Skip to main content
CVE-2024-24300 CRITICAL POC Act Now

4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Eap 767 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-25223 CRITICAL POC Act Now

Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Admin Panel
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25222 CRITICAL POC Act Now

Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Task Manager
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25220 CRITICAL POC Act Now

Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the taskID parameter at /TaskManager/EditTask.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Task Manager
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25217 CRITICAL POC Act Now

Online Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /omos/?p=products/view_product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Medicine Ordering System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25216 CRITICAL POC Act Now

Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the mailud parameter at /aprocess.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Employee Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25215 CRITICAL POC Act Now

Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Employee Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25214 CRITICAL POC Act Now

An issue in Employee Managment System v1.0 allows attackers to bypass authentication via injecting a crafted payload into the E-mail and Password parameters at /alogin.html. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Employee Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-25211 CRITICAL POC Act Now

Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the category parameter at /endpoint/delete_category.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Expense Tracker App
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-25210 CRITICAL POC Act Now

Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense parameter at /endpoint/delete_expense.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Expense Tracker App
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-25209 CRITICAL POC Act Now

Barangay Population Monitoring System 1.0 was discovered to contain a SQL injection vulnerability via the resident parameter at /endpoint/delete-resident.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Barangay Population Monitoring System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-24301 HIGH POC This Week

Command Injection vulnerability discovered in 4ipnet EAP-767 device v3.42.00 within the web interface of the device allows attackers with valid credentials to inject arbitrary shell commands to be. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Eap 767 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2024-25165 HIGH POC This Week

A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-25618 HIGH POC PATCH This Week

Mastodon is a free, open-source social network server based on ActivityPub. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Microsoft Mastodon
NVD GitHub
CVSS 3.1
7.4
EPSS
0.5%
CVE-2024-25301 HIGH POC This Week

Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Redaxo
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2024-25213 HIGH POC This Week

Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /edit.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Employee Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-25212 HIGH POC This Week

Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /delete.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Employee Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-25221 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Task Manager
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-25219 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Task Manager
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-25218 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Task Manager
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-6441 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UNI-PA University Marketing & Computer Internet Trade Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi University Information System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-24691 CRITICAL Act Now

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Meeting Software Development Kit Rooms Vdi Windows Meeting Clients +1
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-25225 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Admin Panel
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-25224 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Size Number parameter under. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Admin Panel
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-25208 MEDIUM POC This Month

Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Barangay Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-25207 MEDIUM POC This Month

Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Barangay Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-23786 CRITICAL Act Now

Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jh Rvb1 Firmware Jh Rv11 Firmware
NVD
CVSS 3.1
9.3
EPSS
0.8%
CVE-2024-0008 HIGH This Week

Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Paloalto Pan Os
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-0568 HIGH This Week

CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tampering of device configuration over NFC communication. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rmnf22Tb30 Firmware Renf22R2Mmw Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-23789 HIGH This Week

Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Jh Rvb1 Firmware Jh Rv11 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-23783 HIGH This Week

Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jh Rvb1 Firmware Jh Rv11 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-22093 HIGH This Week

When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Big Ip Access Policy Manager Big Iq Centralized Management Big Ip Advanced Firewall Manager Big Ip Analytics +8
NVD
CVSS 3.1
8.7
EPSS
0.8%
CVE-2024-1485 HIGH PATCH This Week

A flaw was found in the decompression function of registry-support. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Registry Support Openshift Openshift Developer Tools And Services
NVD GitHub
CVSS 3.1
8.0
EPSS
1.6%
CVE-2024-23788 HIGH This Week

Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SSRF Jh Rvb1 Firmware Jh Rv11 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2024-24697 HIGH This Week

Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Meeting Software Development Kit Rooms Vdi Windows Meeting Clients +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-25617 HIGH PATCH This Week

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Bluexp
NVD GitHub
CVSS 3.1
7.5
EPSS
88.9%
CVE-2024-24990 HIGH This Week

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Nginx Memory Corruption Nginx Open Source +1
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-24989 HIGH This Week

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Nginx Denial Of Service Nginx Open Source Nginx Plus
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-24775 HIGH This Week

When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Big Ip Access Policy Manager Big Iq Centralized Management Big Ip Advanced Firewall Manager +9
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-23982 HIGH This Week

When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Big Ip Policy Enforcement Manager
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-23979 HIGH This Week

When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Iq Centralized Management Big Ip Advanced Firewall Manager Big Ip Analytics +8
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-23805 HIGH This Week

Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Advanced Web Application Firewall Big Ip Application Security Manager
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-23314 HIGH This Week

When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Iq Centralized Management Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-23308 HIGH This Week

When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Big Ip Advanced Web Application Firewall Big Ip Application Security Manager
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-21849 HIGH This Week

When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Advanced Web Application Firewall Big Ip Application Security Manager
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-21789 HIGH This Week

When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Advanced Web Application Firewall Big Ip Application Security Manager
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-21771 HIGH This Week

For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time matching the traffic against signatures, resulting in Traffic Management Microkernel (TMM) restarting and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Advanced Firewall Manager
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-21763 HIGH This Week

When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel (TMM) to terminate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Big Ip Advanced Firewall Manager
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-1367 HIGH This Week

A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Security Center
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2024-22389 HIGH This Week

When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change does not sync to the peer device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Iq Centralized Management Big Ip Advanced Firewall Manager Big Ip Analytics +8
NVD
CVSS 3.1
7.2
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy