Skip to main content
CVE-2024-0705 CRITICAL POC PATCH THREAT Act Now

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.7%.

SQLi WordPress Stripe Payment Plugin For Woocommerce
NVD VulDB
CVSS 3.1
9.8
EPSS
19.7%
Threat
4.1
CVE-2024-0738 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in 个人开源 mldong 1.0.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Mldong
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-0735 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Tours Travels Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-0730 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Time Table Generator
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-0729 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Foru Cms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-0728 CRITICAL POC Act Now

A vulnerability classified as problematic was found in ForU CMS up to 2020-06-23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Foru Cms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-0712 CRITICAL POC Act Now

A vulnerability was found in Byzoro Smart S150 Management Platform V31R02B15. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Smart S150 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.9%
CVE-2023-51947 CRITICAL POC Act Now

Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Actinas Sl 2U 8 Rdx Firmware
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.9%
CVE-2024-23689 HIGH POC PATCH This Week

Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Java Libraries
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-22424 HIGH POC PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

CSRF Kubernetes Argo Cd
NVD GitHub
CVSS 3.1
8.3
EPSS
0.4%
CVE-2024-23683 HIGH POC PATCH This Week

Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available.

RCE Java Artemis Java Test Sandbox
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-23682 HIGH POC PATCH This Week

Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Java Artemis Java Test Sandbox
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-23681 HIGH POC PATCH This Week

Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Artemis Java Test Sandbox
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-22956 HIGH POC This Week

swftools 0.9.2 was discovered to contain a heap-use-after-free vulnerability via the function removeFromTo at swftools/src/swfc.c:838. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Swftools
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-22955 HIGH POC This Week

swftools 0.9.2 was discovered to contain a stack-buffer-underflow vulnerability via the function parseExpression at swftools/src/swfc.c:2576. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Swftools
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-22919 HIGH POC This Week

swftools0.9.2 was discovered to contain a global-buffer-overflow vulnerability via the function parseExpression at swftools/src/swfc.c:2587. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-22915 HIGH POC This Week

A heap-use-after-free was found in SWFTools v0.9.2, in the function swf_DeleteTag at rfxswf.c:1193. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Swftools
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-22913 HIGH POC This Week

A heap-buffer-overflow was found in SWFTools v0.9.2, in the function swf5lex at lex.swf5.c:1321. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Swftools
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-22912 HIGH POC This Week

A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Swftools
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-22911 HIGH POC This Week

A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Swftools
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-22920 HIGH POC This Week

swftools 0.9.2 was discovered to contain a heap-use-after-free via the function bufferWriteData in swftools/lib/action/compile.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Swftools
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-22562 HIGH POC This Week

swftools 0.9.2 was discovered to contain a Stack Buffer Underflow via the function dict_foreach_keyvalue at swftools/lib/q.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Swftools
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-0737 HIGH POC This Week

A vulnerability classified as problematic was found in Xlightftpd Xlight FTP Server 1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Xlight Ftp Server
NVD VulDB Exploit-DB
CVSS 3.1
7.5
EPSS
4.2%
CVE-2024-23331 HIGH POC PATCH This Week

Vite is a frontend tooling framework for javascript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Microsoft Vite
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-0732 HIGH POC This Week

A vulnerability was found in PCMan FTP Server 2.0.7 and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Pcman Ftp Server
NVD VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-0731 HIGH POC This Week

A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Pcman Ftp Server
NVD VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-0725 HIGH POC This Week

A vulnerability was found in ProSSHD 1.2 on Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft Prosshd
NVD VulDB Exploit-DB
CVSS 3.1
7.5
EPSS
3.6%
CVE-2024-0723 HIGH POC This Week

A vulnerability was found in freeSSHd 1.0.9 on Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Microsoft Freesshd
NVD VulDB Exploit-DB
CVSS 3.1
7.5
EPSS
3.6%
CVE-2024-22422 HIGH POC PATCH This Week

AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Denial Of Service Anythingllm
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-51946 MEDIUM POC This Month

Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Actinas Sl 2U 8 Rdx Firmware
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-0726 MEDIUM POC This Month

A vulnerability was found in Project Worlds Student Project Allocation System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Student Project Allocation System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-0721 MEDIUM POC This Month

A vulnerability has been found in Jspxcms 10.2.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jspxcms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-0720 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in FactoMineR FactoInvestigate up to 1.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Factoinvestigate
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-23679 CRITICAL PATCH Act Now

Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation Information Disclosure Xp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-0739 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in Hecheng Leadshop up to 1.4.20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Leadshop
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-0734 CRITICAL Act Now

A vulnerability was found in Smsot up to 2.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Smsot
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-0733 CRITICAL Act Now

A vulnerability was found in Smsot up to 2.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Smsot
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-0714 CRITICAL Act Now

A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection Phoniebox
NVD VulDB
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-22957 MEDIUM POC This Month

swftools 0.9.2 was discovered to contain an Out-of-bounds Read vulnerability via the function dict_do_lookup in swftools/lib/q.c:1190. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-22914 MEDIUM POC This Month

A heap-use-after-free was found in SWFTools v0.9.2, in the function input at lex.swf5.c:2620. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-0722 MEDIUM POC This Month

A vulnerability was found in code-projects Social Networking Site 1.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Social Networking Site
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-0717 MEDIUM POC THREAT This Month

A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 825Acg1 Firmware Dir 841 Firmware Dir 1260 Firmware +41
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
18.2%
CVE-2024-0716 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Byzoro Smart S150 Management Platform V31R02B15. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP Information Disclosure Smart S150 Firmware
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
1.2%
CVE-2024-23687 CRITICAL PATCH Act Now

Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Java Mod Data Export Spring
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-0718 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in liuwy-dlsdys zhglxt 4.7.7. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zhglxt
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-40700 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP - Membership Management ArcStone wp-amo, Long Watch Studio. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF WordPress Admin Css Mu Amp Toolbox Confirm Data +12
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2024-23329 LOW POC PATCH Monitor

changedetection.io is an open source tool designed to monitor websites for content changes. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Changedetection
NVD GitHub
CVSS 3.1
3.7
EPSS
0.6%
CVE-2024-23684 HIGH PATCH This Week

Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Cbor
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-0736 HIGH This Week

A vulnerability classified as problematic has been found in EFS Easy File Sharing FTP 3.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Easy File Sharing Ftp Server
NVD VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-22563 HIGH This Week

openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openvswitch
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy