Skip to main content
CVE-2024-25422 CRITICAL POC Act Now

SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the SEMCMS_Menu.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Semcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-25350 CRITICAL POC Act Now

SQL Injection vulnerability in /zms/admin/edit-ticket.php in PHPGurukul Zoo Management System 1.0 via tickettype and tprice parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE SQLi Zoo Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25169 CRITICAL POC Act Now

An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mezzanine
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-25867 CRITICAL POC Act Now

A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the membershipType and membershipAmount parameters. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Membership Management System
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-25170 CRITICAL POC Act Now

An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mezzanine
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2024-25869 HIGH POC THREAT This Week

An Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via upload of a crafted php file in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Membership Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
18.7%
CVE-2024-25866 HIGH POC This Week

A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the email parameter in the index.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Membership Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-22983 HIGH POC This Week

SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Visitor Management System
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.9%
CVE-2024-24148 HIGH POC This Week

A memory leak issue discovered in parseSWF_FREECHARACTER in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libming
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-26342 HIGH POC This Week

A Null pointer dereference in usr/sbin/httpd in ASUS AC68U 3.0.0.4.384.82230 allows remote attackers to trigger DoS via network packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service 4G Ac68U Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-27515 HIGH POC This Week

Osclass 5.1.2 is vulnerable to SQL Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Osclass
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-22532 MEDIUM POC This Month

Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x86) allows attackers to cause a denial of service via crafted xwd file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service Microsoft Nconvert
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-0550 MEDIUM POC PATCH This Month

A user who is privileged already `manager` or `admin` can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Anythingllm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-1892 MEDIUM POC PATCH This Month

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Scrapy
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-25868 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via the membershipType parameter in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Membership Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-27285 MEDIUM POC PATCH This Month

YARD is a Ruby Documentation tool. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Yard Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2024-25202 MEDIUM POC This Month

Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary code via the search bar. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection XSS RCE User Registration Login And User Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2024-1514 CRITICAL PATCH Act Now

The WP eCommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'cart_contents' parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi WordPress Wp Ecommerce
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25910 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Skymoonlabs MoveTo.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Moveto
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-1972 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Job Portal 1.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Job Portal
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-25927 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Joel Starnes postMash - custom post order.2.0. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Postmash
NVD
CVSS 3.1
9.3
EPSS
0.2%
CVE-2024-26559 MEDIUM POC This Month

An issue in uverif v.2.0 allows a remote attacker to obtain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Uverif
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-22723 MEDIUM POC This Month

Webtrees 2.1.18 is vulnerable to Directory Traversal. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Webtrees
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2024-0786 HIGH PATCH This Week

The Conversios - Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the ee_syncProductCategory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Google SQLi WordPress Conversios Io
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-23910 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wrc 1167Gs2 B Firmware Wrc 1167Gs2H B Firmware Wrc 1167Gst2 Firmware Wrc 2533Gs2 B Firmware +7
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-1932 MEDIUM POC This Month

Unrestricted Upload of File with Dangerous Type in freescout-helpdesk/freescout. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Freescout
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-24868 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.69. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sp Project Document Manager
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2020-36785 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Fix use after free in atomisp_alloc_css_stat_bufs() The "s3a_buf" is freed along with all the other items on the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-25351 LOW POC Monitor

SQL Injection vulnerability in /zms/admin/changeimage.php in PHPGurukul Zoo Management System 1.0 allows attackers to run arbitrary SQL commands via the editid parameter. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zoo Management System
NVD GitHub
CVSS 3.1
3.8
EPSS
0.4%
CVE-2024-1847 HIGH This Week

Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Solidworks
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-25902 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in miniorange Malware Scanner.7.2. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Malware Scanner
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-26476 LOW POC Monitor

An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Openemr
NVD GitHub
CVSS 3.1
3.5
EPSS
0.4%
CVE-2024-25859 HIGH This Week

A path traversal vulnerability in the /path/to/uploads/ directory of Blesta before v5.9.2 allows attackers to takeover user accounts and execute arbitrary code. Rated high severity (CVSS 7.1). No vendor patch available.

RCE Path Traversal Blesta
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-25579 MEDIUM This Month

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
6.8
EPSS
0.8%
CVE-2024-1566 MEDIUM This Month

The Redirects plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in all versions up to, and including, 1.2.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Redirects
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-1860 MEDIUM PATCH This Month

The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Anti Hacker
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-51681 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Duplicator Duplicator - WordPress Migration & Backup Plugin.5.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-24779 MEDIUM PATCH This Month

Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Superset
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-24773 MEDIUM PATCH This Month

Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope.0.4, from 3.1.0 before 3.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Superset
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-1632 MEDIUM This Month

Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sitefinity
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-22459 MEDIUM This Month

Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Elastic Cloud Storage
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-27913 MEDIUM PATCH This Month

ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Frrouting
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-1791 MEDIUM This Month

The CodeMirror Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Code Mirror block in all versions up to, and including, 1.2.4 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Codemirror Blocks
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1808 MEDIUM PATCH This Month

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_qrcode' shortcode in all versions up to, and including, 7.0.3 due. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Shortcodes Ultimate
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1568 MEDIUM PATCH This Month

The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApi_HtmlCheck function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Seraphinite Accelerator
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1954 MEDIUM PATCH This Month

The Oliver POS - A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1.8. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

PHP WordPress CSRF Oliver Pos
NVD VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-25435 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Md1Patient
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-27103 MEDIUM PATCH This Month

Querybook is a Big Data Querying UI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Querybook
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-47002 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix null pointer dereference in svc_rqst_free() When alloc_pages_node() returns null in svc_rqst_alloc(), the null. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-21749 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au 1 click disable all.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Click Disable All
NVD
CVSS 3.1
5.4
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy