Skip to main content
CVE-2024-2939 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Campcodes Online Examination System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Examination System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-6173 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeoSOFT Software TeoBASE allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-6153 CRITICAL Act Now

Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows Authentication Bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-28815 CRITICAL Act Now

A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 through 2.7 and CMG 8.5 SP4 through 8.6 could allow access to sensitive information, changes to the system configuration, or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-25393 CRITICAL Act Now

A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread through 5.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Rt Thread
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-34020 MEDIUM POC This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash.6.4.3. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Uncanny Toolkit For Learndash
NVD
CVSS 3.1
4.7
EPSS
4.7%
CVE-2024-2998 MEDIUM POC This Month

A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Multi Store Inventory Management System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-2997 MEDIUM POC This Month

A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Multi Store Inventory Management System
NVD VulDB
CVSS 3.1
5.4
EPSS
1.2%
CVE-2024-28085 LOW POC PATCH THREAT Monitor

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%.

Information Disclosure Util Linux Debian Linux
NVD GitHub
CVSS 3.1
3.3
EPSS
10.2%
CVE-2024-2935 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Todo List in Kanban Board 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Todo List In Kanban Board
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-28335 CRITICAL PATCH Act Now

Lektor before 3.3.11 does not sanitize DB path traversal. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-2996 MEDIUM POC This Month

A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Multi Store Inventory Management System
NVD VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-25395 HIGH This Week

A buffer overflow occurs in utilities/rt-link/src/rtlink.c in RT-Thread through 5.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Rt Thread
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-24842 HIGH This Week

Deserialization of Untrusted Data vulnerability in Echo Plugins Knowledge Base for Documentation, FAQs with AI Assistance.30.2. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD
CVSS 3.1
8.7
EPSS
0.4%
CVE-2024-29891 HIGH PATCH This Week

ZITADEL users can upload their own avatar image and various image types are allowed. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Google Mozilla File Upload Zitadel
NVD GitHub
CVSS 3.1
8.7
EPSS
0.8%
CVE-2024-20271 HIGH This Week

A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Ios Xe Business Access Points Wireless Lan Controller Software
NVD
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-20259 HIGH This Week

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Cisco Denial Of Service Apple +1
NVD
CVSS 3.1
8.6
EPSS
0.8%
CVE-2024-30238 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.3.2. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
8.5
EPSS
0.5%
CVE-2024-25391 HIGH This Week

A stack buffer overflow occurs in libc/posix/ipc/mqueue.c in RT-Thread through 5.0.2. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Rt Thread
NVD GitHub
CVSS 3.1
8.4
EPSS
0.3%
CVE-2024-25390 HIGH This Week

A heap buffer overflow occurs in finsh/msh_file.c and finsh/msh.c in RT-Thread through 5.0.2. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Rt Thread
NVD GitHub
CVSS 3.1
8.4
EPSS
0.3%
CVE-2024-25388 HIGH This Week

drivers/wlan/wlan_mgmt,c in RT-Thread through 5.0.2 has an integer signedness error and resultant buffer overflow. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Rt Thread
NVD GitHub
CVSS 3.1
8.4
EPSS
0.3%
CVE-2024-24335 HIGH This Week

A heap buffer overflow occurs in the dfs_v2 romfs filesystem RT-Thread through 5.0.2. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Rt Thread
NVD GitHub
CVSS 3.1
8.4
EPSS
0.4%
CVE-2024-24334 HIGH This Week

A heap buffer overflow occurs in dfs_v2 dfs_file in RT-Thread through 5.0.2. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Rt Thread
NVD GitHub
CVSS 3.1
8.4
EPSS
0.4%
CVE-2024-1531 HIGH This Week

A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-29946 HIGH This Week

In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Splunk
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2024-0077 HIGH This Week

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, where it allows a guest OS to allocate resources for which the guest OS is not authorized. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass RCE Information Disclosure Denial Of Service Nvidia
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0073 HIGH This Week

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer when the driver is performing an operation at a privilege level that is higher than the minimum level required. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Information Disclosure Denial Of Service Privilege Escalation +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-0071 HIGH This Week

NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft RCE Information Disclosure Denial Of Service +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-20308 HIGH This Week

A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Cisco Denial Of Service Apple +2
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-20307 HIGH This Week

A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Stack Overflow Apple iOS +1
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-23450 HIGH PATCH This Week

A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Denial Of Service Elasticsearch
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-20314 HIGH This Week

A vulnerability in the IPv4 Software-Defined Access (SD-Access) fabric edge node feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-20311 HIGH This Week

A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS Ios Xe
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-2097 HIGH This Week

An authenticated malicious client can send a special LINQ query to execute arbitrary code remotely (RCE) on the SCM server from List control, and execute the arbitrary code on the same system where. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-25389 HIGH This Week

RT-Thread through 5.0.2 generates random numbers with a weak algorithm of "seed = 214013L * seed + 2531011L; return (seed >> 16) & 0x7FFF;" in calc_random in drivers/misc/rt_random.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rt Thread
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-0400 HIGH This Week

SCM Software is a client and server application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-29887 HIGH PATCH This Week

Serverpod is an app and web server, built for the Flutter and Dart ecosystem. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Serverpod
NVD GitHub
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-20354 HIGH This Week

A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point (AP) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Wireless Lan Controller Software Ios Xe
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-20312 HIGH This Week

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Cisco Apple Denial Of Service iOS +1
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-20303 HIGH This Week

A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xe
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-20276 HIGH This Week

A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service iOS
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-29945 HIGH This Week

In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Splunk
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-22149 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann CformsII allows Stored XSS.0.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-30201 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WordPress Importer allows Reflected XSS.0.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Wp Smart Import
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-29915 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Reflected XSS.0.9. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Podlove Podcast Publisher
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-29919 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by Ays allows Reflected XSS.5.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-30199 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for Amazon wp-lister-for-amazon.6.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-29928 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Codeus Advanced Sermons allows Reflected XSS.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Advanced Sermons
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-29774 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpDirectoryKit WP Directory Kit allows Reflected XSS.2.9. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Directory Kit
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-29918 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Reflected XSS.0.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Survey Maker
NVD
CVSS 3.1
7.1
EPSS
0.3%
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy