Skip to main content
CVE-2024-1698 CRITICAL POC PATCH THREAT Act Now

SQL injection in the NotificationX WordPress plugin (versions up to and including 2.8.2) allows unauthenticated remote attackers to append arbitrary SQL queries via the 'type' parameter and exfiltrate sensitive database contents. Publicly available exploit code exists and the EPSS score of 93.74% (100th percentile) indicates very high probability of exploitation attempts in the wild, though the CVE is not currently listed in CISA KEV.

SQLi WordPress Notificationx
NVD VulDB
CVSS 3.1
9.8
EPSS
93.7%
Threat
6.3
CVE-2024-1926 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Free And Open Source Inventory Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25400 CRITICAL POC Act Now

Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Subrion
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-1923 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Student Attendance System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-25846 CRITICAL POC Act Now

In the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Product Catalog Csv Excel Import
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-25723 HIGH POC PATCH THREAT This Week

{user_name_or_id}/activate REST API endpoint allows access on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Python Privilege Escalation Zenml
NVD GitHub
CVSS 3.1
8.8
EPSS
70.6%
CVE-2024-0763 HIGH POC PATCH This Week

Any user can delete an arbitrary folder (recursively) on a remote server due to bad input sanitization leading to path traversal. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Anythingllm
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2024-22544 HIGH POC This Week

An issue was discovered in Linksys Router E1700 version 1.0.04 (build 3), allows authenticated attackers to execute arbitrary code via the setDateTime function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection RCE E1700 Firmware
NVD
CVSS 3.1
8.0
EPSS
9.3%
CVE-2024-27508 HIGH POC This Week

Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Atheme
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-25398 HIGH POC This Week

In Srelay (the SOCKS proxy and Relay) v.0.4.8p3, a specially crafted network payload can trigger a denial of service condition and disrupt the service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Srelay
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-27507 HIGH POC This Week

libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Liblas Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-0759 HIGH POC PATCH This Week

Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Anythingllm
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-27356 HIGH POC THREAT This Week

An issue was discovered on certain GL-iNet devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mt6000 Firmware Xe3000 Firmware X3000 Firmware Mt3000 Firmware +22
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
23.9%
CVE-2024-24027 HIGH POC This Week

SQL Injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function DistributionMemberLogic::getFansLists. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Likeshop
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-24323 HIGH POC This Week

SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensitive information via the nickname, consignee, orderSN, orderStatusArray parameters of the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Java Litemall
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-0551 HIGH POC PATCH This Week

Enable exports of the database and associated exported information of the system via the default user role. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Anythingllm
NVD GitHub
CVSS 3.1
7.1
EPSS
0.6%
CVE-2024-26542 MEDIUM POC This Month

Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Bonita Web
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-26143 MEDIUM POC PATCH This Month

Rails is a web-application framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Rails
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2024-1106 MEDIUM POC This Month

The Shariff Wrapper WordPress plugin before 4.6.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Shariff Wrapper
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-22543 MEDIUM POC This Month

An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers to escalate privileges via a crafted GET request to the /goform/* URI or via the ExportSettings. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Linksys E1700 Firmware
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2024-25841 MEDIUM POC This Month

In the module "So Flexibilite" (soflexibilite) from Common-Services for PrestaShop < 4.1.26, a guest (authenticated customer) can perform Cross Site Scripting (XSS) injection. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS So Flexibilite
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-27099 CRITICAL PATCH Act Now

The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Azure Uamqp
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-25843 CRITICAL PATCH Act Now

In the module "Import/Update Bulk Product from any Csv/Excel File Pro" (ba_importer) up to version 1.1.28 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Import Update Bulk Product
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1403 CRITICAL Act Now

In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Openedge
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2024-1921 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in osuuu LightPicture up to 1.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Lightpicture
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1918 CRITICAL Act Now

A vulnerability has been found in Byzoro Smart S42 Management Platform up to 20240219 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Smart S42 Management Platform
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.3%
CVE-2024-24095 CRITICAL Act Now

Code-projects Simple Stock System 1.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Simple Stock System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1922 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Online Job Portal 1.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Job Portal
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-1919 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Online Job Portal 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Job Portal
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-1924 MEDIUM POC This Month

A vulnerability was found in CodeAstro Membership Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Membership Management System
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-0855 MEDIUM POC This Month

The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the event_author parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Spiffy Calendar
NVD WPScan
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-27905 CRITICAL Act Now

** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Information Disclosure Oracle Aurora
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2024-26298 HIGH This Week

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Clearpass Policy Manager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-26297 HIGH This Week

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Clearpass Policy Manager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-26296 HIGH This Week

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Clearpass Policy Manager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-26295 HIGH This Week

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Clearpass Policy Manager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-26294 HIGH This Week

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Clearpass Policy Manager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-22917 HIGH This Week

SQL injection vulnerability in Dynamic Lab Management System Project in PHP v.1.0 allows a remote attacker to execute arbitrary code via a crafted script. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP RCE Dynamic Lab Management System
NVD GitHub
CVSS 3.1
8.6
EPSS
0.7%
CVE-2024-24100 HIGH This Week

Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via PublisherID. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Computer Book Store
NVD GitHub
CVSS 3.1
8.3
EPSS
0.6%
CVE-2024-1925 HIGH This Week

A vulnerability was found in Ctcms 2.1.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP File Upload Ctcms
NVD VulDB
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-1920 HIGH This Week

A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2.2.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP Information Disclosure Lightpicture
NVD VulDB
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-0819 HIGH This Week

Improper initialization of default settings in TeamViewer Remote Client prior version 15.51.5 for Windows, Linux and macOS, allow a low privileged user to elevate privileges by changing the personal. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Microsoft Remote
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0197 HIGH This Week

A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Sentinel Hasp Ldk
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-24096 HIGH This Week

Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via BookSBIN. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

SQLi Computer Book Store
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-25840 HIGH PATCH This Week

In the module "Account Manager | Sales Representative & Dealers | CRM" (prestasalesmanager) up to 9.0 from Presta World for PrestaShop, a guest can download personal information without restriction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Account Manager
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-26142 HIGH PATCH This Week

Rails is a web-application framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Rails
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-26301 MEDIUM This Month

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Clearpass Policy Manager
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-24721 MEDIUM This Month

An issue was discovered on Innovaphone PBX before 14r1 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Innovaphone Pbx
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-1323 MEDIUM PATCH This Month

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Type Grid Widget Title in all versions up to, and including, 2.10.30 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Orbit Fox
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-25399 MEDIUM This Month

Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Subrion Cms
NVD
CVSS 3.1
6.1
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy