Skip to main content
CVE-2023-48777 CRITICAL POC THREAT Emergency

Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.3.0 through 3.18.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 90.8%.

File Upload Website Builder Elementor
NVD
CVSS 3.1
9.9
EPSS
90.8%
Threat
6.2
CVE-2023-28787 CRITICAL POC THREAT Emergency

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Quiz And Survey Master.1.4. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 32.1%.

SQLi
NVD
CVSS 3.1
9.3
EPSS
32.1%
Threat
4.3
CVE-2023-47873 CRITICAL POC THREAT Emergency

Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.0.9. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

File Upload Wp Child Theme Generator
NVD
CVSS 3.1
9.1
EPSS
13.0%
CVE-2024-2927 CRITICAL POC Act Now

A vulnerability was found in code-projects Mobile Shop 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Mobile Shop
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-2917 CRITICAL POC Act Now

A vulnerability was found in Campcodes House Rental Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure House Rental Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-28545 CRITICAL POC Act Now

Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2024-25421 CRITICAL POC PATCH Act Now

An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Openfire
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-29401 CRITICAL POC Act Now

xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the session of a deleted admin to do anything. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xzs Mysql
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-29684 CRITICAL POC Act Now

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP CSRF Dedecms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-29303 CRITICAL POC Act Now

The delete admin users function of SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Php Task Management System
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-38388 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.3.5. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 22.9% and no vendor patch available.

File Upload Jupiter X Core
NVD
CVSS 3.1
9.0
EPSS
22.9%
CVE-2024-2903 HIGH POC This Week

A vulnerability was found in Tenda AC7 15.03.06.44. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac7 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-2885 HIGH POC This Week

Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-2883 HIGH POC This Week

Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2024-2902 HIGH POC This Week

A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac7 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-2901 HIGH POC This Week

A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac7 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-2900 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac7 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-2899 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Tenda AC7 15.03.06.44. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac7 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-2898 HIGH POC This Week

A vulnerability classified as critical was found in Tenda AC7 15.03.06.44. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac7 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-2897 HIGH POC This Week

A vulnerability classified as critical has been found in Tenda AC7 15.03.06.44. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac7 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
7.9%
CVE-2024-2896 HIGH POC This Week

A vulnerability was found in Tenda AC7 15.03.06.44. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac7 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-2895 HIGH POC This Week

A vulnerability was found in Tenda AC7 15.03.06.44. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac7 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-2894 HIGH POC This Week

A vulnerability was found in Tenda AC7 15.03.06.44. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac7 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-2893 HIGH POC This Week

A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac7 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-2892 HIGH POC This Week

A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac7 Firmware
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-2891 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac7 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-51148 HIGH POC This Week

An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor Wireless Access Point TEW-821DAP v.3.00b06 allows an attacker to execute arbitrary code via the 'mycli' command-line interface component. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Stack Overflow Tew 821Dap Firmware
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
0.5%
CVE-2024-2212 HIGH POC This Week

In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Threadx
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-29189 HIGH POC PATCH This Week

PyAnsys Geometry is a Python client library for the Ansys Geometry service and other CAD Ansys products. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Python Command Injection Pyansys Geometry
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-2886 HIGH POC This Week

Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2024-28551 HIGH POC This Week

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the ssid parameter of form_fast_setting_wifi_set function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac18 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-28442 HIGH POC This Week

Directory Traversal vulnerability in Yealink VP59 v.91.15.0.118 allows a physically proximate attacker to obtain sensitive information via terms of use function in the company portal component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Vp59 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-23722 HIGH POC PATCH This Week

In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Fluent Bit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-29302 HIGH POC This Week

SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-employee.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Php Task Management System
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-29301 HIGH POC This Week

SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-admin.php?admin_id=. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Php Task Management System
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-25420 HIGH POC PATCH This Week

An issue in Ignite Realtime Openfire before 4.8.1 allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Openfire
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2024-2916 MEDIUM POC This Month

A vulnerability was found in Campcodes House Rental Management System 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP House Rental Management System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-1313 MEDIUM POC PATCH This Month

It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/<key> using its view. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Grafana
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-29197 MEDIUM POC PATCH This Month

Pimcore is an Open Source Data & Experience Management Platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Pimcore
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-29644 MEDIUM POC This Month

Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Dcat Admin
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2024-29832 MEDIUM POC This Month

The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Photo Gallery
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-23656 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.5%
CVE-2024-1455 MEDIUM POC PATCH This Month

A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity (XXE) exploitation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

XXE Denial Of Service Langchain
NVD GitHub
CVSS 3.1
5.9
EPSS
0.8%
CVE-2024-2921 CRITICAL Act Now

Improper access control in PAM vault permissions in Devolutions Server 2024.1.10.0 and earlier allows an authenticated user with access to the PAM to access unauthorized PAM entries via a specific. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Devolutions Server
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-2452 CRITICAL PATCH Act Now

In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control parameters of __portable_aligned_alloc() could cause an integer wrap-around and an allocation smaller than expected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Threadx Netx Duo
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-28048 CRITICAL Act Now

OS command injection vulnerability exists in ffBull ver.4.11, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-29833 MEDIUM POC This Month

The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression;. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Photo Gallery
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-29810 MEDIUM POC This Month

The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Photo Gallery
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-29809 MEDIUM POC This Month

The image_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Photo Gallery
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-29808 MEDIUM POC This Month

The image_id parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Photo Gallery
NVD
CVSS 3.1
5.4
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy