Skip to main content
CVE-2024-21488 CRITICAL POC PATCH Act Now

Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function without input sanitization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Network
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.2%
CVE-2024-24333 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-24332 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-24331 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-24330 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-24329 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
6.2%
CVE-2024-24328 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
6.2%
CVE-2024-24327 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-24326 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-24325 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-24324 CRITICAL POC Act Now

TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A8000Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-1061 CRITICAL POC THREAT Act Now

The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the 'get_view' function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Html5 Video Player
NVD
CVSS 3.1
9.8
EPSS
11.2%
CVE-2024-22938 HIGH POC This Week

Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the init function in admin.class.php component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE PHP Bosscms
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-22523 HIGH POC This Week

Directory Traversal vulnerability in Qiyu iFair version 23.8_ad0 and before, allows remote attackers to obtain sensitive information via uploadimage component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ifair
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-22894 MEDIUM POC This Month

An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Heat Pumps Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-24565 MEDIUM POC PATCH This Month

CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Cratedb
NVD GitHub
CVSS 3.1
6.5
EPSS
3.1%
CVE-2024-0564 MEDIUM POC This Month

A flaw was found in the Linux kernel's memory deduplication mechanism. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Linux Linux Kernel Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-22643 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Seo Panel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-7225 MEDIUM POC PATCH This Month

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Mappress
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-1036 CRITICAL Act Now

A vulnerability was found in openBI up to 1.0.8 and classified as critical.php of the component Icon Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Openbi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-21653 CRITICAL PATCH Act Now

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Docker Vantage6
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-1035 CRITICAL Act Now

A vulnerability has been found in openBI up to 1.0.8 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Openbi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-1034 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Openbi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-1032 CRITICAL Act Now

A vulnerability classified as critical was found in openBI up to 1.0.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Openbi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-1027 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Facebook News Feed Like 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Facebook News Feed Like
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-23840 MEDIUM POC PATCH This Month

GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Goreleaser
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-24567 MEDIUM POC PATCH This Month

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vyper
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-22648 MEDIUM POC This Month

A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Seo Panel
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-22647 MEDIUM POC This Month

An user enumeration vulnerability was found in SEO Panel 4.10.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Seo Panel
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-22646 MEDIUM POC This Month

An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Seo Panel
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-23825 MEDIUM POC PATCH This Month

TablePress is a table plugin for Wordpress. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF WordPress Tablepress
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-23647 HIGH PATCH This Week

Authentik is an open-source Identity Provider. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass CSRF Authentik
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-21649 HIGH PATCH This Week

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Vantage6
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-1019 HIGH PATCH This Week

ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Modsecurity
NVD
CVSS 3.1
8.6
EPSS
0.7%
CVE-2024-0674 HIGH This Week

Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Douro Firmware Douro Ii Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-21803 HIGH This Week

Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Linux Denial Of Service Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-23838 HIGH PATCH This Week

TrueLayer.NET is the .Net client for TrueLayer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure Truelayer Net
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-1033 HIGH This Week

A vulnerability, which was classified as problematic, has been found in openBI up to 1.0.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Openbi
NVD VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-1063 HIGH This Week

Appwrite <= v1.4.13 is affected by a Server-Side Request Forgery (SSRF) via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Appwrite
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-0676 HIGH This Week

Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version , which allows a local user to interact with the machine where the application is installed, retrieve. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Brute Force Information Disclosure Douro Firmware Douro Ii Firmware
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-21840 HIGH This Week

Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files.0.0 through 04.9.2. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Storage Plug In
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-0675 MEDIUM This Month

Vulnerability of improper checking for unusual or exceptional conditions in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, the exploitation of which could allow an attacker with physical. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Douro Firmware Douro Ii Firmware
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-21388 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Google Microsoft Edge Chromium
NVD
CVSS 3.1
6.5
EPSS
32.0%
CVE-2024-23834 MEDIUM PATCH This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Discourse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-24558 MEDIUM PATCH This Month

TanStack Query supplies asynchronous state management, server-state utilities and data fetching for the web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Node.js XSS React Query Next Experimental
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-24556 MEDIUM PATCH This Month

urql is a GraphQL client that exposes a set of helpers for several frameworks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Urql
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-23841 MEDIUM PATCH This Month

apollo-client-nextjs is the Apollo Client support for the Next.js App Router. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js XSS Apollo Client
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-1031 MEDIUM This Month

A vulnerability was found in CodeAstro Expense Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Expense Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-1029 MEDIUM This Month

A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Ereserv
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-1028 MEDIUM This Month

A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Facebook News Feed Like
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy