Skip to main content
CVE-2024-56064 CRITICAL Emergency

Unrestricted file upload in azzaroco's WP SuperBackup WordPress plugin (versions through 2.3.3) enables remote unauthenticated attackers to upload arbitrary files including web shells, leading to full server compromise. The maximum CVSS score of 10.0 combined with an EPSS score of 55.52% (98th percentile) indicates very high exploitation probability, though no public exploit was identified at time of analysis and the issue is not yet listed in CISA KEV.

File Upload
NVD
CVSS 3.1
10.0
EPSS
55.5%
CVE-2024-56067 HIGH Act Now

Missing Authorization vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Exploiting Incorrectly Configured Access Control Security Levels.3.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 62.3% and no vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
62.3%
CVE-2024-11972 CRITICAL POC THREAT Act Now

The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Hunk Companion
NVD WPScan Exploit-DB
CVSS 3.1
9.8
EPSS
54.8%
CVE-2024-13067 MEDIUM POC This Month

A vulnerability was found in CodeAstro Online Food Ordering System 1.0 and classified as critical.php of the component All Users Page. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Online Food Ordering System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-56046 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.9.9. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2024-56071 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in mikeleembruggen Simple Dashboard simple-dashboard allows Privilege Escalation.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-56044 CRITICAL Act Now

Authentication Bypass Using an Alternate Path or Channel vulnerability in VibeThemes WPLMS wplms_plugin allows Authentication Bypass.9.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-56043 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS wplms_plugin allows Privilege Escalation.9.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-56040 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in VibeThemes VibeBP vibebp allows Privilege Escalation.9.9.4.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-56220 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in sslplugins SSL Wireless SMS Notification ssl-wireless-sms-notification allows Privilege Escalation.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-56205 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in SunnyKai AI Magic newsletter-page-redirects allows Privilege Escalation.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-56066 CRITICAL Act Now

Missing Authorization vulnerability in inspry Agency Toolkit agency-toolkit allows Privilege Escalation.0.23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-13061 CRITICAL Act Now

The Electronic Official Document Management System from 2100 Technology has an Authentication Bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-12108 CRITICAL Act Now

In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Whatsup Gold
NVD
CVSS 3.1
9.6
EPSS
6.8%
CVE-2024-56042 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.9.9.5.3. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.2%
CVE-2024-56045 CRITICAL Act Now

Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.9.9.5. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
9.3
EPSS
0.2%
CVE-2024-56039 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes VibeBP vibebp allows SQL Injection.9.9.7.7. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.2%
CVE-2024-13079 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Land Record System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Land Record System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-13078 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Land Record System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Land Record System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-13077 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in PHPGurukul Land Record System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Land Record System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-13076 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in PHPGurukul Land Record System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Land Record System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-13075 MEDIUM POC This Month

A vulnerability classified as problematic was found in PHPGurukul Land Record System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Land Record System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-56198 CRITICAL PATCH Act Now

path-sanitizer is a simple lightweight npm package for sanitizing paths to prevent Path Traversal. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Path Traversal
NVD GitHub
CVSS 4.0
9.3
EPSS
0.7%
CVE-2024-13072 MEDIUM POC This Month

A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Beauty Parlour Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-13070 MEDIUM POC This Month

A vulnerability was found in CodeAstro Online Food Ordering System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Food Ordering System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-13069 MEDIUM POC This Month

A vulnerability was found in SourceCodester Multi Role Login System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Multi Role Login System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-56211 HIGH This Week

Missing Authorization vulnerability in DeluxeThemes Userpro userpro.1.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-56204 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in yonisink Sinking Dropdowns sinking-dropdowns allows Privilege Escalation.25. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-56061 HIGH This Week

Missing Authorization vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Privilege Escalation.8119. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-56207 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in EditionGuard EditionGuard for WooCommerce - eBook Sales with DRM editionguard-for-woocommerce-ebook-sales-with-drm allows Privilege Escalation.4.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-56203 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in gholme4 Wayne Audio Player wayne-audio-player allows Privilege Escalation.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-56206 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in krishankakkar gap-hub-user-role gap-hub-user-role allows Authentication Bypass.4.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass CSRF
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2024-52047 HIGH This Week

A widget local file inclusion vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Information Disclosure Trend Micro Apex One
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-25133 HIGH This Week

A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-13040 HIGH This Week

The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-12839 HIGH This Week

The login mechanism via device authentication of CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-12838 HIGH This Week

The passwordless login mechanism in CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability, allowing remote attackers with regular privileges to send a crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-56802 HIGH This Week

Tapir is a private Terraform registry. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-56041 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes VibeBP vibebp allows SQL Injection.9.9.5.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2024-56212 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DeluxeThemes Userpro userpro.1.9. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2024-56214 HIGH This Week

Path Traversal: '.../...//' vulnerability in DeluxeThemes Userpro userpro allows Path Traversal.1.9. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
8.3
EPSS
0.3%
CVE-2024-53647 HIGH This Week

Trend Micro ID Security, version 3.0 and below contains a vulnerability that could allow an attacker to send an unlimited number of email verification requests without any restriction, potentially. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Denial Of Service Id Security
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-56230 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Maidul Dynamic Product Category Grid, Slider for WooCommerce. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure WordPress LFI PHP
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-55917 HIGH This Week

An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-55632 HIGH This Week

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-55631 HIGH This Week

An engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-52050 HIGH This Week

A LogServer arbitrary file creation vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-52049 HIGH This Week

A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-52048 HIGH This Week

A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-45497 HIGH This Week

A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Denial Of Service
NVD
CVSS 3.1
7.6
EPSS
0.5%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy