Skip to main content
CVE-2024-2317 CRITICAL POC Act Now

A vulnerability was found in Bdtask Hospital AutoManager up to 20240227 and classified as problematic. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Hospital Automanager
NVD VulDB
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-27612 MEDIUM POC THREAT This Month

Numbas editor before 7.3 mishandles editing of themes and extensions. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Editor
NVD GitHub Exploit-DB
CVSS 3.1
6.2
EPSS
10.7%
CVE-2024-2276 MEDIUM POC This Month

A vulnerability has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS G Prescription Gynaecology Obs Consultation
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-2275 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS G Prescription Gynaecology Obs Consultation
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-2274 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS G Prescription Gynaecology Obs Consultation
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-21899 CRITICAL POC THREAT Act Now

An improper authentication vulnerability has been reported to affect several QNAP operating system versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Qnap Qts Quts Hero Qutscloud
NVD
CVSS 3.1
9.8
EPSS
24.4%
CVE-2024-2283 CRITICAL Act Now

A vulnerability classified as critical has been found in boyiddha Automated-Mess-Management-System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Automated Mess Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-2282 CRITICAL Act Now

A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Automated Mess Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-2281 CRITICAL Act Now

A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Automated Mess Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25849 CRITICAL PATCH Act Now

In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer()` and `MakeOffers::addUserOffer()` . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Make An Offer Offer Your Price
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25845 CRITICAL PATCH Act Now

In the module "CD Custom Fields 4 Orders" (cdcustomfields4orders) <= 1.0.0 from Cleanpresta.com for PrestaShop, a guest can perform SQL injection in affected versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Cd Custom Fields 4 Orders
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-2272 CRITICAL Act Now

A vulnerability classified as critical was found in keerti1924 Online-Book-Store-Website 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Online Bookstore Website
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-2271 CRITICAL Act Now

A vulnerability classified as critical has been found in keerti1924 Online-Book-Store-Website 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Online Bookstore Website
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-23226 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Memory Corruption Buffer Overflow Ipad Os +5
NVD VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-2339 HIGH PATCH This Week

PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a user who owns a table to elevate to superuser. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation PostgreSQL Anonymizer
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-25729 HIGH This Week

Arris SBG6580 devices have predictable default WPA2 security passwords that could lead to unauthorized remote access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Brute Force
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-23246 HIGH This Week

This issue was addressed by removing the vulnerable code. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +3
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2024-23278 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Code Injection Ipados Iphone Os +3
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2024-0258 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Authentication Bypass Ipad Os Iphone Os +3
NVD VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2024-2316 MEDIUM POC This Month

A vulnerability has been found in Bdtask Hospital AutoManager up to 20240227 and classified as problematic. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Hospital Automanager
NVD VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-2277 MEDIUM POC This Month

A vulnerability was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF G Prescription Gynaecology Obs Consultation
NVD VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-23286 HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
7.8
EPSS
1.0%
CVE-2024-23294 HIGH This Week

This issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-23265 HIGH This Week

A memory corruption vulnerability was addressed with improved locking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Memory Corruption Buffer Overflow Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23247 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Command Injection macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23258 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow Information Disclosure macOS +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23276 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-23270 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Memory Corruption Buffer Overflow Ipad Os +3
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-23288 HIGH This Week

This issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-23274 HIGH This Week

An injection issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Code Injection macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-23268 HIGH This Week

An injection issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Code Injection macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-23233 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-23244 HIGH This Week

A logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-2338 HIGH PATCH This Week

PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that allows a user who owns a table to elevate to superuser when dynamic masking is enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Privilege Escalation SQLi PostgreSQL Anonymizer
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-26309 HIGH This Week

Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a sensitive information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Archer
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-27613 HIGH This Week

Numbas editor before 7.3 mishandles reading of themes and extensions. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Editor
NVD GitHub
CVSS 3.1
7.3
EPSS
0.5%
CVE-2024-23248 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-23249 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-23216 HIGH This Week

A path handling issue was addressed with improved validation. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apple macOS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-23234 MEDIUM This Month

An out-of-bounds write issue was addressed with improved input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Apple RCE Memory Corruption Buffer Overflow macOS
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-23284 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +7
NVD VulDB
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-23263 MEDIUM This Month

A logic issue was addressed with improved validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +7
NVD VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-23280 MEDIUM This Month

An injection issue was addressed with improved validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Code Injection Safari Ipad Os Iphone Os +6
NVD VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-23254 MEDIUM This Month

The issue was addressed with improved UI handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipad Os Iphone Os +7
NVD VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-23259 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Ipados Iphone Os macOS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-21900 MEDIUM This Month

An injection vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Qnap Qts Quts Hero Qutscloud
NVD
CVSS 3.1
6.5
EPSS
9.4%
CVE-2024-1987 MEDIUM PATCH This Month

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.9.1 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wp Members
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-1851 MEDIUM PATCH This Month

The affiliate-toolkit - WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_create_list() function in all versions up. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Affiliate Toolkit
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2024-2319 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in the Django MarkdownX project, affecting version 4.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Python Markdownx
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2285 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in boyiddha Automated-Mess-Management-System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Automated Mess Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy