Skip to main content
CVE-2024-23052 CRITICAL POC Act Now

An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() function in the fastjson component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Wukongcrm
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
4.9%
CVE-2024-25180 CRITICAL POC Act Now

An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Pdfmake
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-25291 CRITICAL POC Act Now

Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Deskfiler
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-25833 CRITICAL POC Act Now

F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Datacube3
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2024-25830 CRITICAL POC THREAT Act Now

F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Datacube3 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
24.0%
CVE-2024-23807 CRITICAL POC PATCH Act Now

The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Apache Information Disclosure Memory Corruption Xerces C
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-1927 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Web Based Student Clearance System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-25292 CRITICAL POC Act Now

Cross-site scripting (XSS) vulnerability in RenderTune v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Upload Title parameter. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rendertune
NVD GitHub
CVSS 3.1
9.6
EPSS
1.5%
CVE-2024-1981 CRITICAL POC PATCH Act Now

The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to SQL Injection via the 'table_prefix' parameter in version 0.9.68 due to insufficient escaping on the user supplied. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi WordPress Migration Backup Staging
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2024-23328 CRITICAL POC PATCH Act Now

Dataease is an open source data visualization analysis tool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization RCE Java Dataease
NVD GitHub
CVSS 3.1
9.1
EPSS
1.2%
CVE-2024-27657 HIGH POC This Week

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the User-Agent parameter. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Stack Overflow RCE Denial Of Service +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-27656 HIGH POC This Week

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Cookie parameter. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Stack Overflow RCE Denial Of Service +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-27655 HIGH POC This Week

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SOAPACTION parameter. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Stack Overflow RCE Denial Of Service +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-25832 HIGH POC THREAT This Week

F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Datacube3
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
12.8%
CVE-2024-22939 HIGH POC This Week

Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/category_edit component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Flycms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-1939 HIGH POC This Week

Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2024-1938 HIGH POC This Week

Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-25713 HIGH POC This Week

yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Yyjson Fedora
NVD GitHub
CVSS 3.1
8.6
EPSS
1.8%
CVE-2024-26470 HIGH POC This Week

A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Net 9 Starter Kit
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2024-26461 HIGH POC This Week

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Kerberos 5 Active Iq Unified Manager Cloud Volumes Ontap Mediator Management Services For Element Software And Netapp Hci +5
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-26141 HIGH POC PATCH This Week

Rack is a modular Ruby web server interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Rack Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2024-25126 HIGH POC PATCH THREAT This Week

Rack is a modular Ruby web server interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Rack Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
35.4%
CVE-2024-1928 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in SourceCodester Web-Based Student Clearance System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Web Based Student Clearance System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-0590 MEDIUM PATCH This Month

The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 24.8%.

Microsoft WordPress CSRF Clarity
NVD
CVSS 3.1
6.1
EPSS
24.8%
CVE-2024-1982 MEDIUM POC PATCH This Month

The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the get_restore_progress() and restore() functions in all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass SQLi WordPress Migration Backup Staging
NVD VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-27662 MEDIUM POC This Month

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_4110f4(). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Denial Of Service Dir 823G Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-27661 MEDIUM POC This Month

D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Denial Of Service Dir 823G Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-27660 MEDIUM POC This Month

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_41C488(). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference D-Link Denial Of Service Dir 823G Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-27659 MEDIUM POC This Month

D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_42AF30(). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Denial Of Service Dir 823G Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-27658 MEDIUM POC This Month

D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Denial Of Service Dir 823G Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-24155 MEDIUM POC This Month

Bento4 v1.5.1-628 contains a Memory leak on AP4_Movie::AP4_Movie, parsing tracks and added into m_Tracks list, but mp42aac cannot correctly delete when we got an no audio track found error. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-24150 MEDIUM POC This Month

A memory leak issue discovered in parseSWF_TEXTRECORD in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libming
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-24149 MEDIUM POC This Month

A memory leak issue discovered in parseSWF_GLYPHENTRY in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libming
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-24147 MEDIUM POC This Month

A memory leak issue discovered in parseSWF_FILLSTYLEARRAY in libming v0.4.8 allows attackers to cause s denial of service via a crafted SWF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libming
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-24146 MEDIUM POC This Month

A memory leak issue discovered in parseSWF_DEFINEBUTTON in libming v0.4.8 allows attackers to cause s denial of service via a crafted SWF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libming
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-21726 MEDIUM POC THREAT This Month

Inadequate content filtering leads to XSS vulnerabilities in various components. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.5
EPSS
48.8%
CVE-2024-25712 MEDIUM POC PATCH This Month

http-swagger before 1.2.6 allows XSS via PUT requests, because a file that has been uploaded (via httpSwagger.WrapHandler and *webdav.memFile) can subsequently be accessed via a GET request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Http Swagger
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-22936 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Parents & Student Portal in Genesis School Management Systems in Genesis AIMS Student Information Systems v.3053 allows remote attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Parents Student Portal
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-1970 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Online Learning System V2 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Learning System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-26548 CRITICAL Act Now

An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the upload_file.cgi component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Camera Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-0864 CRITICAL Act Now

Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP File Upload Laragon
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-24525 CRITICAL Act Now

An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 allows a remote attacker to execute arbitrary code via the infoid parameter of the URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Epointwebbuilder
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-27516 CRITICAL PATCH Act Now

Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE PHP Command Injection Live Helper Chat
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-1971 CRITICAL Act Now

A vulnerability has been found in Surya2Developer Online Shopping System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Online Shopping System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-1468 HIGH This Week

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_import_options() function in all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload Avada
NVD VulDB
CVSS 3.1
8.8
EPSS
3.6%
CVE-2024-26462 MEDIUM POC This Month

Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kerberos 5 Active Iq Unified Manager Cloud Volumes Ontap Mediator Management Services For Element Software And Netapp Hci +4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-1192 MEDIUM POC This Month

A vulnerability was found in South River WebDrive 18.00.5057. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Webdrive
NVD VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-1191 MEDIUM POC This Month

A vulnerability was found in Hyper CdCatalog 2.3.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cdcat
NVD VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-27517 MEDIUM POC This Month

Webasyst 2.9.9 has a Cross-Site Scripting (XSS) vulnerability, Attackers can create blogs containing malicious code after gaining blog permissions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webasyst
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-27092 MEDIUM POC PATCH This Month

Hoppscotch is an API development ecosystem. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Hoppscotch
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy