Skip to main content
CVE-2024-28861 CRITICAL POC PATCH Act Now

Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a PHP framework for web projects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization RCE PHP Symfony1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-2815 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Tenda AC15 15.03.20_multi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac15 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-2814 CRITICAL POC Act Now

A vulnerability was found in Tenda AC15 15.03.20_multi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac15 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-2813 CRITICAL POC Act Now

A vulnerability was found in Tenda AC15 15.03.20_multi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac15 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-2811 CRITICAL POC Act Now

A vulnerability was found in Tenda AC15 15.03.20_multi and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac15 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-2810 CRITICAL POC Act Now

A vulnerability has been found in Tenda AC15 15.03.05.18/15.03.20_multi and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac15 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-2809 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in Tenda AC15 15.03.05.18/15.03.20_multi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac15 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-2808 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in Tenda AC15 15.03.05.18/15.03.20_multi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac15 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-2807 CRITICAL POC Act Now

A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.20_multi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac15 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-2806 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Tenda AC15 15.03.05.18/15.03.20_multi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac15 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-29275 CRITICAL POC Act Now

SQL injection vulnerability in SeaCMS version 12.9, allows remote unauthenticated attackers to execute arbitrary code and obtain sensitive information via the id parameter in class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
5.0%
CVE-2024-28441 CRITICAL POC Act Now

File Upload vulnerability in magicflue v.7.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the messageid parameter of the mail/mailupdate.jsp endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Magicflue
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-29385 CRITICAL POC Act Now

DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

D-Link Command Injection RCE Dir 845L Firmware
NVD GitHub
CVSS 3.1
9.0
EPSS
1.6%
CVE-2024-29185 CRITICAL POC Act Now

FreeScout is a self-hosted help desk and shared mailbox. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Command Injection Freescout
NVD GitHub
CVSS 3.1
9.0
EPSS
1.7%
CVE-2024-2828 HIGH POC This Week

A vulnerability, which was classified as critical, was found in lakernote EasyAdmin up to 20240315. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Easyadmin
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-2827 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in lakernote EasyAdmin up to 20240315. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Easyadmin
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-2826 HIGH POC This Week

A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Easyadmin
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-2825 HIGH POC This Week

A vulnerability classified as critical has been found in lakernote EasyAdmin up to 20240315. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Easyadmin
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-29366 HIGH POC This Week

A command injection vulnerability exists in the cgibin binary in DIR-845L router firmware <= v1.01KRb03. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 845L Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-28559 HIGH POC This Week

SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice() function of the Goodsbatchset.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP B2B2C Multi Business
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-2812 HIGH POC This Week

A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac15 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
4.0%
CVE-2024-2805 HIGH POC This Week

A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac15 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-25808 HIGH POC This Week

Cross-site Request Forgery (CSRF) vulnerability in Lychee version 3.1.6, allows remote attackers to execute arbitrary code via the create new album function. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Lychee
NVD GitHub
CVSS 3.1
8.3
EPSS
0.4%
CVE-2024-29184 HIGH POC This Week

FreeScout is a self-hosted help desk and shared mailbox. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Freescout
NVD GitHub
CVSS 3.1
8.0
EPSS
0.9%
CVE-2024-29190 HIGH POC PATCH This Week

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Google Mobile Security Framework
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-29499 HIGH POC This Week

Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/users/delete/2. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Anchor Cms
NVD GitHub
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-2817 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda CSRF Ac15 Firmware
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-2816 MEDIUM POC This Month

A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda CSRF Ac15 Firmware
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-29272 MEDIUM POC PATCH This Month

Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP File Upload Vvvebjs
NVD GitHub
CVSS 3.1
6.5
EPSS
9.4%
CVE-2024-2776 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Campcodes Online Marriage Registration System 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Marriage Registration System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-2824 MEDIUM POC This Month

A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critical.c. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.7%
CVE-2024-25168 MEDIUM POC This Month

SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE Snow
NVD GitHub
CVSS 3.1
6.3
EPSS
0.6%
CVE-2024-29273 MEDIUM POC This Month

There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dzzoffice
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-29271 MEDIUM POC PATCH This Month

Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP XSS Vvvebjs
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-25807 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, allows remote attackers to execute arbitrary code and obtain sensitive information via the title parameter when creating an album. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Lychee
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-2780 MEDIUM POC This Month

A vulnerability was found in Campcodes Online Marriage Registration System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Marriage Registration System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-2778 MEDIUM POC This Month

A vulnerability was found in Campcodes Online Marriage Registration System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Marriage Registration System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-29943 CRITICAL Act Now

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
9.8
EPSS
22.9%
CVE-2024-28560 MEDIUM POC This Month

SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea() function of the Address.php component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP B2B2C Multi Business
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-26557 MEDIUM POC This Month

Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Codiad
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-2779 MEDIUM POC This Month

A vulnerability was found in Campcodes Online Marriage Registration System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Marriage Registration System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-29186 MEDIUM POC PATCH This Month

Bref is an open-source project that helps users go serverless on Amazon Web Services with PHP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Denial Of Service Bref
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-29042 MEDIUM POC PATCH This Month

Translate is a package that allows users to convert text to different languages on Node.js and the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Information Disclosure Translate
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-2777 MEDIUM POC This Month

A vulnerability has been found in Campcodes/PHPGurukul Online Marriage Registration System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Marriage Registration System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-2228 HIGH This Week

This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Identityiq
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-2448 HIGH This Week

An OS command injection vulnerability has been identified in LoadMaster. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Loadmaster
NVD
CVSS 3.1
8.8
EPSS
55.4%
CVE-2024-2823 MEDIUM POC This Month

A vulnerability has been found in DedeCMS 5.7 and classified as problematic. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-2822 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-2821 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-2820 MEDIUM POC This Month

A vulnerability classified as problematic was found in DedeCMS 5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy