Loading HuntDB...

High-Impact Vulnerabilities

Critical + High Exploit High EPSS

Vulnerabilities that meet all three criteria: Critical/High severity, known exploits, and high probability of exploitation (EPSS ≥ 10%).

CVE-2024-10571 6 months, 2 weeks ago

The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

CRITICAL (9.8) EPSS: 80.3% 1 exploit
Chartify – WordPress Chart Pl…
CVE-2024-10516 6 months, 2 weeks ago

The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

HIGH (8.1) EPSS: 76.6% 1 exploit
Swift Performance Lite < 2.3.…
CVE-2024-10081 6 months, 2 weeks ago

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints include the ability to add, edit, and remove products, among others. All endpoints, apart from the /Authentication is affected by the vulnerability. This issue affects CodeChecker: through 6.24.1.

CRITICAL (10.0) EPSS: 56.1% 1 exploit
CodeChecker <= 6.24.1 - Authe…
CVE-2024-10400 6 months, 2 weeks ago

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the ‘rating_filter’ parameter in all versions up to, and including, 2.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

HIGH (7.5) EPSS: 92.8% 1 exploit
Tutor LMS <= 2.7.6 - SQL Inje…
CVE-2024-36412 6 months, 2 weeks ago

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

CRITICAL (10.0) EPSS: 93.2% 1 exploit
SuiteCRM - SQL Injection
CVE-2024-36404 6 months, 2 weeks ago

GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution (RCE) is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6 contain a fix for this issue. As a workaround, GeoTools can operate with reduced functionality by removing the `gt-complex` jar from one's application. As an example of the impact, application schema `datastore` would not function without the ability to use XPath expressions to query complex content. Alternatively, one may utilize a drop-in replacement GeoTools jar from SourceForge for versions 31.1, 30.3, 30.2, 29.2, 28.2, 27.5, 27.4, 26.7, 26.4, 25.2, and 24.0. These jars are for download only and are not available from maven central, intended to quickly provide a fix to affected applications.

CRITICAL (9.8) EPSS: 85.5% 1 exploit
GeoServer and GeoTools - Remo…
CVE-2024-36117 6 months, 2 weeks ago

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. Reposilite v3.5.10 is affected by an Arbitrary File Read vulnerability via path traversal while serving expanded javadoc files. Reposilite has addressed this issue in version 3.5.12. There are no known workarounds for this vulnerability. This issue was discovered and reported by the GitHub Security lab and is also tracked as GHSL-2024-074.

HIGH (8.6) EPSS: 30.2% 1 exploit
Reposilite >= 3.3.0, < 3.5.12…
CVE-2024-36991 6 months, 2 weeks ago

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.

HIGH (7.5) EPSS: 90.8% 1 exploit
Splunk Enterprise - Local Fil…
CVE-2024-36401 6 months, 2 weeks ago

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic and WPS Execute requests. This vulnerability can lead to executing arbitrary code. Versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2 contain a patch for the issue. A workaround exists by removing the `gt-complex-x.y.jar` file from the GeoServer where `x.y` is the GeoTools version (e.g., `gt-complex-31.1.jar` if running GeoServer 2.25.1). This will remove the vulnerable code from GeoServer but may break some GeoServer functionality or prevent GeoServer from deploying if the gt-complex module is needed.

CRITICAL (9.8) EPSS: 94.4% 1 exploit
GeoServer RCE in Evaluating P…
CVE-2024-22320 6 months, 2 weeks ago

IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146.

CRITICAL (9.8) EPSS: 91.3% 1 exploit
IBM Operational Decision Mana…
CVE-2024-22476 6 months, 2 weeks ago

Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.

CRITICAL (10.0) EPSS: 28.2% 1 exploit
Intel Neural Compressor <2.5.…
CVE-2024-22120 6 months, 2 weeks ago

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.

CRITICAL (9.1) EPSS: 93.8% 1 exploit
Zabbix Server - Time-Based Bl…
CVE-2024-20419 6 months, 2 weeks ago

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.

CRITICAL (10.0) EPSS: 90.2% 1 exploit
Cisco SSM On-Prem <= 8-202206…
CVE-2024-20767 6 months, 2 weeks ago

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify restricted files. Exploitation of this issue does not require user interaction. Exploitation of this issue requires the admin panel be exposed to the internet.

HIGH (7.4) EPSS: 94.1% 1 exploit
Adobe ColdFusion - Arbitrary …
CVE-2024-48914 6 months, 2 weeks ago

Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as configuration files, environment variables, and other critical data stored on the server. In the same code path is an additional vector for crashing the server via a malformed URI. Patches are available in versions 3.0.5 and 2.3.3. Some workarounds are also available. One may use object storage rather than the local file system, e.g. MinIO or S3, or define middleware which detects and blocks requests with urls containing `/../`.

CRITICAL (9.1) EPSS: 90.9% 1 exploit
Vendure - Arbitrary File Read
CVE-2024-31851 6 months, 2 weeks ago

A path traversal vulnerability exists in the Java version of CData Sync < 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.

HIGH (8.6) EPSS: 76.3% 1 exploit
CData Sync < 23.4.8843 - Path…
CVE-2024-31849 6 months, 2 weeks ago

A path traversal vulnerability exists in the Java version of CData Connect < 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.

CRITICAL (9.8) EPSS: 90.4% 1 exploit
CData Connect < 23.4.8846 - P…
CVE-2024-31848 6 months, 2 weeks ago

A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.

CRITICAL (9.8) EPSS: 92.9% 1 exploit
CData API Server < 23.4.8844 …
CVE-2024-31850 6 months, 2 weeks ago

A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.

HIGH (8.6) EPSS: 86.4% 1 exploit
CData Arc < 23.4.8839 - Path …
CVE-2024-38816 6 months, 2 weeks ago

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. Specifically, an application is vulnerable when both of the following are true: * the web application uses RouterFunctions to serve static resources * resource handling is explicitly configured with a FileSystemResource location However, malicious requests are blocked and rejected when any of the following is true: * the Spring Security HTTP Firewall https://docs.spring.io/spring-security/reference/servlet/exploits/firewall.html  is in use * the application runs on Tomcat or Jetty

HIGH (7.5) EPSS: 92.8% 1 exploit
WebMvc.fn/WebFlux.fn - Path T…