Skip to main content
CVE-2024-0705 CRITICAL POC PATCH THREAT Act Now

The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.7%.

SQLi WordPress Stripe Payment Plugin For Woocommerce
NVD VulDB
CVSS 3.1
9.8
EPSS
19.7%
Threat
4.1
CVE-2024-0738 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in 个人开源 mldong 1.0.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Mldong
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-0735 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Tours Travels Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-0730 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Time Table Generator
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-0729 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Foru Cms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-0728 CRITICAL POC Act Now

A vulnerability classified as problematic was found in ForU CMS up to 2020-06-23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Foru Cms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-0712 CRITICAL POC Act Now

A vulnerability was found in Byzoro Smart S150 Management Platform V31R02B15. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Smart S150 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.9%
CVE-2023-51947 CRITICAL POC Act Now

Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Actinas Sl 2U 8 Rdx Firmware
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.9%
CVE-2024-23679 CRITICAL PATCH Act Now

Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation Information Disclosure Xp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-0739 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in Hecheng Leadshop up to 1.4.20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Leadshop
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-0734 CRITICAL Act Now

A vulnerability was found in Smsot up to 2.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Smsot
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-0733 CRITICAL Act Now

A vulnerability was found in Smsot up to 2.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Smsot
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-0714 CRITICAL Act Now

A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection Phoniebox
NVD VulDB
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-23687 CRITICAL PATCH Act Now

Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Java Mod Data Export Spring
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy