Skip to main content
CVE-2024-25316 CRITICAL POC Act Now

Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?eid=2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hotel Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25315 CRITICAL POC Act Now

Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hotel Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25314 CRITICAL POC Act Now

Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hotel Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25307 CRITICAL POC Act Now

Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1.". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Cinema Seat Reservation System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25302 CRITICAL POC Act Now

Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Event Student Attendance System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-21762 CRITICAL POC KEV THREAT Act Now

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Fortinet Memory Corruption Fortiproxy Fortios
NVD
CVSS 3.1
9.8
EPSS
83.4%
CVE-2024-25450 HIGH POC This Week

imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts(). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imlib2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-25448 HIGH POC This Week

An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Imlib2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-25447 HIGH POC This Week

An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Imlib2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-25318 HIGH POC This Week

Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hotel Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-25310 HIGH POC This Week

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/delete.php?id=5.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple School Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-25313 HIGH POC This Week

Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/teacher_login.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Simple School Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-25312 HIGH POC This Week

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/sub_delete.php?id=5.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple School Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-25309 HIGH POC This Week

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'pass' parameter at School/teacher_login.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple School Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-25308 HIGH POC This Week

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'name' parameter at School/teacher_login.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple School Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-25306 HIGH POC This Week

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'aname' parameter at "School/index.php". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple School Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-25305 HIGH POC This Week

Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/index.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass SQLi PHP Simple School Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-25304 HIGH POC This Week

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple School Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-24820 HIGH POC This Week

Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF Icinga
NVD GitHub
CVSS 3.1
8.3
EPSS
0.4%
CVE-2024-25446 HIGH POC This Week

An issue in the HuginBase::PTools::setDestImage function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Hugin
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-25445 HIGH POC This Week

Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Hugin
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-25443 HIGH POC This Week

An issue in the HuginBase::ImageVariable<double>::linkWith function of Hugin v2022.0.0 allows attackers to cause a heap-use-after-free via parsing a crafted image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Hugin
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-25442 HIGH POC This Week

An issue in the HuginBase::PanoramaMemento::loadPTScript function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Hugin
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-23749 HIGH POC This Week

KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Kitty
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
4.7%
CVE-2024-25004 HIGH POC This Week

KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Kitty
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.8%
CVE-2024-25003 HIGH POC This Week

KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Kitty
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.8%
CVE-2024-25451 MEDIUM POC This Month

Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_DataBuffer::ReallocateBuffer() function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-25675 CRITICAL PATCH Act Now

An issue was discovered in MISP before 2.4.184. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Misp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-25674 CRITICAL PATCH Act Now

An issue was discovered in MISP before 2.4.184. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Misp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-6677 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Financial Technology Online Collection allows SQL Injection.1.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Online Collection
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-25678 CRITICAL PATCH Act Now

In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Lsquic
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-24308 CRITICAL PATCH Act Now

SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Boostmyshop
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-1353 CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Phpems
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25454 MEDIUM POC This Month

Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-25453 MEDIUM POC This Month

Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_StszAtom::GetSampleSize() function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-25452 MEDIUM POC This Month

Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_UrlAtom::AP4_UrlAtom() function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-22318 MEDIUM POC This Month

IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

IBM Information Disclosure Microsoft I Access Client Solutions
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
0.6%
CVE-2024-22119 MEDIUM POC This Month

The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zabbix
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-6724 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse.0, for Android. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Authentication Bypass Google Hearing Tracking System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2024-25677 HIGH This Week

In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Min
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-24819 HIGH PATCH This Week

icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Icingaweb2 Module Incubator
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-24828 HIGH This Week

pkg is tool design to bundle Node.js projects into an executables. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Node.js Pkg
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-23639 HIGH PATCH This Week

Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Information Disclosure Micronaut
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-0842 HIGH PATCH This Week

The Backuply - Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service WordPress PHP Backuply
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-23327 HIGH PATCH This Week

Envoy is a high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-23325 HIGH PATCH This Week

Envoy is a high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-23324 HIGH PATCH This Week

Envoy is a high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-23322 HIGH PATCH This Week

Envoy is a high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-1404 HIGH This Week

A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linksys Information Disclosure Wrt54Gl Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-24825 HIGH PATCH This Week

DIRAC is a distributed resource framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Dirac
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy