Skip to main content
CVE-2024-28421 CRITICAL POC Act Now

SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to escalate privileges via the ChannelModel::updateapk method of the channelmodle.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Razor
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-2863 CRITICAL POC THREAT Act Now

This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Lg Led Assistant
NVD
CVSS 3.1
9.8
EPSS
64.0%
CVE-2024-2862 CRITICAL POC THREAT Act Now

This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Lg Led Assistant
NVD
CVSS 3.1
9.8
EPSS
51.0%
CVE-2024-29515 HIGH POC This Week

File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file to the save.php and config.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Leptoncms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-28107 HIGH POC PATCH This Week

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP PostgreSQL Phpmyfaq
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-27299 HIGH POC PATCH This Week

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP PostgreSQL Phpmyfaq
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-1962 HIGH POC This Week

The CM Download Manager WordPress plugin before 2.9.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Cm Download Manager
NVD WPScan
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-28434 HIGH POC This Week

The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Twenty
NVD GitHub
CVSS 3.1
7.6
EPSS
0.7%
CVE-2024-28105 HIGH POC PATCH This Week

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP PostgreSQL File Upload Phpmyfaq
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2024-1231 MEDIUM POC This Month

The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Cm Download Manager
NVD WPScan
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-28108 MEDIUM POC PATCH This Month

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS PostgreSQL Phpmyfaq
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-25175 MEDIUM POC This Month

An issue in Kickdler before v1.107.0 allows attackers to provide an XSS payload via a HTTP response splitting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kickdler
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-28386 CRITICAL Act Now

An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Fastmag Sync
NVD VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-2865 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mergen Software Quality Management System allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-29666 CRITICAL Act Now

Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.7.32.0.3 allows a remote attacker to escalate privileges via the default password component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-29650 CRITICAL PATCH Act Now

An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker to execute arbitrary code via the mutIn and mutInManyUnsafe components. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-28393 CRITICAL PATCH Act Now

SQL injection vulnerability in scalapay v.1.2.41 and before allows a remote attacker to escalate privileges via the ScalapayReturnModuleFrontController::postProcess() method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Scalapay
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-28106 MEDIUM POC PATCH This Month

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS PostgreSQL Phpmyfaq
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-27300 MEDIUM POC PATCH This Month

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS PostgreSQL Phpmyfaq
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-28435 MEDIUM POC This Month

The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF File Upload Twenty
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-29025 MEDIUM POC PATCH This Month

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Netty Debian Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2024-30187 MEDIUM POC PATCH This Month

Anope before 2.0.15 does not prevent resetting the password of a suspended account. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Anope
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-2873 CRITICAL Act Now

A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wolfssh
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-29179 MEDIUM POC PATCH This Month

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS PostgreSQL Phpmyfaq
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-25002 HIGH This Week

Command Injection in the diagnostics interface of the Bosch Network Synchronizer allows unauthorized users full access to the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-1232 MEDIUM POC This Month

The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Cm Download Manager
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-29071 HIGH This Week

HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-28041 HIGH This Week

HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-1973 HIGH This Week

By leveraging the vulnerability, lower-privileged users of Content Manager can manipulate Content Manager clients to elevate privileges and perform unauthorized operations. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2024-1564 MEDIUM POC This Month

The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Schema
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-28850 HIGH PATCH This Week

WP Crontrol controls the cron events on WordPress websites. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.

RCE WordPress PHP Wp Crontrol
NVD GitHub
CVSS 3.1
8.1
EPSS
0.2%
CVE-2024-24897 HIGH This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2024-24892 HIGH This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2024-30202 HIGH PATCH This Week

In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Emacs Org Mode
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2024-24890 HIGH This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler gala-gopher on Linux allows Command Injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2024-2427 HIGH This Week

A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper traffic throttling in the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Denial Of Service Powerflex 527 Ac Drives Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-2426 HIGH This Week

A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Powerflex 527 Ac Drives Firmware
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2024-2425 HIGH This Week

A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Denial Of Service Powerflex 527 Ac Drives Firmware
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2024-28387 HIGH This Week

An issue in axonaut v.3.1.23 and before allows a remote attacker to obtain sensitive information via the log.txt component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Axonaut
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-25964 HIGH This Week

Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-21505 HIGH PATCH This Week

Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-2864 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaineLabs Youzify - Buddypress Moderation.2.5. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Youzify
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-24899 HIGH This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-zeus on Linux allows Command Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-30205 HIGH PATCH This Week

In Emacs before 29.3, Org mode considers contents of remote files to be trusted. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Emacs Org Mode Debian Linux
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2022-38057 MEDIUM This Month

Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.2.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Th Advance Product Search
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-27608 MEDIUM This Month

Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.5.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Points And Rewards For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-28244 MEDIUM PATCH This Month

KaTeX is a JavaScript library for TeX math rendering on the web. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Katex
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2024-28243 MEDIUM PATCH This Month

KaTeX is a JavaScript library for TeX math rendering on the web. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Katex
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2024-21865 MEDIUM This Month

HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-44626 MEDIUM This Month

Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly SEO.1.20. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Seo Plugin By Squirrly Seo
NVD
CVSS 3.1
6.3
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy