Skip to main content
CVE-2024-2351 CRITICAL POC Act Now

A vulnerability classified as critical was found in CodeAstro Ecommerce Site 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ecommerce Website
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-2330 CRITICAL POC THREAT Act Now

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Application Security Gateway
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
17.6%
CVE-2024-2329 CRITICAL POC Act Now

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Application Security Gateway
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-28754 HIGH POC PATCH This Week

RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to cause a persistent denial of service (bricking) via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Raspap
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-2333 HIGH POC This Week

A vulnerability classified as critical has been found in CodeAstro Membership Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Membership Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-2332 HIGH POC This Week

A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Mobile Store Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-28122 MEDIUM POC PATCH This Month

JWX is Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jwx
NVD GitHub
CVSS 3.1
6.8
EPSS
0.6%
CVE-2024-28753 MEDIUM POC This Month

RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Raspap
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-2331 CRITICAL Act Now

A vulnerability was found in SourceCodester Tourist Reservation System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tourist Reservation System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-28089 MEDIUM POC This Month

Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity (who has access to the router admin panel) to conduct a DOM-based stored XSS attack that can fetch. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Information Disclosure Denial Of Service
NVD GitHub
CVSS 3.1
5.2
EPSS
0.7%
CVE-2024-25501 HIGH This Week

An issue WinMail v.7.1 and v.5.1 and before allows a remote attacker to execute arbitrary code via a crafted script to the email parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Winmail
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-25951 HIGH This Week

A command injection vulnerability exists in local RACADM. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Idrac8
NVD
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-28184 HIGH PATCH This Week

WeasyPrint helps web developers to create PDF documents. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Weasyprint Fedora
NVD GitHub
CVSS 3.1
7.4
EPSS
0.6%
CVE-2024-1320 MEDIUM PATCH This Month

The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offline_status' parameter in all versions up to, and including, 3.4.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Eventprime
NVD VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-1123 MEDIUM PATCH This Month

The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Eventprime
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-1767 MEDIUM PATCH This Month

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.0.26 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Blocksy
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-28176 MEDIUM PATCH This Month

jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Jose Fedora
NVD GitHub
CVSS 3.1
5.9
EPSS
2.1%
CVE-2024-1125 MEDIUM PATCH This Month

The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendar_events_delete() function in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Eventprime
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-1870 MEDIUM PATCH This Month

The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Colibri Page Builder
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-1124 MEDIUM PATCH This Month

The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the ep_send_attendees_email() function in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Eventprime
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy