Skip to main content
CVE-2024-3465 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Laundry Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Laundry Shop Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-3464 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Laundry Management System 1.0 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Laundry Shop Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-3458 CRITICAL POC Act Now

A vulnerability classified as critical was found in Netentsec NS-ASG Application Security Gateway 6.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Application Security Gateway
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-3457 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Application Security Gateway
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-3456 CRITICAL POC Act Now

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Application Security Gateway
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-3455 CRITICAL POC Act Now

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Application Security Gateway
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-3445 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Laundry Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Laundry Shop Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-31807 CRITICAL POC Act Now

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Ex200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-3439 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Prison Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Prison Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-3438 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Prison Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-31815 CRITICAL POC Act Now

In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex200 Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-27632 HIGH POC This Week

An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Savane
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-3466 HIGH POC This Week

A vulnerability was found in SourceCodester Laundry Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Laundry Shop Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-24279 HIGH POC This Week

An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint Encryption Super Speed Flash Disk) allows attackers to gain escalated privileges via vsVerifyPassword and vsSetFingerPrintPower. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Secdiskapp
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-3442 HIGH POC This Week

A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Prison Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-3441 HIGH POC This Week

A vulnerability was found in SourceCodester Prison Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Prison Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-31814 HIGH POC This Week

TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex200 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
8.6%
CVE-2024-31809 HIGH POC This Week

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ex200 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-31808 HIGH POC This Week

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ex200 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-28066 HIGH POC This Week

In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 6940W Firmware 6930W Firmware 6920W Firmware 6970 Firmware +10
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-31811 HIGH POC This Week

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Ex200 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.0%
CVE-2024-27630 HIGH POC This Week

Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Savane
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-28732 HIGH POC This Week

An issue was discovered in OFPMatch in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ryu
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-31817 HIGH POC THREAT This Week

In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ex200 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
55.3%
CVE-2024-3440 HIGH POC This Week

A vulnerability was found in SourceCodester Prison Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Prison Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-3436 HIGH POC This Week

A vulnerability was found in SourceCodester Prison Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Prison Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-3437 MEDIUM POC This Month

A vulnerability was found in SourceCodester Prison Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Prison Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.1%
CVE-2024-1588 MEDIUM POC This Month

The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Sendpress
NVD WPScan
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-31805 MEDIUM POC This Month

TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to start the Telnet service without authorization via the telnet_enabled parameter in the setTelnetCfg function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex200 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-1956 MEDIUM POC This Month

The wpb-show-core WordPress plugin before 2.7 does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpb Show Core
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-1752 MEDIUM POC This Month

The Font Farsi WordPress plugin through 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Font Farsi
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-1589 MEDIUM POC This Month

The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Sendpress
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-27631 MEDIUM POC PATCH This Month

Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP CSRF Savane
NVD GitHub
CVSS 3.1
6.0
EPSS
0.4%
CVE-2024-23086 CRITICAL Act Now

Apfloat v1.10.1 was discovered to contain a stack overflow via the component org.apfloat.internal.DoubleModMath::modPow(double. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apfloat
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-31221 MEDIUM POC PATCH This Month

Sunshine is a self-hosted game stream host for Moonlight. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. Public exploit code available.

Session Fixation Information Disclosure Sunshine
NVD GitHub
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-31224 CRITICAL PATCH Act Now

GPT Academic provides interactive interfaces for large language models. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Gpt Academic
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-31022 CRITICAL Act Now

An issue was discovered in CandyCMS version 1.0.0, allows remote attackers to execute arbitrary code via the install.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection PHP RCE Candycms
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-27488 CRITICAL Act Now

Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-3463 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Laundry Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Laundry Shop Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-3443 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Prison Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-30269 MEDIUM POC THREAT This Month

DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dataease
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
16.0%
CVE-2024-22949 CRITICAL Act Now

JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Jfreechart
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-23078 CRITICAL Act Now

JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-31442 HIGH PATCH This Week

Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Roblox Purchasing Hub
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-1958 MEDIUM POC This Month

The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpb Show Core
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-28744 HIGH This Week

The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-2834 HIGH This Week

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
8.7
EPSS
0.5%
CVE-2024-1292 MEDIUM POC This Month

The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpb Show Core
NVD WPScan
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-31813 HIGH This Week

TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ex200 Firmware
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-0082 HIGH This Week

NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Nvidia Microsoft Chatrtx
NVD
CVSS 3.1
8.2
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy