Skip to main content
CVE-2024-29515 HIGH POC This Week

File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file to the save.php and config.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Leptoncms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-28107 HIGH POC PATCH This Week

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP PostgreSQL Phpmyfaq
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-27299 HIGH POC PATCH This Week

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP PostgreSQL Phpmyfaq
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-1962 HIGH POC This Week

The CM Download Manager WordPress plugin before 2.9.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Cm Download Manager
NVD WPScan
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-28434 HIGH POC This Week

The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Twenty
NVD GitHub
CVSS 3.1
7.6
EPSS
0.7%
CVE-2024-28105 HIGH POC PATCH This Week

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP PostgreSQL File Upload Phpmyfaq
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2024-25002 HIGH This Week

Command Injection in the diagnostics interface of the Bosch Network Synchronizer allows unauthorized users full access to the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-29071 HIGH This Week

HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-28041 HIGH This Week

HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-1973 HIGH This Week

By leveraging the vulnerability, lower-privileged users of Content Manager can manipulate Content Manager clients to elevate privileges and perform unauthorized operations. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2024-28850 HIGH PATCH This Week

WP Crontrol controls the cron events on WordPress websites. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.

RCE WordPress PHP Wp Crontrol
NVD GitHub
CVSS 3.1
8.1
EPSS
0.2%
CVE-2024-24897 HIGH This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2024-24892 HIGH This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2024-30202 HIGH PATCH This Week

In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Emacs Org Mode
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2024-24890 HIGH This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler gala-gopher on Linux allows Command Injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2024-2427 HIGH This Week

A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper traffic throttling in the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Denial Of Service Powerflex 527 Ac Drives Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-2426 HIGH This Week

A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Powerflex 527 Ac Drives Firmware
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2024-2425 HIGH This Week

A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Denial Of Service Powerflex 527 Ac Drives Firmware
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2024-28387 HIGH This Week

An issue in axonaut v.3.1.23 and before allows a remote attacker to obtain sensitive information via the log.txt component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Axonaut
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-25964 HIGH This Week

Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-21505 HIGH PATCH This Week

Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-2864 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaineLabs Youzify - Buddypress Moderation.2.5. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Youzify
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-24899 HIGH This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-zeus on Linux allows Command Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-30205 HIGH PATCH This Week

In Emacs before 29.3, Org mode considers contents of remote files to be trusted. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Emacs Org Mode Debian Linux
NVD
CVSS 3.1
7.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy