Skip to main content
CVE-2024-22916 CRITICAL POC Act Now

In D-LINK Go-RT-AC750 v101b03, the sprintf function in the sub_40E700 function within the cgibin is susceptible to stack overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Go Rt Ac750 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-0200 CRITICAL POC THREAT Act Now

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Enterprise Server
NVD GitHub
CVSS 3.1
9.8
EPSS
71.7%
CVE-2024-22409 HIGH POC PATCH This Week

DataHub is an open-source metadata platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Datahub
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-0553 HIGH POC PATCH This Week

A vulnerability was found in GnuTLS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Gnutls Fedora Enterprise Linux
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-51810 HIGH POC This Week

SQL injection vulnerability in StackIdeas EasyDiscuss v.5.0.5 and fixed in v.5.0.10 allows a remote attacker to obtain sensitive information via a crafted request to the search parameter in the Users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Easydiscuss
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-22628 HIGH POC This Week

Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Budget And Expense Tracker System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-22627 HIGH POC This Week

Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_distributor.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Supplier Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-22626 HIGH POC This Week

Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_retailer.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Supplier Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-22625 HIGH POC This Week

Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_category.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Supplier Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-0601 MEDIUM POC This Month

A vulnerability was found in ZhongFuCheng3y Austin 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Austin
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-0239 MEDIUM POC This Month

The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Contact Form 7 Connector
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-0187 MEDIUM POC This Month

The Community by PeepSo WordPress plugin before 6.3.1.2 does not sanitise and escape various parameters and generated URLs before outputting them back attributes, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Peepso
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-22406 CRITICAL PATCH Act Now

Shopware is an open headless commerce platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Shopware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-0603 CRITICAL Act Now

A vulnerability classified as critical has been found in ZhiCms up to 4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Zhicms
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-0578 CRITICAL Act Now

A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Lr1200Gb Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-0577 CRITICAL Act Now

A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Lr1200Gb Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-0576 CRITICAL Act Now

A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Lr1200Gb Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-0575 CRITICAL Act Now

A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Lr1200Gb Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-0574 CRITICAL Act Now

A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Lr1200Gb Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-0573 CRITICAL Act Now

A vulnerability has been found in Totolink LR1200GB 9.1.0u.6619_B20230130 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Lr1200Gb Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-0572 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Lr1200Gb Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-0571 CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Lr1200Gb Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-0232 MEDIUM POC This Month

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Sqlite Enterprise Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-22411 MEDIUM POC PATCH This Month

Avo is a framework to create admin panels for Ruby on Rails apps. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Avo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-22191 MEDIUM POC PATCH This Month

Avo is a framework to create admin panels for Ruby on Rails apps. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Avo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-0599 MEDIUM POC This Month

A vulnerability was found in Jspxcms 10.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Jspxcms
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-22491 MEDIUM POC This Month

A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the post/save content parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Beetl Bbs
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-0235 MEDIUM POC THREAT This Month

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Eventon
NVD WPScan
CVSS 3.1
5.3
EPSS
38.0%
CVE-2024-0569 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure T8 Firmware
NVD VulDB
CVSS 4.0
5.3
EPSS
1.0%
CVE-2024-0517 HIGH This Week

Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
21.7%
CVE-2024-0507 HIGH This Week

An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Enterprise Server
NVD GitHub
CVSS 3.1
8.8
EPSS
65.8%
CVE-2024-21673 HIGH This Week

This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-21672 HIGH This Week

This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-20916 HIGH PATCH This Week

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Rated high severity (CVSS 8.3), this vulnerability is low attack complexity.

Authentication Bypass Denial Of Service Oracle Enterprise Manager
NVD
CVSS 3.1
8.3
EPSS
0.3%
CVE-2024-22408 HIGH This Week

Shopware is an open headless commerce platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Shopware
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-21670 HIGH This Week

Ursa is a cryptographic library for use with blockchains. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ursa
NVD GitHub
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-0555 HIGH This Week

A Cross-Site Request Forgery (CSRF) vulnerability has been found on WIC1200, affecting version 1.1. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Wic1200 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2024-23347 HIGH This Week

Prior to v176, when opening a new project Meta Spark Studio would execute scripts defined inside of a package.json file included as part of that project. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Meta Spark Studio
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-0582 HIGH PATCH This Week

A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Denial Of Service Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
12.8%
CVE-2024-22428 HIGH This Week

Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Dell Emc Idrac Service Module
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20924 HIGH PATCH This Week

Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable.

Hashicorp Information Disclosure Oracle Audit Vault And Database Firewall
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-21674 HIGH This Week

This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2024-22362 HIGH This Week

Drupal contains a vulnerability with improper handling of structural elements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Drupal
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-0570 MEDIUM This Month

A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass N350Rt Firmware
NVD VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-22407 MEDIUM PATCH This Month

Shopware is an open headless commerce platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Shopware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-22192 MEDIUM PATCH This Month

Ursa is a cryptographic library for use with blockchains. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ursa
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-20985 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle MySQL Oncommand Insight
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-20977 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle MySQL Oncommand Insight
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-20975 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Insight
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-20973 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Insight
NVD
CVSS 3.1
6.5
EPSS
1.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy