Skip to main content
CVE-2024-28639 CRITICAL POC Act Now

Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022, allow remote attackers to execute arbitrary code and cause a denial of service (DoS) via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service X5000r Firmware A7000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-2527 HIGH POC This Week

A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-2526 MEDIUM POC This Month

A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-24156 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Gnuboard g6 before Github commit 58c737a263ac0c523592fd87ff71b9e3c07d7cf5, allows remote attackers execute arbitrary code via the wr_content parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Gnuboard
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-2522 CRITICAL Act Now

A vulnerability classified as critical has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-2520 CRITICAL Act Now

A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-2517 CRITICAL Act Now

A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-22513 MEDIUM POC PATCH This Month

djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Information Disclosure
NVD GitHub Exploit-DB
CVSS 3.1
5.5
EPSS
0.8%
CVE-2024-1685 HIGH This Week

The Social Media Share Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.1.0 via deserialization of untrusted input through the attachmentUrl. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization WordPress Information Disclosure Social Media Share Buttons
NVD VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-51474 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Pixelemu TerraClassifieds.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-2532 HIGH This Week

A vulnerability classified as critical was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-2531 HIGH This Week

A vulnerability classified as critical has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-2529 HIGH This Week

A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-2528 HIGH This Week

A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-2524 HIGH This Week

A vulnerability, which was classified as critical, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-2516 HIGH This Week

A vulnerability, which was classified as critical, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-22259 HIGH PATCH This Week

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Java Open Redirect Spring Framework Active Iq Unified Manager
NVD
CVSS 3.1
8.1
EPSS
2.6%
CVE-2024-28640 HIGH This Week

Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022 allows a remote attacker to cause a denial of service (D0S) via the command field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service X5000r Firmware A7000r Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
14.2%
CVE-2024-28069 HIGH This Week

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Micontact Center Business
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-27195 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in sverde1 Watermark RELOADED watermark-reloaded allows Cross Site Request Forgery.3.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-27197 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Bee BeePress allows Stored XSS.9.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-27194 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Andrei Ivasiuc Fontific | Google Fonts allows Stored XSS.1.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS CSRF Fontific
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-28070 MEDIUM This Month

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass XSS Micontact Center Business
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-23523 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Elementor Pro.19.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-2042 MEDIUM PATCH This Month

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 3.0.5 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Elements Kit Elementor Addons Elementor
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-1239 MEDIUM PATCH This Month

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blog post read more button in all versions up to, and including, 3.0.4 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Elements Kit Elementor Addons Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-2308 MEDIUM PATCH This Month

The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link in the EliSlider in all versions up to, and including, 1.2.2 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Elementinvader Addons For Elementor Elementor
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2533 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Online College Event Hall Reservation System
NVD VulDB GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2530 MEDIUM This Month

A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-2525 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2523 MEDIUM This Month

A vulnerability classified as problematic was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2521 MEDIUM This Month

A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2519 MEDIUM This Month

A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2518 MEDIUM This Month

A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as problematic.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-2515 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Online College Event Hall Reservation System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-6525 MEDIUM PATCH This Month

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the progress bar element attributes in all versions up to, and including, 3.0.3 due to. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Elementskit Elementor Addons Elementor
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-51487 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft ARI Stream Quiz.2.32. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ari Stream Quiz
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-51486 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in EDGARROJAS WooCommerce PDF Invoice Builder woo-pdf-invoice-builder allows Cross Site Request Forgery.2.101. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-51489 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Crowdsignal Dashboard
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-51521 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master.1.18. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2023-51491 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Averta Depicter Slider.0.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Depicter
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2024-1733 MEDIUM This Month

The Word Replacer Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the word_replacer_ultra() function in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Word Replacer Pro
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-1857 MEDIUM This Month

The Ultimate Gift Cards for WooCommerce - Create, Redeem & Manage Digital Gift Certificates with Personalized Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Information Disclosure
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-24845 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sewpafly Post Thumbnail Editor.4.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-28862 MEDIUM PATCH This Month

The Ruby One Time Password library (ROTP) is an open source library for generating and validating one time passwords. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Rotp
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-2294 MEDIUM This Month

The Backuply - Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.7 via the backup_name parameter in the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft WordPress Path Traversal
NVD VulDB
CVSS 3.1
4.9
EPSS
0.5%
CVE-2023-51512 MEDIUM This Month

Cross Site Request Forgery (CSRF) vulnerability in WBW Product Table by WBW.8.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Product Table
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-51510 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Atlas Gondal Export Media URLs.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Export All Urls
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-51407 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Rocket Elements Split Test For Elementor.6.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Split Test For Elementor Elementor
NVD
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy