Skip to main content
CVE-2024-28741 HIGH POC THREAT Act Now

Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS
NVD GitHub
CVSS 3.1
8.8
EPSS
78.2%
CVE-2024-3413 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Human Resource Information System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Human Resource Information System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-3376 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Computer Laboratory Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-3366 CRITICAL POC Act Now

A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Xxl Job
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-3363 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Library System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Library System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-3360 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Online Library System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Library System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-3359 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Online Library System 1.0.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Library System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-3369 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in code-projects Car Rental 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Car Rental
NVD VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-3362 HIGH POC This Week

A vulnerability was found in SourceCodester Online Library System 1.0 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Library System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-3361 HIGH POC This Week

A vulnerability has been found in SourceCodester Online Library System 1.0 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Library System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-27620 HIGH POC This Week

An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to obtain sensitive information via a crafted request to the API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF
NVD Exploit-DB VulDB
CVSS 3.1
7.5
EPSS
2.7%
CVE-2024-3378 MEDIUM POC THREAT This Month

A vulnerability has been found in iboss Secure Web Gateway up to 10.1 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Secure Web Gateway
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
22.0%
CVE-2024-3377 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Computer Laboratory Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Computer Laboratory Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-3358 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Aplaya Beach Resort Online Reservation System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-25029 CRITICAL Act Now

IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Buffer Overflow Microsoft RCE Privilege Escalation +1
NVD
CVSS 3.1
10.0
EPSS
0.8%
CVE-2024-3365 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Library System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Library System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-3364 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Library System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Library System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-3415 MEDIUM POC This Month

A vulnerability was found in SourceCodester Human Resource Information System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Human Resource Information System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-3414 MEDIUM POC This Month

A vulnerability was found in SourceCodester Human Resource Information System 1.0 and classified as problematic.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Human Resource Information System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-3158 HIGH This Week

Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-3156 HIGH This Week

Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Chrome
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-2444 MEDIUM POC This Month

The Inline Related Posts WordPress plugin before 3.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Inline Related Posts
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-0406 HIGH This Week

A flaw was discovered in the mholt/archiver package. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Archiver Advanced Cluster Security Openshift Container Platform
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2024-24746 HIGH PATCH This Week

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Denial Of Service Nimble
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-22328 HIGH This Week

IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Maximo Application Suite
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-1385 HIGH PATCH This Week

The WP-Stateless - Google Cloud Storage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the dismiss_notices() function in all versions up to, and. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Google WordPress Wp Stateless
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-1428 MEDIUM PATCH This Month

The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Element Pack
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-0837 MEDIUM PATCH This Month

The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Element Pack
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-3245 MEDIUM PATCH This Month

The EmbedPress - Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Google XSS WordPress Embedpress
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2949 MEDIUM PATCH This Month

The Carousel, Slider, Gallery by WP Carousel - Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce plugin for WordPress is vulnerable to Stored. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wp Carousel
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2471 MEDIUM PATCH This Month

The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image attachment fields (such as 'Title', 'Alt Text', 'Custom URL', 'Custom Class', and 'Override Type') in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Foogallery
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2132 MEDIUM This Month

The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Widget in all versions up to, and including, 1.4.0 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Ultimate Bootstrap Elements For Elementor Elementor Bootstrap
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2458 MEDIUM PATCH This Month

The Powerkit - Supercharge your WordPress Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.9.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Powerkit
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2296 MEDIUM PATCH This Month

The Photo Gallery by 10Web - Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Photo Gallery
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-3216 MEDIUM This Month

The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Woocommerce Pdf Invoices Packing Slips Delivery Notes And Shipping Labels
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-2950 MEDIUM This Month

The BoldGrid Easy SEO - Simple and Effective SEO plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.14 via meta information (og:description) This. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Easy Seo
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-2656 MEDIUM This Month

The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a CSV import in. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-1994 MEDIUM This Month

The Image Watermark plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the watermark_action_ajax() function in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy