Skip to main content
CVE-2024-22419 CRITICAL POC PATCH Act Now

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Vyper
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-0655 CRITICAL POC Act Now

A vulnerability has been found in Novel-Plus 4.3.0-RC1 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Novel Plus
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-6970 MEDIUM POC PATCH THREAT This Month

The WP Recipe Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘Referer' header in all versions up to, and including, 9.1.0 due to insufficient input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.4%.

WordPress XSS Wp Recipe Maker Bootstrap
NVD VulDB
CVSS 3.1
6.1
EPSS
16.4%
CVE-2024-22819 HIGH POC This Week

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Flycms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-22818 HIGH POC This Week

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Flycms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-22817 HIGH POC This Week

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Flycms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-22603 HIGH POC This Week

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/links/add_link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Flycms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-22699 HIGH POC This Week

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/update_group_save. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Flycms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-22593 HIGH POC This Week

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Flycms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-22592 HIGH POC This Week

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Flycms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-22591 HIGH POC This Week

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Flycms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-22568 HIGH POC This Week

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Flycms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-22416 HIGH POC PATCH This Week

pyLoad is a free and open-source Download Manager written in pure Python. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python CSRF Pyload Ng
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-0693 HIGH POC This Week

A vulnerability classified as problematic was found in EFS Easy File Sharing FTP 2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Easy File Sharing Ftp Server
NVD VulDB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-0651 HIGH POC This Week

A vulnerability was found in PHPGurukul Company Visitor Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Company Visitor Management System
NVD VulDB
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-23525 MEDIUM POC This Month

The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Spreadsheet
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-6816 CRITICAL Act Now

A heap overflow vulnerability exists in X.Org Server and Xwayland where improper memory allocation for logical button mappings allows remote attackers to execute arbitrary code with high privileges. The flaw affects multiple Linux distributions including RHEL 7, Fedora 39, and Debian 10, with a critical CVSS score of 9.8 and an EPSS score of 3.26% (87th percentile), indicating moderate real-world exploitation likelihood. Multiple security advisories have been issued by Red Hat with patches available, though no evidence of active exploitation (not in KEV) or public proof-of-concept exists.

Buffer Overflow
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2024-0696 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in AtroCore AtroPIM 1.8.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Atropim
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-0650 MEDIUM POC This Month

A vulnerability was found in Project Worlds Visitor Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Visitor Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-5806 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mergen Software Quality Management System allows SQL Injection.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Quality Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-22415 CRITICAL PATCH Act Now

jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Language Server Protocol Integration
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-22212 CRITICAL PATCH Act Now

Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Nextcloud Global Site Selector
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-22418 MEDIUM POC PATCH This Month

Group-Office is an enterprise CRM and groupware tool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload XSS Microsoft Group Office
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-22213 MEDIUM POC PATCH This Month

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Nextcloud XSS Deck
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-22549 MEDIUM POC This Month

FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flycms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-22548 MEDIUM POC This Month

FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flycms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-0695 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in EFS Easy Chat Server 3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Easy Chat Server
NVD VulDB
CVSS 3.1
5.3
EPSS
1.0%
CVE-2024-22317 CRITICAL PATCH Act Now

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Denial Of Service App Connect Enterprise
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2024-22601 HIGH This Week

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Flycms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-0652 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Company Visitor Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Company Visitor Management System
NVD VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2024-0654 HIGH This Week

A vulnerability, which was classified as problematic, was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Deepfacelab
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-0580 HIGH This Week

Omission of user-controlled key authorization in the IDMSistemas platform, affecting the QSige product. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sinergia
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-0669 HIGH PATCH This Week

A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Plone
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-0607 MEDIUM PATCH This Month

A flaw was found in the Netfilter subsystem in the Linux kernel. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
6.6
EPSS
0.2%
CVE-2024-0381 MEDIUM PATCH This Month

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wp Recipe Maker Bootstrap
NVD
CVSS 3.1
6.4
EPSS
1.0%
CVE-2023-6958 MEDIUM PATCH This Month

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wp Recipe Maker Bootstrap
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-7153 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Macroturk Software and Internet Technologies Macro-Bel allows Reflected XSS.1.0.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Macro Bel
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-22400 MEDIUM PATCH This Month

Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Nextcloud Open Redirect Sso Saml Authentication
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-22402 MEDIUM PATCH This Month

Nextcloud guests app is a utility to create guest users which can only see files shared with them. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Guests
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-22404 MEDIUM PATCH This Month

Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Information Disclosure Zipper
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-22401 MEDIUM PATCH This Month

Nextcloud guests app is a utility to create guest users which can only see files shared with them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Information Disclosure Guests
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-22403 LOW PATCH Monitor

Nextcloud server is a self hosted personal cloud system. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
3.7
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy