Skip to main content
CVE-2024-25869 HIGH POC THREAT This Week

An Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via upload of a crafted php file in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Membership Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
18.7%
CVE-2024-25866 HIGH POC This Week

A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the email parameter in the index.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Membership Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-22983 HIGH POC This Week

SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Visitor Management System
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.9%
CVE-2024-24148 HIGH POC This Week

A memory leak issue discovered in parseSWF_FREECHARACTER in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libming
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-26342 HIGH POC This Week

A Null pointer dereference in usr/sbin/httpd in ASUS AC68U 3.0.0.4.384.82230 allows remote attackers to trigger DoS via network packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service 4G Ac68U Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-27515 HIGH POC This Week

Osclass 5.1.2 is vulnerable to SQL Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Osclass
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-0786 HIGH PATCH This Week

The Conversios - Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the ee_syncProductCategory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Google SQLi WordPress Conversios Io
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-23910 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wrc 1167Gs2 B Firmware Wrc 1167Gs2H B Firmware Wrc 1167Gst2 Firmware Wrc 2533Gs2 B Firmware +7
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-24868 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.69. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sp Project Document Manager
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2020-36785 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Fix use after free in atomisp_alloc_css_stat_bufs() The "s3a_buf" is freed along with all the other items on the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-1847 HIGH This Week

Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Solidworks
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-25902 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in miniorange Malware Scanner.7.2. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Malware Scanner
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-25859 HIGH This Week

A path traversal vulnerability in the /path/to/uploads/ directory of Blesta before v5.9.2 allows attackers to takeover user accounts and execute arbitrary code. Rated high severity (CVSS 7.1). No vendor patch available.

RCE Path Traversal Blesta
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy