Skip to main content
CVE-2024-27956 CRITICAL POC THREAT Emergency

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.92.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.8%.

SQLi Automatic
NVD
CVSS 3.1
9.9
EPSS
93.8%
Threat
6.3
CVE-2024-2054 CRITICAL POC THREAT Emergency

The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE PHP Artica Proxy
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
81.3%
CVE-2024-29243 CRITICAL POC Act Now

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpn_client_ip parameter at /apply.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Lbt T300 Mini1 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-29864 CRITICAL POC PATCH Act Now

Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Distrobox
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2024-2014 CRITICAL POC Act Now

A vulnerability classified as critical was found in Panabit Panalog 202103080942. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Panalog
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-25239 CRITICAL POC Act Now

SQL Injection vulnerability in Sourcecodester Employee Management System v1.0 allows attackers to run arbitrary SQL commands via crafted POST request to /emloyee_akpoly/Account/login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Employee Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-28119 HIGH POC PATCH This Week

Grav is an open-source, flat-file content management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection RCE Grav
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-28118 HIGH POC PATCH This Week

Grav is an open-source, flat-file content management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection RCE Grav
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-28117 HIGH POC PATCH This Week

Grav is an open-source, flat-file content management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection RCE Grav
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-28116 HIGH POC PATCH This Week

Grav is an open-source, flat-file content management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection RCE Grav
NVD GitHub
CVSS 3.1
8.8
EPSS
5.8%
CVE-2024-27921 HIGH POC PATCH THREAT This Week

Grav is an open-source, flat-file content management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Path Traversal Information Disclosure File Upload Grav
NVD GitHub
CVSS 3.1
8.8
EPSS
60.6%
CVE-2024-2764 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.48. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac10U Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-2763 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.48. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac10U Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-2754 HIGH POC This Week

A vulnerability classified as critical has been found in SourceCodester Complete E-Commerce Site 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Complete E Commerce Site
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-2016 HIGH POC This Week

A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Zhicms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-2015 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in ZhiCms 4.0.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zhicms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-27934 HIGH POC PATCH This Week

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Deno
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-27933 HIGH POC PATCH This Week

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass RCE Deno
NVD GitHub
CVSS 3.1
8.8
EPSS
2.3%
CVE-2024-27923 HIGH POC PATCH This Week

Grav is a content management system (CMS). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass RCE Grav
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-27935 HIGH POC PATCH This Week

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Information Disclosure Deno
NVD GitHub
CVSS 3.1
8.3
EPSS
0.7%
CVE-2024-24520 HIGH POC This Week

An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Leptoncms
NVD GitHub Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-28521 HIGH POC This Week

SQL Injection vulnerability in Netcome NS-ASG Application Security Gateway v.6.3.1 allows a local attacker to execute arbitrary code and obtain sensitive information via a crafted script to the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Application Security Gateway Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-29031 HIGH POC PATCH This Week

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Kubernetes Meshery
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-29180 HIGH POC PATCH This Week

Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Webpack Dev Middleware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-2053 HIGH POC THREAT This Week

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Artica Proxy
NVD
CVSS 3.1
7.5
EPSS
44.6%
CVE-2024-28286 HIGH POC This Week

In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServer_handleFileCloseRequest.c function of src/mms/iso_mms/server/mms_file_service.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libiec61850
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-27292 HIGH POC PATCH THREAT This Week

Docassemble is an expert system for guided interviews and document assembly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Docassemble
NVD GitHub
CVSS 3.1
7.5
EPSS
69.5%
CVE-2024-24272 HIGH POC This Week

An issue in iTop DualSafe Password Manager & Digital Vault before 1.4.24 allows a local attacker to obtain sensitive information via leaked credentials as plaintext in a log file that can be accessed. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp Information Disclosure Dualsafe Password Manager
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-28102 MEDIUM POC PATCH This Month

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Denial Of Service Jwcrypto Debian Linux
NVD GitHub
CVSS 3.1
6.8
EPSS
1.0%
CVE-2024-22724 MEDIUM POC This Month

An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE File Upload Oscommerce
NVD GitHub
CVSS 3.1
6.6
EPSS
0.3%
CVE-2024-2774 MEDIUM POC This Month

A vulnerability classified as critical was found in Campcodes Online Marriage Registration System 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Marriage Registration System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-2770 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Online Beauty Parlor Management System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-28863 MEDIUM POC PATCH This Month

node-tar is a Tar for Node.js. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Denial Of Service Tar
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-2768 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Online Beauty Parlor Management System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-2767 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Online Beauty Parlor Management System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-2766 MEDIUM POC This Month

A vulnerability has been found in Campcodes Complete Online Beauty Parlor Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Online Beauty Parlor Management System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-2713 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Campcodes Complete Online DJ Booking System 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Online Dj Booking System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-2712 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Campcodes Complete Online DJ Booking System 1.0.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Online Dj Booking System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-27936 MEDIUM POC PATCH This Month

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Deno Deno Runtime
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-27927 MEDIUM POC PATCH This Month

RSSHub is an open source RSS feed generator. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Denial Of Service Rsshub
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-25811 MEDIUM POC This Month

An access control issue in Dreamer CMS v4.0.1 allows attackers to download backup files and leak sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dreamer Cms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-24110 MEDIUM POC This Month

SQL Injection vulnerability in crmeb_java before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Crmeb Java
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-2775 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Campcodes Online Marriage Registration System 1.0.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Marriage Registration System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-2773 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Campcodes Online Marriage Registration System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Marriage Registration System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-29374 MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE 3.10.9 handles user input within the "GET /?lang=" URL parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Moodle
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-28635 MEDIUM POC PATCH This Month

Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Survey Creator
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-25167 MEDIUM POC This Month

Cross Site Scripting vulnerability in eblog v1.0 allows a remote attacker to execute arbitrary code via a crafted script to the argument description parameter when submitting a comment on a post. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Eblog
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-29859 CRITICAL PATCH Act Now

In MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload PHP Misp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-28756 MEDIUM POC This Month

The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Google Mysolaredge
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-24818 MEDIUM POC PATCH This Month

EspoCRM is an Open Source Customer Relationship Management software. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required. Public exploit code available.

Code Injection Espocrm
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy