CVSS 8-9

CVE IDCVSSVendorExploitPatchTrends
CVE-2024-4776[Low] A file dialog shown while in full-screen mode could have resulted in the window remaining disabled.
CVSS 8.2Mozilla

-

Patched

Trending graph for this CVE
CVE-2024-4771[Moderate] A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution.
CVSS 8.6Mozilla

-

Patched

Trending graph for this CVE
CVE-2024-4770When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
CVSS 8.8Mozilla

-

Patched

Trending graph for this CVE
CVE-2024-47659In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1) returned packets are incorrectly labeled ('foo' instead of 'bar') 2) 'bar' can write to 'foo' without being authorized to write. Here is a scenario how to see this: * Take two machines, let's call them C and S, with active Smack in the default state (no settings, no rules, no labeled hosts, only builtin labels) * At S, add Smack rule 'foo bar w' (labels 'foo' and 'bar' are instantiated at S at this moment) * At S, at label 'bar', launch a program that listens for incoming tcp/ipv4 connections * From C, at label 'foo', connect to the listener at S. (label 'foo' is instantiated at C at this moment) Connection succeedes and works. * Send some data in both directions. * Collect network traffic of this connection. All packets in both directions are labeled with the CIPSO of the label 'foo'. Hence, label 'bar' writes to 'foo' without being authorized, and even without ever being known at C. If anybody cares: exactly the same happens with DCCP. This behavior 1st manifested in release 2.6.29.4 (see Fixes below) and it looks unintentional. At least, no explanation was provided. I changed returned packes label into the 'bar', to bring it into line with the Smack documentation claims.
CVSS 8.8Linux

-

Patched

Trending graph for this CVE
CVE-2024-47655This vulnerability exists in the Shilpi Client Dashboard due to improper validation of files being uploaded other than the specified extension. An authenticated remote attacker could exploit this vulnerability by uploading malicious file, which could lead to remote code execution on targeted application.
CVSS 8.8

-

-

Trending graph for this CVE
CVE-2024-47652This vulnerability exists in Shilpi Client Dashboard due to implementation of inadequate authentication mechanism in the login module wherein access to any users account is granted with just their corresponding mobile number. A remote attacker could exploit this vulnerability by providing mobile number of targeted user, to obtain complete access to the targeted user account.
CVSS 8.1

-

-

Trending graph for this CVE
CVE-2024-4765[Moderate] Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary code in another application's context. This issue only affects Firefox for Android. Other versions of Firefox are unaffected.
CVSS 8.1Mozilla

-

Patched

Trending graph for this CVE
CVE-2024-47637: Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Path Traversal.This issue affects LiteSpeed Cache: from n/a through 6.4.1.
CVSS 8.8Litespeedtech

-

-

Trending graph for this CVE
CVE-2024-4761Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
CVSS 8.8Fedoraproject, et al

Exploit

Patched

Trending graph for this CVE
CVE-2024-47590An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, input data will be used by the web site page generation to create content which when executed in the victim's browser (XXS) or transmitted to another server (SSRF) gives the attacker the ability to execute arbitrary code on the server fully compromising confidentiality, integrity and availability.
CVSS 8.8Apache

-

-

Trending graph for this CVE
CVE-2024-4757The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
CVSS 8.1Wordpress

-

-

Trending graph for this CVE
CVE-2024-47562A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly neutralize special elements in user input to the ```ssmctl-client``` command. This could allow an authenticated, lowly privileged local attacker to execute privileged commands in the underlying OS.
CVSS 8.8Siemens

-

-

Trending graph for this CVE
CVE-2024-47559Authenticated RCE via Path Traversal
CVSS 8.8Apache, et al

-

Patched

Trending graph for this CVE
CVE-2024-47558Authenticated RCE via Path Traversal
CVSS 8.8Apache, et al

-

Patched

Trending graph for this CVE
CVE-2024-47555Missing Authentication - User & System Configuration
CVSS 8.3Adobe

-

-

Trending graph for this CVE
CVE-2024-47490An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause increased consumption of resources, ultimately resulting in a Denial of Service (DoS). When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the Routing Engine (RE), rather than being handled appropriately. Continuous receipt of these MPLS packets causes resources to be exhausted. MPLS config is not required to be affected by this issue.  This issue affects Junos OS Evolved ACX 7000 Series:  * All versions before 21.4R3-S9-EVO, * 22.2-EVO before 22.2R3-S4-EVO,  * 22.3-EVO before 22.3R3-S3-EVO,  * 22.4-EVO before 22.4R3-S2-EVO,  * 23.2-EVO before 23.2R2-EVO,  * 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO.
CVSS 8.2Juniper

-

-

Trending graph for this CVE
CVE-2024-4749The wp-eMember WordPress plugin before 10.3.9 does not sanitize and escape the "fieldId" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
CVSS 8.3Wordpress

-

-

Trending graph for this CVE
CVE-2024-47487There is a SQL injection vulnerability in some HikCentral Professional versions. This could allow an authenticated user to execute arbitrary SQL queries.
CVSS 8.8Hikvision

-

Patched

Trending graph for this CVE
CVE-2024-4742The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the order_by shortcode attribute in all versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS 8.8Kainelabs, et al

-

-

Trending graph for this CVE
CVE-2024-47362Missing Authorization vulnerability in WPChill Strong Testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through 3.1.16.
CVSS 8.8Wpchill

-

-

Trending graph for this CVE
CVE-2024-47361Missing Authorization vulnerability in WPVibes Elementor Addon Elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Addon Elements: from n/a through 1.13.6.
CVSS 8.8Wpvibes, et al

-

-

Trending graph for this CVE
CVE-2024-47330Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons by Supsystic: from n/a through 2.2.9.
CVSS 8.8Supsystic

-

-

Trending graph for this CVE
CVE-2024-47325Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.7.
CVSS 8.8Themeisle

-

-

Trending graph for this CVE
CVE-2024-47323Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin allows PHP Local File Inclusion.This issue affects WP Timeline – Vertical and Horizontal timeline plugin: from n/a through 3.6.7.
CVSS 8.1Exthemes, et al

-

-

Trending graph for this CVE
CVE-2024-47319Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form – Contact Form Plugin allows Code Injection.This issue affects Bit Form – Contact Form Plugin: from n/a through 2.13.10.
CVSS 8Bitapps

-

-

Trending graph for this CVE
CVE-2024-47318Missing Authorization vulnerability in Magazine3 PWA for WP & AMP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PWA for WP & AMP: from n/a through 1.7.72.
CVSS 8.8Wordpress, et al

-

-

Trending graph for this CVE
CVE-2024-47317Missing Authorization vulnerability in WP Quads Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads: from n/a through 2.0.84.
CVSS 8.8Wpquads, et al

-

-

Trending graph for this CVE
CVE-2024-47315Cross-Site Request Forgery (CSRF) vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.15.1.
CVSS 8.8Givewp

-

-

Trending graph for this CVE
CVE-2024-47314Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.8.
CVSS 8.8Sunshinephotocart

-

-

Trending graph for this CVE
CVE-2024-47312Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPGrim Classic Editor and Classic Widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through 1.4.1.
CVSS 8.5Wpgrim

-

-

Trending graph for this CVE
CVE-2024-47305Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any Font allows Cross Site Request Forgery.This issue affects Use Any Font: from n/a through 6.3.08.
CVSS 8.8Dineshkarki, et al

-

-

Trending graph for this CVE
CVE-2024-47304Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPManageNinja LLC Fluent Support allows SQL Injection.This issue affects Fluent Support: from n/a through 1.8.0.
CVSS 8.5Wpmanageninja

-

-

Trending graph for this CVE
CVE-2024-47295Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the information provided by the vendor under [References].
CVSS 8.1Epson

-

-

Trending graph for this CVE
CVE-2024-47210Gladys Assistant before 4.45.1 allows Privilege Escalation (a user changing their own role) because req.body.role can be used in updateMySelf in server/api/controllers/user.controller.js.
CVSS 8.8Gladysassistant

-

-

Trending graph for this CVE
CVE-2024-47183Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. If the Parse Server option allowCustomObjectId: true is set, an attacker that is allowed to create a new user can set a custom object ID for that new user that exploits the vulnerability and acquires privileges of a specific role. This vulnerability is fixed in 6.5.9 and 7.3.0.
CVSS 8.1Parseplatform

-

Patched

Trending graph for this CVE
CVE-2024-47180Shields.io is a service for concise, consistent, and legible badges in SVG and raster format. Shields.io and users self-hosting their own instance of shields using version < `server-2024-09-25` are vulnerable to a remote execution vulnerability via the JSONPath library used by the Dynamic JSON/Toml/Yaml badges. This vulnerability would allow any user with access to make a request to a URL on the instance to the ability to execute code by crafting a malicious JSONPath expression. All users who self-host an instance are vulnerable. This problem was fixed in server-2024-09-25. Those who follow the tagged releases should update to `server-2024-09-25` or later. Those who follow the rolling tag on DockerHub, `docker pull shieldsio/shields:next` to update to the latest version. As a workaround, blocking access to the endpoints `/badge/dynamic/json`, `/badge/dynamic/toml`, and `/badge/dynamic/yaml` (e.g: via a firewall or reverse proxy in front of your instance) would prevent the exploitable endpoints from being accessed.
CVSS 8.8

-

-

Trending graph for this CVE
CVE-2024-47179RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's `docker-test-cont.yml` workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users of RSSHub are not vulnerable to this issue, and commit 64e00e7 fixed the underlying issue and made the repository no longer vulnerable. The `docker-test-cont.yml` workflow gets triggered when the `PR - Docker build test` workflow completes successfully. It then collects some information about the Pull Request that triggered the triggering workflow and set some labels depending on the PR body and sender. If the PR also contains a `routes` markdown block, it will set the `TEST_CONTINUE` environment variable to `true`. The workflow then downloads and extracts an artifact uploaded by the triggering workflow which is expected to contain a single `rsshub.tar.zst` file. However, prior to commit 64e00e7, it did not validate and the contents were extracted in the root of the workspace overriding any existing files. Since the contents of the artifact were not validated, it is possible for a malicious actor to send a Pull Request which uploads, not just the `rsshub.tar.zst` compressed docker image, but also a malicious `package.json` file with a script to run arbitrary code in the context of the privileged workflow. As of commit 64e00e7, this scenario has been addressed and the RSSHub repository is no longer vulnerable.
CVSS 8.8Rsshub

-

-

Trending graph for this CVE
CVE-2024-47175A security issue was found in OpenPrinting CUPS. The function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer's capabilities (such as supported media sizes, resolutions, color modes, etc.). PPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way. The ppdCreatePPDFromIPP2 function in libppd doesn't properly check or clean IPP attributes before writing them to a temporary PPD file. This means that a remote attacker, who has control of or has hijacked an exposed printer (through UPD or mDNS), could send a harmful IPP attribute and potentially insert malicious commands into the PPD file.
CVSS 8.6

-

Patched

Trending graph for this CVE
CVE-2024-47169A vulnerability has been discovered in Agnai that permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those files. This issue could result in unauthorized access, full server compromise, data leakage, and other critical security threats. This does not affect: agnai.chat installations using S3-compatible storage self-hosting that is not publicly exposed This DOES affect: publicly hosted installs without S3-compatible storage
CVSS 8.8

-

Patched

Trending graph for this CVE
CVE-2024-47126The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF. This only applies to the optional broadcast of an encryption key, so it is advised to share the key with local QR code for higher security operations.
CVSS 8.8

-

-

Trending graph for this CVE
CVE-2024-47084Gradio is an open-source Python package designed for quick prototyping. This vulnerability is related to **CORS origin validation**, where the Gradio server fails to validate the request origin when a cookie is present. This allows an attacker’s website to make unauthorized requests to a local Gradio server. Potentially, attackers can upload files, steal authentication tokens, and access user data if the victim visits a malicious website while logged into Gradio. This impacts users who have deployed Gradio locally and use basic authentication. Users are advised to upgrade to `gradio>4.44` to address this issue. As a workaround, users can manually enforce stricter CORS origin validation by modifying the `CustomCORSMiddleware` class in their local Gradio server code. Specifically, they can bypass the condition that skips CORS validation for requests containing cookies to prevent potential exploitation.
CVSS 8.3Gradio project

-

Patched

Trending graph for this CVE
CVE-2024-47082Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable to cross-site request forgery (CSRF) attacks if users did not explicitly enable CSRF preventing security mechanism for their servers. Additionally, the Django HTTP view integration, in particular, had an exemption for Django's built-in CSRF protection (i.e., the `CsrfViewMiddleware` middleware) by default. In affect, all Strawberry integrations were vulnerable to CSRF attacks by default. Version `v0.243.0` is the first `strawberry-graphql` including a patch.
CVSS 8Graphql

-

Patched

Trending graph for this CVE
CVE-2024-47076CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
CVSS 8.6Ubuntu

Exploit

Patched

Trending graph for this CVE
CVE-2024-47066Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.19.13, server-side request forgery protection implemented in `src/app/api/proxy/route.ts` does not consider redirect and could be bypassed when attacker provides an external malicious URL which redirects to internal resources like a private network or loopback address. Version 1.19.13 contains an improved fix for the issue.
CVSS 8.8Lobehub

Exploit

Patched

Trending graph for this CVE
CVE-2024-47061Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the `attributes` property. These attributes are passed to the node component using the `nodeProps` prop. It has come to our attention that this feature can be used for malicious purposes, including cross-site scripting (XSS) and information exposure (specifically, users' IP addresses and whether or not they have opened a malicious document). Note that the risk of information exposure via attributes is only relevant to applications in which web requests to arbitrary URLs are not ordinarily allowed. Plate editors that allow users to embed images from arbitrary URLs, for example, already carry the risk of leaking users' IP addresses to third parties. All Plate editors using an affected version of @udecode/plate-core are vulnerable to these information exposure attacks via the style attribute and other attributes that can cause web requests to be sent. In addition, whether or not a Plate editor is vulnerable to cross-site scripting attacks using attributes depends on a number of factors. The most likely DOM attributes to be vulnerable are href and src on links and iframes respectively. Any component that spreads {...nodeProps} onto an <a> or <iframe> element and does not later override href or src will be vulnerable to XSS. In patched versions of Plate, we have disabled element.attributes and leaf.attributes for most attribute names by default, with some exceptions including target, alt, width, height, colspan and rowspan on the link, image, video, table cell and table header cell plugins. If this is a breaking change for you, you can selectively re-enable attributes for certain plugins as follows. Please carefully research and assess the security implications of any attribute you allow, as even seemingly innocuous attributes such as style can be used maliciously. If you are unable to upgrade to any of the patched versions, you should use a tool like patch-package or yarn patch to remove the logic from @udecode/plate-core that adds attributes to nodeProps.
CVSS 8.3

-

Patched

Trending graph for this CVE
CVE-2024-47049The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files.
CVSS 8.2Czim

-

Patched

Trending graph for this CVE
CVE-2024-47023there is a possible man-in-the-middle attack due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 8.1Adobe, et al

-

Patched

Trending graph for this CVE
CVE-2024-47014Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-330537292.
CVSS 8.8

-

-

Trending graph for this CVE
CVE-2024-47005Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted. A non-administrative user may execute some configuration APIs.
CVSS 8.1

-

-

Trending graph for this CVE
CVE-2024-47001Hidden functionality issue in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.
CVSS 8.8

-

-

Trending graph for this CVE
CVE-2024-46966The Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) application through 1.0.42 for Android allows an attacker to execute arbitrary JavaScript code via the mn.ikhgur.khotoch.MainActivity component.
CVSS 8.1

-

-

Trending graph for this CVE
CVE-2024-46964The com.video.downloader.all (aka All Video Downloader) application through 11.28 for Android allows an attacker to execute arbitrary JavaScript code via the com.video.downloader.all.StartActivity component.
CVSS 8.1

-

-

Trending graph for this CVE
CVE-2024-46963The com.superfast.video.downloader (aka Super Unlimited Video Downloader - All in One) application through 5.1.9 for Android allows an attacker to execute arbitrary JavaScript code via the com.bluesky.browser.ui.BrowserMainActivity component.
CVSS 8.1

-

-

Trending graph for this CVE
CVE-2024-46961The Inshot com.downloader.privatebrowser (aka Video Downloader - XDownloader) application through 1.3.5 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.privatebrowser.activity.PrivateMainActivity component.
CVSS 8.1

-

-

Trending graph for this CVE
CVE-2024-46960The ASD com.rocks.video.downloader (aka HD Video Downloader All Format) application through 7.0.129 for Android allows an attacker to execute arbitrary JavaScript code via the com.rocks.video.downloader.MainBrowserActivity component.
CVSS 8.8

-

-

Trending graph for this CVE
CVE-2024-4690Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
CVSS 8Microfocus, et al

-

Patched

Trending graph for this CVE
CVE-2024-46892A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an authenticated attacker to continue performing malicious actions even after their user account has been disabled.
CVSS 8.1Siemens

-

Patched

Trending graph for this CVE
CVE-2024-4680A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the victim's ability to revoke this access. This issue was observed in a self-hosted ZenML deployment via Docker, where after changing the password from one browser, the session remained active and usable in another browser without requiring re-authentication.
CVSS 8.8Zenml

Exploit

Patched

Trending graph for this CVE
CVE-2024-4670The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovg_search_form shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
CVSS 8.8Wordpress, et al

-

-

Trending graph for this CVE
CVE-2024-46658Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 was discovered to contain an authenticated command injection vulnerability.
CVSS 8Octobercms

-

-

Trending graph for this CVE
CVE-2024-46626OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload.
CVSS 8.8Os4ed

-

-

Trending graph for this CVE
CVE-2024-4662The Oxygen Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.8.2 via post metadata. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for lower privileged users, such as contributors, to inject arbitrary PHP code via the WordPress user interface and gain elevated privileges.
CVSS 8.8Wordpress

-

-

Trending graph for this CVE
CVE-2024-46539Insecure permissions in the Bluetooth Low Energy (BLE) component of Fire-Boltt Artillery Smart Watch NJ-R6E-10.3 allow attackers to cause a Denial of Service (DoS).
CVSS 8.2

-

-

Trending graph for this CVE
CVE-2024-46489A remote command execution (RCE) vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL.
CVSS 8.8

Exploit

Patched

Trending graph for this CVE
CVE-2024-46486TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProcDataSrv function.
CVSS 8Tp-link

-

-

Trending graph for this CVE
CVE-2024-46482An arbitrary file upload vulnerability in the Ticket Generation function of Ladybird Web Solution Faveo-Helpdesk v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .html or .svg file.
CVSS 8.2Ladybirdweb

-

-

Trending graph for this CVE
CVE-2024-46472CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection via the parameter 'email' in the Login Page.
CVSS 8.6Codeastro

-

-

Trending graph for this CVE
CVE-2024-46461VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream (heap based overflow). If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the target user's privileges.
CVSS 8Videolan

-

-

Trending graph for this CVE
CVE-2024-46441An arbitrary file upload vulnerability in YPay 1.2.0 allows attackers to execute arbitrary code via a ZIP archive to themePutFile in app/common/util/Upload.php (called from app/admin/controller/ypay/Home.php). The file extension of an uncompressed file is not checked.
CVSS 8.8

-

-

Trending graph for this CVE
CVE-2024-4640OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program crash.
CVSS 8.2Moxa

-

Patched

Trending graph for this CVE
CVE-2024-46394FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/?/user/add
CVSS 8.8Frogcms project

Exploit

-

Trending graph for this CVE
CVE-2024-4639OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.
CVSS 8.8Moxa

-

Patched

Trending graph for this CVE
CVE-2024-4638OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.
CVSS 8.8Moxa

-

Patched

Trending graph for this CVE
CVE-2024-46373Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend.
CVSS 8.8Dedecms

-

-

Trending graph for this CVE
CVE-2024-46366A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead creation process. This can lead to privilege escalation when the payload is executed, granting the attacker elevated permissions within the CRM system.
CVSS 8.8Webkul

-

-

Trending graph for this CVE
CVE-2024-46362FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_directory
CVSS 8.8Frogcms project

-

-

Trending graph for this CVE
CVE-2024-46329VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the SystemCommand object.
CVSS 8Vonets

-

-

Trending graph for this CVE
CVE-2024-46328VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for several different privileged accounts, including root.
CVSS 8Vonets

-

-

Trending graph for this CVE
CVE-2024-46316DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP message.
CVSS 8Draytek

-

-

Trending graph for this CVE
CVE-2024-46313TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid parameter in /userRpm/popupSiteSurveyRpm.htm.
CVSS 8Tp-link

-

-

Trending graph for this CVE
CVE-2024-46280PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access Control. The TELNET service is enabled with weak credentials for a root-level account, without the possibility of changing them.
CVSS 8.8Pix-link

-

-

Trending graph for this CVE
CVE-2024-46278Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console.
CVSS 8.4Sismics

-

-

Trending graph for this CVE
CVE-2024-4611The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they previously used the login via the plugin API. This can only be exploited if the 'openssl' php extension is not loaded on the server.
CVSS 8.1Apppresser, et al

-

-

Trending graph for this CVE
CVE-2024-46097TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit function you can change the tplan_id parameter to another ID. The application does not carry out a check on the user's permissions maing it possible to recover the IDs of all the TestPlans (even the administrative ones) and modify them even with minimal privileges.
CVSS 8.1Testlink

-

-

Trending graph for this CVE
CVE-2024-46086FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/delete/123
CVSS 8.8Frogcms project

Exploit

-

Trending graph for this CVE
CVE-2024-46085FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename
CVSS 8.8Frogcms project

-

-

Trending graph for this CVE
CVE-2024-46084Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function.
CVSS 8Scriptcase

-

-

Trending graph for this CVE
CVE-2024-46080Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function.
CVSS 8Scriptcase

-

-

Trending graph for this CVE
CVE-2024-4605The Breakdance plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.7.1 via post meta data. This is due to the plugin storing custom data in metadata without an underscore prefix. This makes it possible for lower privileged users, such as contributors, to edit this data via UI. As a result they can escalate their privileges or execute arbitrary code.
CVSS 8.8Wordpress, et al

-

-

Trending graph for this CVE
CVE-2024-46041IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay.
CVSS 8.8

-

-

Trending graph for this CVE
CVE-2024-45982A host header injection vulnerability in scheduleR v0.0.18 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users' passwords and compromise their accounts.
CVSS 8.8Apache

-

-

Trending graph for this CVE
CVE-2024-45981A host header injection vulnerability in BookReviewLibrary 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link.
CVSS 8.8

-

-

Trending graph for this CVE
CVE-2024-45980A host header injection vulnerability in MEANStore 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users' passwords and compromise their accounts.
CVSS 8.8

-

-

Trending graph for this CVE
CVE-2024-45979A host header injection vulnerability in Lines Police CAD 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users' passwords and compromise their accounts.
CVSS 8.8

-

-

Trending graph for this CVE
CVE-2024-45893DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `setSWMOption.`
CVSS 8Draytek

-

-

Trending graph for this CVE
CVE-2024-45891DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `delete_wlan_profile.`
CVSS 8Draytek

-

-

Trending graph for this CVE
CVE-2024-45890DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `download_ovpn.`
CVSS 8Draytek

-

-

Trending graph for this CVE
CVE-2024-45889DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `commandTable.`
CVSS 8Draytek

-

-

Trending graph for this CVE
CVE-2024-45888DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `set_ap_map_config.'
CVSS 8Draytek

-

-

Trending graph for this CVE
CVE-2024-45887DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi` is set to `doOpenVPN.`
CVSS 8Draytek

-

-

Trending graph for this CVE