Skip to main content
CVE-2024-27747 CRITICAL POC THREAT Act Now

File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter in the profile.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Petrol Pump Management
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
23.6%
CVE-2024-27746 CRITICAL POC THREAT Act Now

SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email address parameter in the index.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Petrol Pump Management
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
12.9%
CVE-2024-2077 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Online Bidding System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-2057 CRITICAL POC PATCH Act Now

A vulnerability was found in LangChain langchain_community 0.0.26. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Langchain
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-22891 CRITICAL POC Act Now

Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Open Redirect Nteract
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-2022 CRITICAL POC Act Now

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Application Security Gateway
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
8.5%
CVE-2024-2021 CRITICAL POC Act Now

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Application Security Gateway
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25293 CRITICAL POC Act Now

mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Mjml App
NVD GitHub
CVSS 3.1
9.3
EPSS
1.0%
CVE-2024-2073 HIGH POC This Week

A vulnerability has been found in SourceCodester Block Inserter for Dynamic Content 1.0 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Block Inserter For Dynamic Content
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-27689 HIGH POC This Week

Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via /update-article.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Stupid Simple Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-27497 HIGH POC THREAT This Week

Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Linksys E2000 Firmware
NVD
CVSS 3.1
8.8
EPSS
26.5%
CVE-2024-0692 HIGH POC THREAT This Week

The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Security Event Manager
NVD
CVSS 3.1
8.8
EPSS
91.6%
CVE-2024-27295 HIGH POC PATCH This Week

Directus is a real-time API and App dashboard for managing SQL database content. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Directus
NVD GitHub
CVSS 3.1
8.2
EPSS
0.7%
CVE-2024-27572 HIGH POC This Week

LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the updateCurAPlist function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Lbt T300 T390 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-27571 HIGH POC This Week

LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the makeCurRemoteApList function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Denial Of Service Lbt T300 T390 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-27570 HIGH POC This Week

LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the generate_conf_router function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Lbt T300 T390 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-27499 MEDIUM POC PATCH This Month

Bagisto v1.5.1 is vulnerable for Cross site scripting(XSS) via png file upload vulnerability in product review option. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Bagisto
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-27569 MEDIUM POC This Month

LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the init_nvram function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Denial Of Service Lbt T300 T390 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-27568 MEDIUM POC This Month

LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the apn_name_3g parameter in the setupEC20Apn function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Denial Of Service Lbt T300 T390 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-27567 MEDIUM POC This Month

LBT T300- T390 v2.2.1.8 were discovered to contain a stack overflow via the vpn_client_ip parameter in the config_vpn_pptp function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Denial Of Service Lbt T300 T390 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-0403 MEDIUM POC This Month

Recipes version 1.5.10 allows arbitrary HTTP requests to be made through the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Recipes
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-27559 MEDIUM POC This Month

Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /save_settings.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Stupid Simple Cms
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-25438 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Journal Systems
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-25436 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Journal Systems
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-24512 MEDIUM POC This Month

Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Open Journal Systems
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-24511 MEDIUM POC This Month

Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the Input Title component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Open Journal Systems
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-27744 MEDIUM POC This Month

Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Petrol Pump Management
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
1.3%
CVE-2024-27743 MEDIUM POC This Month

Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the Address parameter in the add_invoices.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Petrol Pump Management
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
1.3%
CVE-2024-27734 MEDIUM POC This Month

A Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows an attacker to execute arbitrary code via a crafted script to the Site Name fields of the Site Settings component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Csz Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-27558 MEDIUM POC This Month

Stupid Simple CMS 1.2.4 is vulnerable to Cross Site Scripting (XSS) within the blog title of the settings. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Stupid Simple Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2070 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester FAQ Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Faq Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-27298 CRITICAL PATCH Act Now

parse-server is a Parse Server for Node.js / Express. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PostgreSQL Node.js Parse Server
NVD GitHub
CVSS 3.1
10.0
EPSS
1.0%
CVE-2024-2067 CRITICAL Act Now

A vulnerability was found in SourceCodester Computer Inventory System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Computer Inventory System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-2045 MEDIUM POC This Month

Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Session
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-25434 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Journal Systems
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-21767 CRITICAL Act Now

A remote attacker may be able to bypass access control of Commend WS203VICM by creating a malicious request. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.4
EPSS
0.6%
CVE-2024-2075 MEDIUM POC This Month

A vulnerability was found in SourceCodester Daily Habit Tracker 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Daily Habit Tracker
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-2072 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Flashcard Quiz App 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Flashcard Quiz App
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-2071 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester FAQ Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Faq Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-1624 CRITICAL Act Now

An OS Command Injection vulnerability affecting documentation server on 3DEXPERIENCE from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x, SIMULIA Abaqus from Release 2022 through. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.4
EPSS
2.1%
CVE-2024-2069 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester FAQ Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Faq Management System
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-27101 CRITICAL PATCH Act Now

SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Google Spicedb
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-25091 CRITICAL Act Now

Protection mechanism failure issue exists in RevoWorks SCVX prior to scvimage4.10.21_1013 (when using 'VirusChecker' or 'ThreatChecker' feature) and RevoWorks Browser prior to 2.2.95 (when using. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-1859 HIGH PATCH This Week

The Slider Responsive Slideshow - Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization PHP Information Disclosure WordPress Slider Responsive Slideshow
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-22457 HIGH PATCH This Week

Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Dell Secure Connect Gateway
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-25386 HIGH This Week

Directory Traversal vulnerability in DICOM® Connectivity Framework by laurelbridge before v.2.7.6b allows a remote attacker to execute arbitrary code via the format_logfile.pl file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-22182 HIGH This Week

A remote, unauthenticated attacker may be able to send crafted messages to the web server of the Commend WS203VICM causing the system to restart, interrupting service. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-2064 MEDIUM POC This Month

A vulnerability has been found in rahman SelectCours 1.0 and classified as problematic. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Selectcours
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-25972 HIGH This Week

Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.3
EPSS
0.3%
CVE-2024-1174 HIGH This Week

Previous versions of HP ThinPro (prior to HP ThinPro 8.0 SP 8) could potentially contain security vulnerabilities. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow HP
NVD
CVSS 3.1
8.2
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy