Skip to main content
CVE-2024-30491 HIGH Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.7.8. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 55.2% and no vendor patch available.

SQLi Profilegrid
NVD
CVSS 3.1
8.5
EPSS
55.2%
CVE-2024-30502 CRITICAL POC THREAT Emergency

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel Engine.7.9. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.4%.

SQLi Wp Travel Engine
NVD
CVSS 3.1
9.3
EPSS
18.4%
CVE-2024-30498 CRITICAL POC THREAT Emergency

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks CRM Perks Forms.1.4. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.9%.

SQLi Crm Perks Forms
NVD
CVSS 3.1
9.3
EPSS
16.9%
CVE-2024-30490 CRITICAL POC THREAT Emergency

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.7.8. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.4%.

SQLi Profilegrid
NVD
CVSS 3.1
9.3
EPSS
14.4%
CVE-2024-29202 CRITICAL POC Act Now

JumpServer is an open source bastion host and an operation and maintenance security audit system. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Jumpserver
NVD GitHub
CVSS 3.1
9.9
EPSS
5.9%
CVE-2024-29201 CRITICAL POC Act Now

JumpServer is an open source bastion host and an operation and maintenance security audit system. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Jumpserver
NVD GitHub
CVSS 3.1
9.9
EPSS
5.9%
CVE-2024-30635 CRITICAL POC Act Now

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability located in the funcpara1 parameter in the formSetCfm function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda F1202 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-30630 CRITICAL POC Act Now

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the time parameter from saveParentControlInfo function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Information Disclosure Fh1205 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-30628 CRITICAL POC Act Now

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the page parameter from fromAddressNat function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1205 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-30622 CRITICAL POC Act Now

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the mitInterface parameter from fromAddressNat function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1205 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-30637 HIGH POC This Week

Tenda F1202 v1.2.0.20(408) has a command injection vulnerablility in the formWriteFacMac function in the mac parameter. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection F1202 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-30627 HIGH POC This Week

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the deviceId parameter from saveParentControlInfo function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1205 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-30624 HIGH POC This Week

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the urls parameter from saveParentControlInfo function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1205 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-30634 HIGH POC This Week

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the mitInterface parameter in the fromAddressNat function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow F1202 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-30626 HIGH POC This Week

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the schedEndTime parameter from setSchedWifi function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1205 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-30625 HIGH POC This Week

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the entrys parameter from fromAddressNat function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1205 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-28867 HIGH POC PATCH This Week

Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Swift Prometheus
NVD GitHub
CVSS 3.1
7.4
EPSS
0.6%
CVE-2024-29686 HIGH POC This Week

Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Winter
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
1.8%
CVE-2024-28405 HIGH POC This Week

SEMCMS 4.8 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Semcms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-30639 MEDIUM POC This Month

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability in the page parameter of fromAddressNat function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow F1202 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-30636 MEDIUM POC This Month

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the PPPOEPassword parameter in the formQuickIndex function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow F1202 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-30633 MEDIUM POC This Month

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the security parameter from the formWifiBasicSet function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1205 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-30632 MEDIUM POC This Month

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the security_5g parameter from formWifiBasicSet function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1205 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-30623 MEDIUM POC This Month

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the page parameter from fromDhcpListClient function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1205 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-3077 MEDIUM POC This Month

An malicious BLE device can crash BLE victim device by sending malformed gatt packet. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-2411 CRITICAL PATCH Act Now

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'modal' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure RCE WordPress LFI +1
NVD VulDB
CVSS 3.1
9.8
EPSS
3.1%
CVE-2024-30510 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.5. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Salon Booking System
NVD
CVSS 3.1
10.0
EPSS
0.9%
CVE-2024-29640 CRITICAL Act Now

An issue in aliyundrive-webdav v.2.3.3 and before allows a remote attacker to execute arbitrary code via a crafted payload to the sid parameter in the action_query_qrcode component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-30500 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in CubeWP CubeWP - All-in-One Dynamic Content Framework.1.12. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cubewp
NVD
CVSS 3.1
9.9
EPSS
0.8%
CVE-2024-1729 MEDIUM POC PATCH This Month

A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Gradio
NVD GitHub
CVSS 3.0
5.9
EPSS
0.5%
CVE-2024-2409 CRITICAL PATCH Act Now

The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation WordPress Masterstudy Lms
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-6191 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egehan Security WebPDKS allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Webpdks
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-29667 CRITICAL Act Now

SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-31032 CRITICAL Act Now

An issue in Huashi Private Cloud CDN Live Streaming Acceleration Server hgateway-sixport v.1.1.2 allows a remote attacker to execute arbitrary code via the manager/ipping.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection PHP RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-30247 CRITICAL Act Now

NextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi, Odroid HC1, Rock64 and other boards. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Nextcloudpi
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2024-23539 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.8.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Apache Fineract
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-23538 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.8.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Apache Fineract
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-3078 CRITICAL PATCH Act Now

A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical.rs of the component Full Snapshot REST API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Qdrant
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-30629 MEDIUM POC This Month

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the list1 parameter from fromDhcpListClient function. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1205 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.5%
CVE-2024-1872 HIGH This Week

The Button plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.27 via deserialization of untrusted input in the button_shortcode function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure WordPress
NVD VulDB
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-29890 HIGH This Week

DataLens is a business intelligence and data visualization system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-23537 HIGH This Week

Improper Privilege Management vulnerability in Apache Fineract.8.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Fineract
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-30486 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Max Foundry Media Library Folders.1.7. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Media Library Folders
NVD
CVSS 3.1
8.5
EPSS
0.6%
CVE-2024-30499 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks CRM Perks Forms.1.4. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Crm Perks Forms
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2024-30497 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs.1.17. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Wp Responsive Tabs
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2024-30496 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BdThemes Element Pack Elementor Addons.5.3. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Element Pack
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2024-30488 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Katie Zotpress zotpress.3.7. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
8.5
EPSS
0.4%
CVE-2024-30638 MEDIUM POC This Month

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the entrys parameter in the fromAddressNat function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow F1202 Firmware
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-30631 MEDIUM POC This Month

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the schedStartTime parameter from setSchedWifi function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1205 Firmware
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-29901 HIGH PATCH This Week

The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Authkit Nextjs
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy