Skip to main content
CVE-2024-3425 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Courseware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-3424 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Online Courseware 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Courseware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-3423 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Courseware 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Courseware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-3422 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Courseware 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Courseware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-3421 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Courseware 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Courseware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-3420 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Courseware 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Courseware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-3419 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Online Courseware 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Courseware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-3418 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Online Courseware 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Courseware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-3417 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Online Courseware 1.0.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Courseware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-3416 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Online Courseware 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Courseware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-3432 HIGH POC This Week

A vulnerability was found in PuneethReddyHC Event Management 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Event Management
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-3428 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Online Courseware 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Courseware
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-31286 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.6%
CVE-2024-31280 CRITICAL PATCH Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in andy_moyle Church Admin church-admin.1.5. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload
NVD VulDB
CVSS 3.1
9.9
EPSS
0.4%
CVE-2024-3433 MEDIUM POC This Month

A vulnerability classified as problematic has been found in PuneethReddyHC Event Management 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Event Management
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-3427 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Online Courseware 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Courseware
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-3426 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Online Courseware 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Courseware
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-31345 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Sukhchain Singh Auto Poster.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2024-30415 CRITICAL Act Now

Vulnerability of improper permission control in the window management module. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-3431 HIGH This Week

A vulnerability was found in EyouCMS 1.6.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Eyoucms
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-31277 HIGH This Week

Deserialization of Untrusted Data vulnerability in PickPlugins Product Designer.0.32. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD
CVSS 3.1
8.7
EPSS
0.4%
CVE-2024-31234 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sizam REHub Framework.6.2. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2024-31233 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sizam Rehub.6.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2024-31260 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WisdmLabs Edwiser Bridge.0.2. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Edwiser Bridge
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2024-31241 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress LearnPress Export Import.0.3. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2024-30418 HIGH This Week

Vulnerability of insufficient permission verification in the app management module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-30417 HIGH This Week

Path traversal vulnerability in the Bluetooth-based sharing module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-30416 HIGH This Week

Use After Free (UAF) vulnerability in the underlying driver module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-30414 HIGH This Week

Command injection vulnerability in the AccountManager module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-30413 HIGH This Week

Vulnerability of improper permission control in the window management module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-31292 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.1.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-31288 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize.2.11. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2024-31255 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts allows Reflected XSS.1.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-31256 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebinarPress allows Reflected XSS.33.10. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-6877 MEDIUM PATCH This Month

The RSS Aggregator by Feedzy - Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Rss Aggregator By Feedzy
NVD VulDB
CVSS 3.1
6.4
EPSS
0.7%
CVE-2024-31306 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.5.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Essential Blocks
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-31236 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.3.93. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Royal Elementor Addons Elementor
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-31348 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Testimonials allows Stored XSS.0.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-31349 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch MailMunch - Grow your Email List allows Stored XSS.1.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mailmunch
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-31346 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blocksmarket Gradient Text Widget for Elementor allows Stored XSS.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-31258 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Micro.Company Form to Chat App allows Stored XSS.1.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-31257 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Formsite Formsite | Embed online forms to collect orders, registrations, leads, and surveys. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-31951 MEDIUM PATCH This Month

In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Frrouting
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-31950 MEDIUM PATCH This Month

In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Frrouting
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-31949 MEDIUM PATCH This Month

In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Frrouting
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-31948 MEDIUM PATCH This Month

In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Frrouting
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-31344 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phpbits Creative Studio Easy Login Styler - White Label Admin Login Page for WordPress allows. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-31308 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in VJInfotech WP Import Export Lite.9.26. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Wp Import Export Lite
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-22155 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.5.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-31291 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.7.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Profilegrid
NVD
CVSS 3.1
4.3
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy