Skip to main content
CVE-2024-1832 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Complete File Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Complete File Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-1831 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Complete File Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete File Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-1830 CRITICAL POC Act Now

A vulnerability was found in code-projects Library System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Library System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-1829 CRITICAL POC Act Now

A vulnerability was found in code-projects Library System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Library System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-1828 CRITICAL POC Act Now

A vulnerability was found in code-projects Library System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Library System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-1827 CRITICAL POC Act Now

A vulnerability was found in code-projects Library System 1.0 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Library System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-1783 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130/9.3.5u.6698_B20230810. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Lr1200Gb Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.0%
CVE-2024-1781 CRITICAL POC THREAT Act Now

A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.852_20230719. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X6000r Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
14.7%
CVE-2024-27133 CRITICAL POC PATCH Act Now

Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mlflow
NVD GitHub
CVSS 3.1
9.6
EPSS
0.7%
CVE-2024-27132 CRITICAL POC PATCH Act Now

Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mlflow
NVD GitHub
CVSS 3.1
9.6
EPSS
0.9%
CVE-2024-25469 HIGH POC This Week

SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Crmeb Java
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-1786 HIGH POC This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DIR-600M C1 3.08. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 600M Firmware
NVD VulDB GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2024-1819 HIGH POC This Week

A vulnerability was found in CodeAstro Membership Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Membership Management System
NVD VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-1818 HIGH POC This Week

A vulnerability was found in CodeAstro Membership Management System 1.0 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Membership Management System
NVD VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-1833 MEDIUM POC This Month

A vulnerability was found in SourceCodester Employee Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Employee Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-1784 MEDIUM POC This Month

A vulnerability classified as problematic was found in Limbas 5.2.14. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

SQLi PHP Limbas
NVD GitHub VulDB
CVSS 3.1
6.6
EPSS
0.7%
CVE-2024-1834 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Student Attendance System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-24681 CRITICAL Act Now

An issue was discovered in Yealink Configuration Encrypt Tool (AES version) and Yealink Configuration Encrypt Tool (RSA version before 1.2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Configuration Encryption Tool
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-22988 CRITICAL Act Now

ZKteco ZKBio WDMS before 9.0.2 Build 20250526 allows an attacker to download a database backup via the /files/backup/ component because the filename is based on a predictable timestamp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Zkbio Wdms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-25730 CRITICAL Act Now

Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a "Hitron" substring, resulting in insufficient entropy (only about one million. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coda 4582U Firmware Coda 4589 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-1826 CRITICAL Act Now

A vulnerability has been found in code-projects Library System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Library System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1824 CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in CodeAstro House Rental Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP House Rental Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1820 CRITICAL Act Now

A vulnerability was found in code-projects Crime Reporting System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Crime Reporting System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1817 CRITICAL Act Now

A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Dm Enterprise Website Building System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-25928 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sitepact.0.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Contact Form 7 Extension For Klaviyo
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-1823 MEDIUM POC This Month

A vulnerability classified as critical was found in CodeAstro Simple Voting System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Simple Voting System
NVD VulDB
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-27319 CRITICAL PATCH Act Now

Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Onnx Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-24310 HIGH This Week

In the module "Generate barcode on invoice / delivery slip" (ecgeneratebarcode) from Ether Creation <= 1.2.0 for PrestaShop, a guest can perform SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Generate Barcode On Invoice Delivery Slip
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-23320 HIGH PATCH This Week

Improper Input Validation vulnerability in Apache DolphinScheduler. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Dolphinscheduler
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-1821 HIGH This Week

A vulnerability was found in code-projects Crime Reporting System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Crime Reporting System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-22776 MEDIUM POC This Month

Wallos 0.9 is vulnerable to Cross Site Scripting (XSS) in all text-based input fields without proper validation, excluding those requiring specific formats like date fields. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wallos
NVD GitHub
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-26192 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Microsoft Edge Chromium
NVD
CVSS 3.1
8.2
EPSS
1.5%
CVE-2024-22243 HIGH PATCH This Week

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Open Redirect
NVD
CVSS 3.1
8.1
EPSS
4.0%
CVE-2024-26599 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: pwm: Fix out-of-bounds access in of_pwm_single_xlate() With args->args_count == 2 args->args[2] is not defined. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-26598 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is a potential UAF scenario in the case of an LPI. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-24309 HIGH PATCH This Week

In the module "Survey TMA" (ecomiz_survey_tma) up to version 2.0.0 from Ecomiz for PrestaShop, a guest can download personal information without restriction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Survey Tma
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-27318 HIGH PATCH This Week

Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Onnx Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-26150 HIGH PATCH This Week

`@backstage/backend-common` is a common functionality library for backends for Backstage, an open platform for building developer portals. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Backstage Backend Common
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-1683 HIGH This Week

A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Identity Exposure
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-1776 HIGH This Week

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'form-id' parameter in all versions up to, and including, 1.1.1 due to insufficient escaping. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Admin Side Data Storage For Contact Form 7
NVD VulDB
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-26597 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: qualcomm: rmnet: fix global oob in rmnet_policy The variable rmnet_link_ops assign a *bigger* maxtype which leads to a global. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Qualcomm Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-26594 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
78.4%
CVE-2024-26593 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions According to the Intel datasheets, software must reset the block buffer index twice. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Intel Buffer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-24416 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arne Franken All In One Favicon.7. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal All In One Favicon
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-0563 MEDIUM This Month

Denial of service condition in M-Files Server in versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service M Files Server
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-1825 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in CodeAstro House Rental Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS House Rental Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-1822 MEDIUM This Month

A vulnerability classified as problematic has been found in PHPGurukul Tourism Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Tourism Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-26596 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events After the blamed commit, we started doing this. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-52458 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: block: add check that partition length needs to be aligned with block size Before calling add partition or resize partition, there. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-26595 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path When calling mlxsw_sp_acl_tcam_region_destroy() from an error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy