Skip to main content
CVE-2024-30228 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.4. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.9
EPSS
0.6%
CVE-2023-6437 CRITICAL Act Now

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TP-Link TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection TP-Link
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-29241 CRITICAL Act Now

Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Synology Surveillance Station
NVD
CVSS 3.1
9.9
EPSS
0.8%
CVE-2024-3039 CRITICAL Act Now

A vulnerability classified as critical has been found in Shanghai Brad Technology BladeX 3.4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Shanghai Brad Technology Bladex
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-28015 CRITICAL Act Now

Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Aterm Wg1800Hp4 Firmware Aterm Wg1200Hs3 Firmware Aterm Wg1900Hp2 Firmware Aterm Wg1200Hp3 Firmware +55
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-28014 CRITICAL Act Now

Stack-based Buffer Overflow vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aterm Wg1800Hp4 Firmware Aterm Wg1200Hs3 Firmware Aterm Wg1900Hp2 Firmware +56
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-28012 CRITICAL Act Now

Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Aterm Wg1800Hp4 Firmware Aterm Wg1200Hs3 Firmware Aterm Wg1900Hp2 Firmware Aterm Wg1200Hp3 Firmware +55
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-28011 CRITICAL Act Now

Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Aterm Wg1800Hp4 Firmware Aterm Wg1200Hs3 Firmware Aterm Wg1900Hp2 Firmware Aterm Wg1200Hp3 Firmware +55
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-28010 CRITICAL Act Now

Use of Hard-coded Password in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection Aterm Wg1800Hp4 Firmware Aterm Wg1200Hs3 Firmware Aterm Wg1900Hp2 Firmware +56
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-28009 CRITICAL Act Now

Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Aterm Wg1800Hp4 Firmware Aterm Wg1200Hs3 Firmware Aterm Wg1900Hp2 Firmware Aterm Wg1200Hp3 Firmware +55
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-28008 CRITICAL Act Now

Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Aterm Wg1800Hp4 Firmware Aterm Wg1200Hs3 Firmware Aterm Wg1900Hp2 Firmware Aterm Wg1200Hp3 Firmware +55
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-28007 CRITICAL Act Now

Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Aterm Wg1800Hp4 Firmware Aterm Wg1200Hs3 Firmware Aterm Wr8750N Firmware Aterm Wr8160N Firmware +55
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-29489 MEDIUM POC PATCH This Month

Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:238:58 in ecma_get_object_type. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-28456 MEDIUM POC This Month

Cross Site Scripting vulnerability in Campcodes Online Marriage Registration System v.1.0 allows a remote attacker to execute arbitrary code via the text fields in the marriage registration request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Online Marriage Registration System
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-24407 MEDIUM POC This Month

SQL Injection vulnerability in Best Courier management system v.1.0 allows a remote attacker to obtain sensitive information via print_pdets.php component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Best Courier Management System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-30223 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.0.26. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Armember
NVD
CVSS 3.1
9.0
EPSS
1.1%
CVE-2024-30241 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.7.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Profilegrid
NVD
CVSS 3.1
8.5
EPSS
3.5%
CVE-2024-2890 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-29100 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.1.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ai Engine
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-0677 MEDIUM POC This Month

The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Pz Linkcard
NVD WPScan
CVSS 3.1
5.1
EPSS
0.3%
CVE-2024-30227 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.6.4. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.0
EPSS
0.2%
CVE-2024-1770 HIGH This Week

The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.2 via deserialization of untrusted input in the get_post_data function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization WordPress Information Disclosure
NVD VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-3019 HIGH This Week

A flaw was found in PCP. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Redis Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-25955 HIGH This Week

Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Powermax Eem Solutions Enabler Virtual Appliance Unisphere For Powermax Virtual Appliance
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-25946 HIGH This Week

Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Powermax Eem Solutions Enabler Virtual Appliance Unisphere For Powermax Virtual Appliance
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-30222 HIGH This Week

Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.0.26. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Armember
NVD
CVSS 3.1
8.5
EPSS
1.1%
CVE-2024-30236 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.3.4. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
8.5
EPSS
0.5%
CVE-2024-30243 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tomas WordPress Tooltips.4.5. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2024-30244 HIGH PATCH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in andy_moyle Church Admin church-admin.0.27. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi
NVD VulDB
CVSS 3.1
8.5
EPSS
0.4%
CVE-2024-30240 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Typps Calendarista.5.7. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2023-39309 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeFusion Fusion Builder.11.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Fusion Builder
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2024-30242 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions Contact Form to Any API.1.8. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2024-30239 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Campaigns.0.6. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2024-23727 HIGH This Week

The YI Smart Kami Vision com.kamivision.yismart application through 1.0.0_20231219 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Google
NVD GitHub
CVSS 3.1
8.4
EPSS
0.5%
CVE-2024-30588 MEDIUM POC This Month

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1202 Firmware
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-30230 HIGH This Week

Deserialization of Untrusted Data vulnerability in Acowebs PDF Invoices and Packing Slips For WooCommerce.3.7. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization WordPress Pdf Invoices And Packing Slips For Woocommerce
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-23649 HIGH This Week

Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-30229 HIGH This Week

Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give.4.2. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization
NVD VulDB
CVSS 3.1
8.0
EPSS
0.6%
CVE-2024-31139 HIGH This Week

In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Teamcity
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-28109 HIGH PATCH This Week

veraPDF-library is a PDF/A validation library. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2024-23500 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in StellarWP Gutenberg Blocks by Kadence Blocks kadence-blocks.2.19. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD VulDB
CVSS 3.1
7.7
EPSS
0.7%
CVE-2024-25960 HIGH This Week

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.x contains a cleartext transmission of sensitive information vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-39313 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in ThemeFusion Avada.11.1. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Avada
NVD
CVSS 3.1
7.7
EPSS
0.4%
CVE-2024-29229 HIGH This Week

Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Synology Surveillance Station
NVD
CVSS 3.1
7.7
EPSS
0.8%
CVE-2024-29228 HIGH This Week

Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Synology Surveillance Station
NVD
CVSS 3.1
7.7
EPSS
0.8%
CVE-2024-30237 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Supsystic Slider by Supsystic.8.10. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-25924 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Trustindex.Io WP Testimonials.4.3. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2024-30245 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pierre Lannoy DecaLog decalog.9.0. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
7.6
EPSS
0.2%
CVE-2024-25963 HIGH This Week

Dell PowerScale OneFS, versions 8.2.2.x through 9.5.0.x contains a use of a broken cryptographic algorithm vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-25954 HIGH This Week

Dell PowerScale OneFS, versions 9.5.0.x through 9.7.0.x, contain an insufficient session expiration vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Powerscale Onefs
NVD
CVSS 3.1
7.5
EPSS
0.6%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy