Skip to main content
CVE-2024-25850 CRITICAL POC THREAT Act Now

Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the wps_ap_ssid5g parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wf2780 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
19.1%
CVE-2024-26352 HIGH POC This Week

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_places.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Flusity
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-26350 HIGH POC This Week

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_contact_form_settings.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Flusity
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-26483 HIGH POC PATCH This Week

An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE File Upload Kirby
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-25251 HIGH POC This Week

code-projects Agro-School Management System 1.0 is suffers from Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Agro School Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-25851 HIGH POC This Week

Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the config_sequence parameter in other_para of cgitest.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wf2780 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.9%
CVE-2024-26482 HIGH POC This Week

An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

XSS Kirby
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-25385 MEDIUM POC This Month

An issue in flvmeta v.1.2.2 allows a local attacker to cause a denial of service via the flvmeta/src/flv.c:375:21 function in flv_close. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Flvmeta
NVD GitHub
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-26152 MEDIUM POC PATCH This Month

XSS CSRF File Upload Label Studio
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2024-26284 MEDIUM POC This Month

Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker's website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple XSS Firefox Focus
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-26445 MEDIUM POC This Month

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Flusity
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-25876 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Enhavo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-25875 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Enhavo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-26491 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flusity
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-26489 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Social block links' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flusity
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-26484 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Kirby
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-25802 CRITICAL Act Now

SKINsoft S-Museum 7.02.3 allows Unrestricted File Upload via the Add Media function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload S Museum
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25369 MEDIUM POC This Month

A reflected Cross-Site Scripting (XSS) vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the group_id parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Fuel Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-26151 MEDIUM POC PATCH This Month

The `mjml` PyPI package, found at the `FelixSchwarz/mjml-python` GitHub repo, is an unofficial Python port of MJML, a markup language created by Mailjet. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Python Mjml Python
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-25874 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Enhavo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-25873 MEDIUM POC This Month

Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Enhavo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-26490 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Addon JD Simple module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flusity
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-22393 CRITICAL PATCH Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.2.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache File Upload Answer
NVD
CVSS 3.1
9.1
EPSS
2.5%
CVE-2024-25828 MEDIUM POC This Month

cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/template_admin.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Cmseasy
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-25753 HIGH This Week

Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the formSetDeviceName function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow RCE Ac9 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-25748 HIGH This Week

A Stack Based Buffer Overflow vulnerability in tenda AC9 AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetIpMacBind function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow RCE Ac9 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-25746 HIGH This Week

Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the add_white_node function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow RCE Ac9 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-1749 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Bdtask Bhojon Best Restaurant Management Software 2.9. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bhojon
NVD VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-23094 HIGH This Week

Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /cover/addons/info_media_gallery/action/edit_addon_post.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP CSRF Flusity
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-26481 MEDIUM POC PATCH This Month

Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

XSS Kirby
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-1451 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
8.7
EPSS
51.5%
CVE-2024-25021 HIGH This Week

IBM AIX 7.3, VIOS 4.1's Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary commands. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Vios Aix
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2024-26349 MEDIUM POC This Month

flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_translation.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Flusity
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-1750 HIGH This Week

A vulnerability, which was classified as critical, was found in TemmokuMVC up to 2.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization PHP Temmokumvc
NVD VulDB
CVSS 3.1
8.1
EPSS
0.8%
CVE-2024-1563 HIGH This Week

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Apple Mozilla Firefox Focus
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-0220 HIGH This Week

B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection Information Disclosure RCE Automation Studio Technology Guarding
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-25756 HIGH This Week

A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the formWifiBasicSet function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow RCE Ac9 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.6%
CVE-2024-26592 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix UAF issue in ksmbd_tcp_new_connection() The race is between the handling of a new TCP connection and its disconnection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-26589 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS For PTR_TO_FLOW_KEYS, check_flow_keys_access() only uses fixed off for. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-26588 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Prevent out-of-bounds memory access The test_tag test triggers an unhandled page fault: # ./test_tag [ 130.640218]. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-26283 HIGH This Week

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Mozilla Firefox
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-23137 HIGH This Week

A maliciously crafted STP or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to uninitialized variables. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Autocad Autocad Architecture Autocad Electrical Autocad Mechanical +5
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2024-23136 HIGH This Week

A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk applications can be used to dereference an untrusted pointer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Autocad Electrical Autocad Mechanical Autocad Mep Autocad Plant 3D +5
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-23135 HIGH This Week

A maliciously crafted SLDPRT file in ASMkern228A.dll when parsed through Autodesk applications can be used in user-after-free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-23134 HIGH This Week

A maliciously crafted IGS file in tbb.dll when parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Autocad Autocad Architecture +7
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-23133 HIGH This Week

A maliciously crafted STP file in ASMDATAX228A.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Autocad Autocad Architecture Autocad Electrical +6
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-23132 HIGH This Week

A maliciously crafted STP file in atf_dwg_consumer.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Autocad Autocad Architecture Autocad Electrical +6
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-23131 HIGH This Week

A maliciously crafted STP file, when parsed in ASMIMPORT229A.dll, ASMKERN228A.dll, ASMkern229A.dll or ASMDATAX228A.dll through Autodesk applications, can lead to a memory corruption vulnerability by. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Autocad Electrical Autocad Mechanical Autocad Mep +6
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-23130 HIGH This Week

A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Autocad Autocad Architecture Autocad Electrical +6
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-23129 HIGH This Week

A maliciously crafted MODEL 3DM, STP, or SLDASM file, when in opennurbs.dll parsed through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Autocad Autocad Architecture Autocad Electrical +6
NVD
CVSS 3.1
7.8
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy