Skip to main content
CVE-2024-28741 HIGH POC THREAT Act Now

Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS
NVD GitHub
CVSS 3.1
8.8
EPSS
78.2%
CVE-2024-3369 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in code-projects Car Rental 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Car Rental
NVD VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-3362 HIGH POC This Week

A vulnerability was found in SourceCodester Online Library System 1.0 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Library System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-3361 HIGH POC This Week

A vulnerability has been found in SourceCodester Online Library System 1.0 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Library System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-27620 HIGH POC This Week

An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to obtain sensitive information via a crafted request to the API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF
NVD Exploit-DB VulDB
CVSS 3.1
7.5
EPSS
2.7%
CVE-2024-3158 HIGH This Week

Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-3156 HIGH This Week

Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Chrome
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-0406 HIGH This Week

A flaw was discovered in the mholt/archiver package. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Archiver Advanced Cluster Security Openshift Container Platform
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2024-24746 HIGH PATCH This Week

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Denial Of Service Nimble
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-22328 HIGH This Week

IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Maximo Application Suite
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-1385 HIGH PATCH This Week

The WP-Stateless - Google Cloud Storage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the dismiss_notices() function in all versions up to, and. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Google WordPress Wp Stateless
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy