Skip to main content
CVE-2024-24563 CRITICAL POC PATCH Act Now

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Vyper
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-24188 CRITICAL POC Act Now

Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Jsish
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-24186 CRITICAL POC Act Now

Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Jsish
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-24004 CRITICAL POC Act Now

jshERP v3.3 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jsherp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-24002 CRITICAL POC Act Now

jshERP v3.3 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jsherp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-24001 CRITICAL POC Act Now

jshERP v3.3 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jsherp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-24824 HIGH POC PATCH THREAT This Week

Graylog is a free and open log management platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass RCE Information Disclosure Graylog
NVD GitHub
CVSS 3.1
8.8
EPSS
34.5%
CVE-2024-25201 HIGH POC This Week

Espruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bounds Read via jsvStringIteratorPrintfCallback at src/jsvar.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Espruino
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-25200 HIGH POC This Week

Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overflow via the jspeFactorFunctionCall at src/jsparse.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Espruino
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-24131 MEDIUM POC This Month

SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Superwebmailer
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-24130 MEDIUM POC This Month

Mail2World v12 Business Control Center was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Usr parameter at resellercenter/login.asp. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mail2World Webmail
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-1269 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Product Management System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Product Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-1266 MEDIUM POC This Month

A vulnerability classified as problematic was found in CodeAstro University Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS University Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-24811 CRITICAL PATCH Act Now

SQLAlchemyDA is a generic database adapter for ZSQL methods. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sqlalchemyda
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-24189 CRITICAL Act Now

Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Jsish
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-24133 CRITICAL Act Now

Atmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Atmail
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-24303 CRITICAL Act Now

SQL Injection vulnerability in HiPresta "Gift Wrapping Pro" (hiadvancedgiftwrapping) module for PrestaShop before version 1.4.1, allows remote attackers to escalate privileges and obtain sensitive. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Gift Wrapping Pro
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-1268 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in CodeAstro Restaurant POS System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Restaurant Pos System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-24019 CRITICAL Act Now

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Novel Plus
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1264 CRITICAL Act Now

A vulnerability has been found in Juanpao JPShop up to 1.5.02 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Jpshop
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-24822 CRITICAL PATCH Act Now

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Admin Classic Bundle
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-1118 HIGH PATCH This Week

The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Podlove Subscribe Button
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-20254 HIGH This Week

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Expressway
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-20252 HIGH This Week

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Expressway
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-22022 HIGH This Week

Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Recovery Orchestrator
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-1265 MEDIUM POC This Month

A vulnerability classified as problematic has been found in CodeAstro University Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS University Management System
NVD VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-22012 HIGH This Week

there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-24810 HIGH PATCH This Week

WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Wix Toolset
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-23448 HIGH PATCH This Week

An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Apm Server
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-24311 HIGH PATCH This Week

Path Traversal vulnerability in Linea Grafica "Multilingual and Multistore Sitemap Pro - SEO" (lgsitemaps) module for PrestaShop before version 1.6.6, a guest can download personal information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Multilingual And Multistore Sitemap Pro
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-24304 HIGH PATCH This Week

In the module "Mailjet" (mailjet) from Mailjet for PrestaShop before versions 3.5.1, a guest can download technical information without restriction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mailjet
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-20255 HIGH This Week

A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Expressway
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2024-1066 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-25143 MEDIUM PATCH This Month

The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-23447 MEDIUM This Month

An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Network Drive Connector
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-23446 MEDIUM This Month

An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elastic Kibana
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-0971 MEDIUM This Month

A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Nessus
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-0256 MEDIUM PATCH This Month

The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Starbox
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-1037 MEDIUM PATCH This Month

The All-In-One Security (AIOS) - Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress All In One Security
NVD VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-24816 MEDIUM PATCH This Month

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor
NVD GitHub
CVSS 3.1
6.1
EPSS
1.7%
CVE-2024-24815 MEDIUM PATCH This Month

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-1267 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in CodeAstro Restaurant POS System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Restaurant Pos System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-24771 MEDIUM This Month

Open Forms allows users create and publish smart forms. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Open Forms
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2024-24488 MEDIUM This Month

An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain sensitive information via the password component. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Tenda Cp3 Firmware
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-23769 MEDIUM This Month

Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Microsoft Magician
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-1055 MEDIUM PATCH This Month

The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's buttons in all versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Powerpack Addons For Elementor Elementor
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-24706 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp-cfm.7.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Cfm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-1079 MEDIUM PATCH This Month

The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Quiz Maker
NVD VulDB
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-25145 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Dxp Liferay Portal
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-24812 MEDIUM This Month

Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and a tightly integrated client side library. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Python Frappe
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy