Skip to main content
CVE-2024-1021 CRITICAL POC THREAT Act Now

A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Rebuild
NVD VulDB
CVSS 3.1
9.8
EPSS
34.7%
CVE-2024-24141 CRITICAL POC Act Now

Sourcecodester School Task Manager App 1.0 allows SQL Injection via the 'task' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi School Task Manager
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-1009 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Employee Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Employee Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-23822 CRITICAL POC PATCH Act Now

Thruk is a multibackend monitoring webinterface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal File Upload Thruk
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-1001 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Totolink N200RE 9.3.5u.6139_B20201216. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow N200re Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-0996 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Tenda i9 1.0.0.9(4122). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow I9 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-0995 CRITICAL POC Act Now

A vulnerability was found in Tenda W6 1.0.0.9(4122). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W6 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-0994 CRITICAL POC Act Now

A vulnerability was found in Tenda W6 1.0.0.9(4122). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W6 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-0993 CRITICAL POC Act Now

A vulnerability was found in Tenda i6 1.0.0.9(3857). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow I6 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-0992 CRITICAL POC Act Now

A vulnerability was found in Tenda i6 1.0.0.9(3857) and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow I6 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-0991 CRITICAL POC Act Now

A vulnerability has been found in Tenda i6 1.0.0.9(3857) and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow I6 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-0990 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in Tenda i6 1.0.0.9(3857). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow I6 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-0986 CRITICAL POC THREAT Act Now

A vulnerability was found in Issabel PBX 4.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Pbx
NVD VulDB
CVSS 3.1
9.8
EPSS
58.2%
CVE-2024-1011 HIGH POC This Week

A vulnerability classified as problematic was found in SourceCodester Employee Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Employee Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-1003 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Totolink N200RE 9.3.5u.6139_B20201216. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow N200re Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-1002 HIGH POC This Week

A vulnerability classified as critical was found in Totolink N200RE 9.3.5u.6139_B20201216. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow N200re Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-1000 HIGH POC This Week

A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow N200re Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-0999 HIGH POC This Week

A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow N200re Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-0998 HIGH POC This Week

A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow N200re Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-0997 HIGH POC This Week

A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow N200re Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-23940 HIGH POC This Week

Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Trend Micro Air Support Antivirus Security Internet Security +2
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-1017 HIGH POC This Week

A vulnerability was found in Gabriels FTP Server 1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gabriels Ftp Server
NVD VulDB
CVSS 3.1
7.5
EPSS
1.4%
CVE-2024-1016 HIGH POC This Week

A vulnerability was found in Solar FTP Server 2.1.1/2.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Solar Ftp Server
NVD VulDB
CVSS 3.1
7.5
EPSS
1.4%
CVE-2024-23747 HIGH POC This Week

The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Modernanet Hospital Management System 2024
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-1014 HIGH POC This Week

Uncontrolled resource consumption vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service E Ddc3 3 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-24736 HIGH POC This Week

The POP3 service in YahooPOPs (aka YPOPs!) 1.6 allows a remote denial of service (reboot) via a long string to TCP port 110, a related issue to CVE-2004-1558. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ypops
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-24140 HIGH POC This Week

Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.'. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Daily Habit Tracker
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-24139 HIGH POC This Week

Sourcecodester Login System with Email Verification 1.0 allows SQL Injection via the 'user' parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Login System With Email Verification
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-1008 HIGH POC This Week

A vulnerability was found in SourceCodester Employee Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Employee Management System
NVD VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-1007 HIGH POC This Week

A vulnerability was found in SourceCodester Employee Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Employee Management System
NVD VulDB
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-1004 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Totolink N200RE 9.3.5u.6139_B20201216. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow N200re Firmware
NVD VulDB
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-1020 MEDIUM POC This Month

A vulnerability classified as problematic was found in Rebuild up to 3.5.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rebuild
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-24136 MEDIUM POC This Month

The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Math Game
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-1018 MEDIUM POC This Month

A vulnerability classified as problematic has been found in PbootCMS 3.2.5-20230421. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pbootcms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-24135 MEDIUM POC This Month

Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Product Inventory With Export To Excel
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-23827 CRITICAL PATCH Act Now

Nginx-UI is a web interface to manage Nginx configurations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Nginx Nginx Ui
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-1015 CRITICAL Act Now

Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE E Ddc3 3 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-23790 CRITICAL Act Now

Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes.0.X through 7.0.48, from 8.0.X through 8.0.37, from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-0989 CRITICAL Act Now

A vulnerability, which was classified as problematic, has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Kuerp
NVD VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-0988 CRITICAL Act Now

A vulnerability classified as critical was found in Sichuan Yougou Technology KuERP up to 1.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Kuerp
NVD VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-0987 CRITICAL Act Now

A vulnerability classified as critical has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kuerp
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-23826 MEDIUM POC PATCH This Month

spbu_se_site is the website of the Department of System Programming of St. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Microsoft Spbu Se Site
NVD GitHub
CVSS 3.1
5.7
EPSS
0.4%
CVE-2024-23441 MEDIUM POC This Month

Vba32 Antivirus v3.36.0 is vulnerable to a Denial of Service vulnerability by triggering the 0x2220A7 IOCTL code of the Vba32m64.sys driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Vba32
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-1010 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Employee Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-22559 MEDIUM POC This Month

LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lightcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-1022 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in CodeAstro Simple Student Result Management System 5.6. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simple Student Result Management System
NVD VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-24134 MEDIUM POC This Month

Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in the Update Menu section. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Food Menu
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2024-23828 HIGH PATCH This Week

Nginx-UI is a web interface to manage Nginx configurations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nginx Nginx Ui
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-1005 HIGH This Week

A vulnerability has been found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Noderp
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-23791 HIGH This Week

Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Otrs
NVD
CVSS 3.1
7.5
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy