Skip to main content
CVE-2024-24578 CRITICAL POC Emergency

RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Java Raspberrymatic
NVD GitHub
CVSS 3.1
9.8
EPSS
8.7%
CVE-2024-28537 CRITICAL POC Act Now

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSetting function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Information Disclosure Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-21662 CRITICAL POC PATCH Act Now

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Kubernetes Argo Cd
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-0858 HIGH POC This Week

The Innovs HR WordPress plugin through 1.0.3.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Innovs Hr
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-0780 HIGH POC This Week

The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Enjoy Social Feed
NVD WPScan
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-0779 HIGH POC This Week

The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admin_init, allowing unauthenticated users to call. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Enjoy Social Feed
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-2581 HIGH POC This Week

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac10 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-21661 HIGH POC PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Kubernetes Denial Of Service Memory Corruption Argo Cd
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-20767 HIGH POC KEV THREAT This Week

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Coldfusion
NVD Exploit-DB
CVSS 3.1
7.4
EPSS
98.5%
CVE-2024-0365 MEDIUM POC This Month

The Fancy Product Designer WordPress plugin before 6.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by adminstrators. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Fancy Product Designer
NVD WPScan
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-27930 MEDIUM POC PATCH This Month

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Glpi
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-28547 MEDIUM POC This Month

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the firewallEn parameter of formSetFirewallCfg function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-0973 MEDIUM POC This Month

The Widget for Social Page Feeds WordPress plugin before 6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Widget For Social Page Feeds
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-0711 MEDIUM POC This Month

The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Buttons Shortcode And Widget
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-1331 MEDIUM POC This Month

The Team Members WordPress plugin before 5.3.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Team Members
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-27757 MEDIUM POC This Month

flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Flusity
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2604 CRITICAL Act Now

A vulnerability was found in SourceCodester File Manager App 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload File Manager App
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-21652 CRITICAL PATCH Act Now

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Denial Of Service Argo Cd
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-2051 CRITICAL Act Now

CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover and unauthorized access to the system when an attacker conducts brute-force. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-27768 CRITICAL Act Now

Unitronics Unistream Unilogic - Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Unilogic
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-27767 CRITICAL Act Now

CWE-287: Improper Authentication may allow Authentication Bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Unilogic
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-28125 CRITICAL Act Now

FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-2577 CRITICAL Act Now

A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Employee Task Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-2576 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Employee Task Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Employee Task Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-2575 CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Employee Task Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Employee Task Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-2574 CRITICAL Act Now

A vulnerability classified as critical was found in SourceCodester Employee Task Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Employee Task Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-2573 CRITICAL Act Now

A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Employee Task Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-2572 CRITICAL Act Now

A vulnerability was found in SourceCodester Employee Task Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Employee Task Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-2571 CRITICAL Act Now

A vulnerability was found in SourceCodester Employee Task Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Employee Task Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-2570 CRITICAL Act Now

A vulnerability was found in SourceCodester Employee Task Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Employee Task Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-2569 CRITICAL Act Now

A vulnerability was found in SourceCodester Employee Task Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Employee Task Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-27098 CRITICAL PATCH Act Now

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Glpi
NVD GitHub
CVSS 3.1
9.6
EPSS
35.7%
CVE-2024-25654 MEDIUM POC This Month

Insecure permissions for log files of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allow members (with local access to the UMP application server) to access credentials to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Unified Management Platform
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-0820 MEDIUM POC This Month

The Jobs for WordPress plugin before 2.7.4 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Jobs For Wordpress
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-0719 MEDIUM POC This Month

The Tabs Shortcode and Widget WordPress plugin through 1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tabs Shortcode And Widget
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-1658 MEDIUM POC This Month

The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Grid Shortcodes
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-1333 MEDIUM POC This Month

The Responsive Pricing Table WordPress plugin before 5.1.11 does not validate and escape some of its Pricing Table options before outputting them back in a page/post where the related shortcode is. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Responsive Pricing Table
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-29151 CRITICAL Act Now

Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which does not exist in PyPI. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-22412 MEDIUM POC PATCH This Month

ClickHouse is an open-source column-oriented database management system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Clickhouse Clickhouse Cloud
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-28237 MEDIUM POC PATCH This Month

OctoPrint provides a web interface for controlling consumer 3D printers. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Octoprint
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-0951 MEDIUM POC This Month

The Advanced Social Feeds Widget & Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Advanced Social Feeds Widget Shortcode
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-2599 HIGH This Week

File upload restriction evasion vulnerability in AMSS++ version 4.31. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Amss
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-27773 HIGH This Week

Unitronics Unistream Unilogic - Versions prior to 1.35.227 - CWE-348: Use of Less Trusted Source may allow RCE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unilogic
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-27772 HIGH This Week

Unitronics Unistream Unilogic - Versions prior to 1.35.227 - CWE-78: 'OS Command Injection' may allow RCE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Unilogic
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-27771 HIGH This Week

Unitronics Unistream Unilogic - Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Unilogic
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-27770 HIGH This Week

Unitronics Unistream Unilogic - Versions prior to 1.35.227 - CWE-23: Relative Path Traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Unilogic
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-27769 HIGH This Week

Unitronics Unistream Unilogic - Versions prior to 1.35.227 - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor may allow Taking Ownership Over Devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Unilogic
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-22257 HIGH PATCH This Week

In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Java Authentication Bypass
NVD GitHub
CVSS 3.1
8.2
EPSS
0.8%
CVE-2024-27937 MEDIUM POC PATCH THREAT This Month

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Glpi
NVD GitHub
CVSS 3.1
4.3
EPSS
26.9%
CVE-2024-28550 MEDIUM POC This Month

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the filePath parameter of formExpandDlnaFile function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy