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE
NVD
CVSS 4.0
8.4
EPSS
4.2%
CVE-2024-56174 HIGH This Week

In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS Configured Commerce
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-12432 HIGH This Week

The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation WordPress
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-47480 HIGH This Week

Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Dell Inventory Collector
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-21547 HIGH PATCH This Week

Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\\. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 4.0
7.7
EPSS
0.9%
CVE-2024-56053 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.9.9.5.3. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2024-49202 HIGH This Week

Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2024-56008 HIGH This Week

Missing Authorization vulnerability in spreadr Spreadr Woocommerce spreadr-for-woocomerce allows Accessing Functionality Not Properly Constrained by ACLs.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-56319 HIGH This Week

In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before e3277eb, unlimited user label appends in a userlabel cluster can lead to a denial of service (resource exhaustion). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-56318 HIGH This Week

In raw\TCP.cpp in Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before 27ca6ec, there is a NULL pointer dereference in TCPBase::ProcessSingleMessage via TCP packets with zero. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-56317 HIGH This Week

In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then attempts to recreate them based on user input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-47119 HIGH This Week

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Storage Defender Resiliency Service
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-11912 HIGH This Week

The Travel Booking WordPress Theme theme for WordPress is vulnerable to blind time-based SQL Injection via the ‘order_id’ parameter in all versions up to, and including, 3.1.6 due to insufficient. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-47397 HIGH This Week

Weak authentication issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-4464 HIGH This Week

Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Synology Media Server
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-49363 HIGH This Week

Misskey is an open source, federated social media platform. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-11614 HIGH This Week

An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure
NVD
CVSS 3.0
7.4
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy