THREAT ALERT

EMERGENCY CVE-2024-21887 9.1 Ivanti Connect Secure and Policy Secure contain an authenticated command injection in web components allowing administrators to execute arbitrary commands, chained with CVE-2023-46805 for unauthenticated RCE. | ACT NOW CVE-2023-46805 8.2 Ivanti Connect Secure and Policy Secure contain an authentication bypass in the web component allowing unauthenticated access to restricted resources, chained with CVE-2024-21887 for unauthenticated RCE in massive exploitation campaigns starting January 2024. | ACT NOW CVE-2024-21591 9.8 An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 25.0%. | ACT NOW CVE-2024-21650 10.0 XWiki Platform prior to specific patched versions contains a CVSS 10.0 remote code execution vulnerability through the user registration form. Attackers inject Groovy code into the first name or last name fields, which is executed server-side when the user profile page is rendered. | ACT NOW CVE-2024-22087 9.8 route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.8%. |

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — January 13, 2024

37 CVEs tracked today. 0 Critical, 4 High, 27 Medium, 6 Low.

CVE-2024-22142 HIGH CVSS 7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.10.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Profile Builder
CVE-2024-0510 HIGH CVSS 7.3
A vulnerability, which was classified as critical, has been found in HaoKeKeJi YiQiNiu up to 3.1. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF PHP Yiqiniu
CVE-2024-0480 HIGH CVSS 7.3
A vulnerability was found in Taokeyun up to 1.0.5. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Taokeyun
CVE-2024-0479 HIGH CVSS 7.3
A vulnerability was found in Taokeyun up to 1.0.5. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Taokeyun
CVE-2024-22209 MEDIUM CVSS 6.4
Open edX Platform is a service-oriented platform for authoring and delivering online learning. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Edx Platform
CVE-2024-22137 MEDIUM CVSS 6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.0.11. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Constant Contact Forms
CVE-2024-21640 MEDIUM CVSS 5.4
Chromium Embedded Framework (CEF) is a simple framework for embedding Chromium-based browsers in other applications.`CefVideoConsumerOSR::OnFrameCaptured` does not check `pixel_format` properly,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Google Information Disclosure Chromium Embedded Framework Chrome
CVE-2024-0505 MEDIUM CVSS 5.5
A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical.java of the component Upload Material Menu. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

File Upload Java Austin
CVE-2024-0502 MEDIUM CVSS 4.7
A vulnerability was found in SourceCodester House Rental Management System 1.0 and classified as critical. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi House Rental Management System
CVE-2024-0498 MEDIUM CVSS 6.3
A vulnerability was found in Project Worlds Lawyer Management System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Online Lawyer Management System
CVE-2024-0497 MEDIUM CVSS 6.3
A vulnerability was found in Campcodes Student Information System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Simple Student Information System
CVE-2024-0496 MEDIUM CVSS 6.3
A vulnerability was found in Kashipara Billing Software 1.0 and classified as critical.php of the component HTTP POST Request Handler. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Billing Software
CVE-2024-0495 MEDIUM CVSS 6.3
A vulnerability has been found in Kashipara Billing Software 1.0 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Billing Software
CVE-2024-0494 MEDIUM CVSS 6.3
A vulnerability, which was classified as critical, was found in Kashipara Billing Software 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Billing Software
CVE-2024-0493 MEDIUM CVSS 6.3
A vulnerability, which was classified as critical, has been found in Kashipara Billing Software 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Billing Software
CVE-2024-0492 MEDIUM CVSS 6.3
A vulnerability classified as critical was found in Kashipara Billing Software 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Billing Software
CVE-2024-0491 MEDIUM CVSS 5.3
A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Huaxia Erp
CVE-2024-0490 MEDIUM CVSS 5.3
A vulnerability was found in Huaxia ERP up to 3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Huaxia Erp
CVE-2024-0489 MEDIUM CVSS 6.3
A vulnerability was found in code-projects Fighting Cock Information System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Fighting Cock Information System
CVE-2024-0488 MEDIUM CVSS 6.3
A vulnerability was found in code-projects Fighting Cock Information System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Fighting Cock Information System
CVE-2024-0487 MEDIUM CVSS 6.3
A vulnerability was found in code-projects Fighting Cock Information System 1.0 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Fighting Cock Information System
CVE-2024-0486 MEDIUM CVSS 6.3
A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Fighting Cock Information System
CVE-2024-0485 MEDIUM CVSS 6.3
A vulnerability, which was classified as critical, was found in code-projects Fighting Cock Information System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Fighting Cock Information System
CVE-2024-0484 MEDIUM CVSS 6.3
A vulnerability, which was classified as critical, has been found in code-projects Fighting Cock Information System 1.0.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Fighting Cock Information System
CVE-2024-0483 MEDIUM CVSS 6.3
A vulnerability classified as critical was found in Taokeyun up to 1.0.5. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Taokeyun
CVE-2024-0482 MEDIUM CVSS 6.3
A vulnerability classified as critical has been found in Taokeyun up to 1.0.5. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Taokeyun
CVE-2024-0481 MEDIUM CVSS 6.3
A vulnerability was found in Taokeyun up to 1.0.5. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Taokeyun
CVE-2024-0478 MEDIUM CVSS 6.3
A vulnerability was found in code-projects Fighting Cock Information System 1.0 and classified as critical.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Fighting Cock Information System
CVE-2024-0477 MEDIUM CVSS 6.3
A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Fighting Cock Information System
CVE-2024-0475 MEDIUM CVSS 6.3
A vulnerability, which was classified as critical, has been found in code-projects Dormitory Management System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Dormitory Management System
CVE-2024-0251 MEDIUM CVSS 6.1
The Advanced Woo Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress
CVE-2024-0504 LOW CVSS 3.5
A vulnerability has been found in code-projects Simple Online Hotel Reservation System 1.0 and classified as problematic. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Simple Online Hotel Reservation System
CVE-2024-0503 LOW CVSS 3.5
A vulnerability was found in code-projects Online FIR System 1.0. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Fir System
CVE-2024-0501 LOW CVSS 2.4
A vulnerability has been found in SourceCodester House Rental Management System 1.0 and classified as problematic. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS House Rental Management System
CVE-2024-0500 LOW CVSS 2.4
A vulnerability, which was classified as problematic, was found in SourceCodester House Rental Management System 1.0. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS House Rental Management System
CVE-2024-0499 LOW CVSS 2.4
A vulnerability, which was classified as problematic, has been found in SourceCodester House Rental Management System 1.0.php. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP House Rental Management System
CVE-2024-0476 LOW CVSS 2.4
A vulnerability, which was classified as problematic, was found in Blood Bank & Donor Management 1.0. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Blood Bank Donor Management System

Today's Vulnerabilities Vulnerabilities