Skip to main content
CVE-2024-27972 CRITICAL Emergency

Authenticated code injection in the WP Fusion Lite WordPress plugin (versions up to and including 3.41.24) allows low-privileged users to execute arbitrary PHP code on the underlying server. With a CVSS of 9.9 and changed scope, successful exploitation fully compromises the WordPress site and potentially adjacent components; EPSS places this in the top 2% (98th percentile) of vulnerabilities most likely to be exploited, though no public exploit is identified at time of analysis.

Code Injection RCE
NVD VulDB
CVSS 3.1
9.9
EPSS
49.0%
CVE-2024-30568 CRITICAL POC THREAT Act Now

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Command Injection RCE Netgear R6850 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
47.2%
CVE-2024-3252 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Internship Portal Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Internship Portal Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-30998 CRITICAL POC Act Now

SQL Injection vulnerability in PHPGurukul Men Salon Management System v.2.0, allows remote attackers to execute arbitrary code and obtain sensitive information via the email parameter in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Men Salon Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-31011 CRITICAL POC Act Now

Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin_template.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Beescms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-31012 CRITICAL POC Act Now

An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Semcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-24724 CRITICAL POC THREAT Act Now

Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Ssti Gibbon
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
26.1%
CVE-2024-3251 HIGH POC This Week

A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Computer Laboratory Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-3224 HIGH POC This Week

A vulnerability has been found in SourceCodester PHP Task Management System 1.0 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Php Task Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-3223 HIGH POC This Week

A vulnerability, which was classified as critical, was found in SourceCodester PHP Task Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Php Task Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-3222 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in SourceCodester PHP Task Management System 1.0.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Php Task Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-3221 HIGH POC This Week

A vulnerability classified as critical was found in SourceCodester PHP Task Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Php Task Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-30572 HIGH POC This Week

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntp_server parameter. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Netgear R6850 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.5%
CVE-2024-27705 HIGH POC This Week

Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection XSS RCE Leantime
NVD GitHub
CVSS 3.1
7.6
EPSS
0.6%
CVE-2024-30571 HIGH POC THREAT This Week

An information leak in the BRS_top.html component of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear R6850 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
13.8%
CVE-2024-30569 HIGH POC This Week

An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear R6850 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2024-31010 HIGH POC This Week

SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Banner.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Semcms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-2879 HIGH POC THREAT This Week

The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress LayerSlider
NVD
CVSS 3.1
7.5
EPSS
18.4%
CVE-2024-3226 HIGH POC This Week

A vulnerability was found in Campcodes Online Patient Record Management System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Patient Record Management System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-3259 HIGH POC This Week

A vulnerability was found in SourceCodester Internship Portal Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Internship Portal Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-3258 HIGH POC This Week

A vulnerability was found in SourceCodester Internship Portal Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Internship Portal Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-3257 HIGH POC This Week

A vulnerability was found in SourceCodester Internship Portal Management System 1.0 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Internship Portal Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-3256 HIGH POC This Week

A vulnerability has been found in SourceCodester Internship Portal Management System 1.0 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Internship Portal Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-3255 HIGH POC This Week

A vulnerability, which was classified as critical, was found in SourceCodester Internship Portal Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Internship Portal Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-3254 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in SourceCodester Internship Portal Management System 1.0.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Internship Portal Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-3253 HIGH POC This Week

A vulnerability classified as critical was found in SourceCodester Internship Portal Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Internship Portal Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-3227 HIGH POC This Week

A vulnerability was found in Panwei eoffice OA up to 9.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal E Office
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-2322 MEDIUM POC This Month

The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Woocommerce Cart Abandonment Recovery
NVD WPScan
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-3270 MEDIUM POC This Month

A vulnerability classified as problematic was found in ThingsBoard up to 3.6.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Thingsboard
NVD VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-31008 MEDIUM POC This Month

An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code and obtain sensitive information via the index.php file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE PHP Wuzhicms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-31009 MEDIUM POC This Month

SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via lgid parameter in Banner.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Semcms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-3225 MEDIUM POC This Month

A vulnerability was found in SourceCodester PHP Task Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Php Task Management System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-25096 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Canto
NVD
CVSS 3.1
10.0
EPSS
1.0%
CVE-2024-24506 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attackers to execute arbitrary code via the Administrator email address parameter in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Limesurvey
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-31013 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in emlog version Pro 2.3, allow remote attackers to execute arbitrary code via a crafted payload to the bottom of the homepage in footer_info parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Emlog
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-26495 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Friendica
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-25918 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP InstaWP Connect instawp-connect.1.0.8. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD VulDB
CVSS 3.1
9.9
EPSS
0.7%
CVE-2024-24707 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 3.1
9.9
EPSS
0.6%
CVE-2024-31390 CRITICAL Act Now

: Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance allows : Code Injection.7.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2024-31380 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
9.9
EPSS
0.8%
CVE-2024-28515 CRITICAL Act Now

Buffer Overflow vulnerability in CSAPP_Lab CSAPP Lab3 15-213 Fall 20xx allows a remote attacker to execute arbitrary code via the lab3 of csapp,lab3/buflab-update.pl component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-25699 CRITICAL Act Now

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in VideoWhisper.Com VideoWhisper Live Streaming Integration allows OS Command Injection.5.15. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Videowhisper Live Streaming Integration
NVD
CVSS 3.1
9.0
EPSS
1.7%
CVE-2024-30570 MEDIUM POC This Month

An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear R6850 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2024-27951 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Themeisle Multiple Page Generator Plugin - MPG allows Upload a Web Shell to a Web Server.4.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Multiple Page Generator
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-30166 CRITICAL Act Now

In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256 bytes) in a TLS 1.3. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Stack Overflow Information Disclosure Mbed Tls
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-25864 CRITICAL Act Now

Server Side Request Forgery (SSRF) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the fpostit.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE PHP
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-29477 HIGH This Week

Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Dolibarr Erp Crm
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-27201 MEDIUM POC This Month

An improper input validation vulnerability exists in the OAS Engine User Configuration functionality of Open Automation Software OAS Platform V19.00.0057. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Automation Software
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2024-24976 MEDIUM POC This Month

A denial of service vulnerability exists in the OAS Engine File Data Source Configuration functionality of Open Automation Software OAS Platform V19.00.0057. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open Automation Software
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2024-22178 MEDIUM POC This Month

A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open Automation Software OAS Platform V19.00.0057. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Automation Software
NVD
CVSS 3.1
4.9
EPSS
0.7%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy