Skip to main content
CVE-2024-2647 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in Netentsec NS-ASG Application Security Gateway 6.3.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Application Security Gateway
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-2646 CRITICAL POC Act Now

A vulnerability classified as critical was found in Netentsec NS-ASG Application Security Gateway 6.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Application Security Gateway
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-2644 CRITICAL POC Act Now

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Application Security Gateway
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-28595 CRITICAL POC Act Now

SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter in update-admin.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Employee Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-28303 CRITICAL POC Act Now

Open Source Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the date parameter at /admin/reports/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-2621 CRITICAL POC Act Now

A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Kelixin Communication Command And Dispatch
NVD VulDB
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-2608 HIGH POC This Week

`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mozilla Firefox Thunderbird Debian Linux
NVD
CVSS 3.1
8.4
EPSS
0.4%
CVE-2024-29137 HIGH POC This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Tourfic tourfic.11.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
5.1%
CVE-2024-2607 HIGH POC This Week

Return registers were overwritten which could have allowed an attacker to execute arbitrary code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Mozilla Firefox Thunderbird Debian Linux
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2024-29138 HIGH POC This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joachim Jensen Restrict User Access - Membership Plugin with Force restrict-user-access.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
3.8%
CVE-2024-28283 MEDIUM POC This Month

There is stack-based buffer overflow vulnerability in pc_change_act function in Linksys E1000 router firmware version v.2.1.03 and before, leading to remote code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Linksys RCE E1000 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2024-28447 MEDIUM POC This Month

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_ipaddr parameters at /apply.cgi. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Lbt T300 Mini1 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-28734 MEDIUM POC This Month

Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2024-2610 MEDIUM POC This Month

Using a markup injection an attacker could have stolen nonce values. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Mozilla Firefox Thunderbird
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-2609 MEDIUM POC This Month

The permission prompt input delay could expire while the window is not in focus. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird Debian Linux
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-21504 MEDIUM POC PATCH This Month

Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting (XSS) when a page uses [Url] for a property. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Livewire
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-29135 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic tourfic.11.15. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD VulDB
CVSS 3.1
9.9
EPSS
0.5%
CVE-2024-28389 CRITICAL Act Now

SQL injection vulnerability in KnowBand spinwheel v.3.0.3 and before allows a remote attacker to gain escalated privileges and obtain sensitive information via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-28394 CRITICAL Act Now

An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-2615 CRITICAL Act Now

Memory safety bugs present in Firefox 123. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-2622 CRITICAL Act Now

A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Kelixin Communication Command And Dispatch
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-2620 CRITICAL Act Now

A vulnerability has been found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Kelixin Communication Command And Dispatch
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-28446 MEDIUM POC This Month

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_netmask parameter at /apply.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Lbt T300 Mini1 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.5%
CVE-2024-2611 MEDIUM POC This Month

A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2024-2648 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Netentsec NS-ASG Application Security Gateway 6.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Application Security Gateway
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-2645 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Netentsec NS-ASG Application Security Gateway 6.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Application Security Gateway
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-29027 CRITICAL PATCH Act Now

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Node.js RCE Parse Server
NVD GitHub
CVSS 3.1
9.0
EPSS
1.2%
CVE-2024-2636 CRITICAL Act Now

An Unrestricted Upload of File vulnerability has been found on Cegid Meta4 HR, that allows an attacker to upload malicios files to the server via '/config/espanol/update_password.jsp' file. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.0
EPSS
0.6%
CVE-2024-28715 HIGH This Week

Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0 function in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Doracms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-21677 HIGH This Week

This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-1401 MEDIUM POC This Month

The Profile Box Shortcode And Widget WordPress plugin before 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Profile Box Shortcode And Widget
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-2614 HIGH This Week

Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-24042 HIGH PATCH This Week

Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and before allows a remote attacker to execute arbitrary code via the dumpDirect in RuntimeResourcePackImpl component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-29136 HIGH This Week

Deserialization of Untrusted Data vulnerability in Themefic Tourfic tourfic.11.17. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization
NVD VulDB
CVSS 3.1
8.5
EPSS
0.4%
CVE-2024-24336 HIGH This Week

A multiple Cross-site scripting (XSS) vulnerability in the '/members/moremember.pl', and ‘/members/members-home.pl’ endpoints within Koha Library Management System version 23.05.05 and earlier allows. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-2612 HIGH This Week

If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free RCE Mozilla Memory Corruption Firefox +1
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2024-2606 LOW POC Monitor

Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
3.7
EPSS
0.4%
CVE-2024-2169 HIGH This Week

Implementations of UDP application protocol are vulnerable to network loops. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
5.4%
CVE-2024-2442 HIGH This Week

Franklin Fueling System EVO 550 and EVO 5000 are vulnerable to a Path Traversal vulnerability that could allow an attacker to access sensitive files on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-2632 HIGH This Week

A Information Exposure Vulnerability has been found on Meta4 HR. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-2613 HIGH PATCH This Week

Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Mozilla Firefox
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-26369 HIGH This Week

An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x, v2.10.x, and v2.6.x leads to a SIGABRT (signal abort) upon receiving DataWriter's data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-2642 HIGH This Week

A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Rg Nbs2009G P Firmware
NVD VulDB
CVSS 3.1
7.3
EPSS
2.8%
CVE-2024-2635 HIGH This Week

The configuration pages available are not intended to be placed on an Internet facing web server, as they expose file paths to the client, who can be an attacker. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2024-22017 HIGH This Week

setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Node.js
NVD
CVSS 3.0
7.3
EPSS
0.9%
CVE-2024-28092 HIGH This Week

UBEE DDW365 XCNDDW365 8.14.3105 software on hardware 3.13.1 allows a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via RgFirewallEL.asp, RgDdns.asp, RgTime.asp,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-29110 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pauple Table & Contact Form 7 Database - Tablesome allows Reflected XSS.0.27. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-29123 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Link Library
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-29130 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Paterson Contact Form 7 - PayPal & Stripe Add-on allows Reflected XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paypal Stripe Add On
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-29113 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic allows Reflected XSS.2.5.9. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Registrationmagic
NVD
CVSS 3.1
7.1
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy