Skip to main content
CVE-2024-2718 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Online Dj Booking System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-2717 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Online Dj Booking System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-29473 MEDIUM POC This Month

OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Role Management module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Oneblog
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-29470 MEDIUM POC This Month

{{rootpath}}/links. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Oneblog
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-29469 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Oneblog
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-2716 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Online Dj Booking System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-2715 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Online Dj Booking System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-2686 MEDIUM POC This Month

A vulnerability has been found in Campcodes Online Job Finder System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Job Finder System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-2685 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Campcodes Online Job Finder System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Job Finder System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-2684 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Campcodes Online Job Finder System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Job Finder System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-2683 MEDIUM POC This Month

A vulnerability classified as problematic was found in Campcodes Online Job Finder System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Job Finder System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-2682 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Campcodes Online Job Finder System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Job Finder System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-2681 MEDIUM POC This Month

A vulnerability was found in Campcodes Online Job Finder System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Job Finder System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-2680 MEDIUM POC This Month

A vulnerability was found in Campcodes Online Job Finder System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Job Finder System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-2679 MEDIUM POC This Month

A vulnerability was found in Campcodes Online Job Finder System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Job Finder System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-0337 MEDIUM POC This Month

The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Travelpayouts
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-23634 MEDIUM POC PATCH This Month

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Denial Of Service Geoserver
NVD GitHub
CVSS 3.1
6.0
EPSS
0.7%
CVE-2024-1711 CRITICAL Act Now

The Create by Mediavine plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.9.4 due to insufficient escaping on the user supplied. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-28563 MEDIUM POC This Month

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::DwaCompressor::Classifier::Classifier() function. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Denial Of Service Freeimage
NVD GitHub
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-28179 CRITICAL PATCH Act Now

Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated web access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass RCE Jupyter Server Proxy
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-28395 CRITICAL Act Now

SQL injection vulnerability in Best-Kit bestkit_popup v.1.7.2 and before allows a remote attacker to escalate privileges via the bestkit_popup.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Bestkit Popup
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-28392 CRITICAL Act Now

SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and before allows a remote attacker to escalate privileges via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Abandoned Cart Reminder Pro
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-1811 CRITICAL Act Now

A potential vulnerability has been identified in OpenText ArcSight Platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-22081 CRITICAL Act Now

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Request Smuggling G5Dfr Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-22080 CRITICAL Act Now

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow G5Dfr Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-1205 HIGH This Week

The Management App for WooCommerce - Order notifications, Order management, Lead management, Uptime Monitoring plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload Wemanage
NVD VulDB
CVSS 3.1
8.8
EPSS
4.7%
CVE-2024-28577 MEDIUM POC This Month

Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile_raw() function when reading. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Freeimage
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-28576 MEDIUM POC This Month

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_tcp_destroy() function when reading images in J2K. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Freeimage
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-28571 MEDIUM POC This Month

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the fill_input_buffer() function when reading images in JPEG. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Freeimage
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-28570 MEDIUM POC This Month

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the processMakerNote() function when reading images in JPEG. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Freeimage
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-28565 MEDIUM POC This Month

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the psdParser::ReadImageData() function when reading images in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Freeimage
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-2538 MEDIUM POC PATCH This Month

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_permalink' function in all versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass WordPress Permalink Manager Lite
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-29474 MEDIUM POC This Month

OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Management module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Oneblog
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-29472 MEDIUM POC This Month

OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Oneblog
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-29471 MEDIUM POC This Month

OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Oneblog
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-29419 MEDIUM POC This Month

There is a Cross-site scripting (XSS) vulnerability in the Wireless settings under the Easy Setup Page of TOTOLINK X2000R before v1.0.0-B20231213.1013. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS X2000r Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-25294 CRITICAL Act Now

An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL parameters. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SSRF Rebuild
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
1.0%
CVE-2024-29037 CRITICAL Act Now

datahub-helm provides the Kubernetes Helm charts for deploying Datahub and its dependencies on a Kubernetes cluster. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Datahub Helm
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-29033 CRITICAL PATCH GHSA Act Now

OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Google Oauthenticator
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-1799 HIGH PATCH This Week

The GamiPress - The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to SQL Injection via the 'achievement_types' attribute of the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Gamipress
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-2627 HIGH This Week

Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-1856 HIGH This Week

In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Telerik Reporting
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-22078 HIGH This Week

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation G5Dfr Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-24050 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Sourcecodester Workout Journal App 1.0 allows attackers to run arbitrary code via parameters firstname and lastname in /add-user.php. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Workout Journal App
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-2702 HIGH This Week

Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import allows importing settings and data, ultimately leading to XSS.1.1. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Authentication Bypass Olive One Click Demo Import
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-2721 HIGH This Week

Deserialization of Untrusted Data vulnerability in Social Media Share Buttons By Sygnoos Social Media Share Buttons.1.0. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Social Media Share Buttons
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-1801 HIGH This Week

In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization RCE Telerik Reporting
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-23721 HIGH This Week

A Directory Traversal issue was discovered in process_post on Draytek Vigor3910 4.3.2.5 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Vigor3910 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-28396 HIGH This Week

An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection PHP RCE Orders Csv Excel Export Pro
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-22084 HIGH This Week

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure G5Dfr Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy