Skip to main content
CVE-2024-31819 CRITICAL POC PATCH THREAT Act Now

An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Avideo
NVD GitHub
CVSS 3.1
9.8
EPSS
15.6%
CVE-2024-31214 CRITICAL POC PATCH THREAT Act Now

Traccar is an open source GPS tracking system. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS File Upload Traccar
NVD GitHub
CVSS 3.1
9.6
EPSS
17.6%
CVE-2024-24809 HIGH POC THREAT Act Now

Traccar is an open source GPS tracking system. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal XSS File Upload
NVD GitHub
CVSS 3.1
8.5
EPSS
54.4%
CVE-2024-3566 CRITICAL POC Act Now

Command injection via Windows CreateProcess argument parsing affects multiple language runtimes and tooling (Node.js, PHP, Rust, Haskell process library, yt-dlp) that wrap the API without compensating for its quirks. Remote attackers can smuggle additional commands through arguments passed to child processes when applications spawn batch files or otherwise rely on CreateProcess's implicit cmd.exe handling. Publicly available exploit code exists and EPSS of 7.09% (92nd percentile) signals elevated, though not confirmed in-the-wild, exploitation interest; this CVE is not listed in CISA KEV.

Command Injection Microsoft Process Library Node Js PHP +2
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
7.1%
CVE-2024-3025 CRITICAL POC PATCH Act Now

mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Anythingllm
NVD GitHub
CVSS 3.0
9.9
EPSS
1.0%
CVE-2024-31996 CRITICAL POC PATCH Act Now

XWiki Platform is a generic wiki platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection RCE Xwiki
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2024-31982 CRITICAL POC PATCH THREAT Act Now

XWiki Platform is a generic wiki platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection RCE Xwiki
NVD GitHub
CVSS 3.1
9.8
EPSS
34.3%
CVE-2024-29500 CRITICAL POC Act Now

An issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows attackers to execute arbitrary code via running a ClickOnce application instance. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Secure Lockdown
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-2952 CRITICAL POC PATCH MAL Act Now

BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Litellm
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2024-2221 CRITICAL POC PATCH Act Now

{COLLECTION}/snapshots/upload` endpoint, specifically through the `snapshot` parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass RCE Path Traversal File Upload Qdrant
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2024-2195 CRITICAL POC Act Now

A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the `/api/runs/search/run/` endpoint, affecting versions >= 3.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Aim
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2024-2029 CRITICAL POC PATCH Act Now

A command injection vulnerability exists in the `TranscriptEndpoint` of mudler/localai, specifically within the `audioToWav` function used for converting audio files to WAV format for transcription. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Command Injection Localai
NVD GitHub
CVSS 3.0
9.8
EPSS
2.9%
CVE-2024-1520 CRITICAL POC PATCH THREAT Act Now

An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Command Injection Lollms Web Ui
NVD GitHub
CVSS 3.0
9.8
EPSS
48.2%
CVE-2024-1511 CRITICAL POC Act Now

The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Lollms Web Ui
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2024-3535 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in Campcodes Church Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Church Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-3534 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in Campcodes Church Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Church Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-3568 CRITICAL POC PATCH Act Now

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()`. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization RCE Checkpoint Transformers
NVD GitHub
CVSS 3.1
9.6
EPSS
2.1%
CVE-2024-1600 CRITICAL POC PATCH THREAT Act Now

A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

LFI PHP Path Traversal Lollms Web Ui
NVD GitHub
CVSS 3.0
9.3
EPSS
31.1%
CVE-2024-1741 CRITICAL POC PATCH Act Now

lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Lunary
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-1740 CRITICAL POC PATCH Act Now

In lunary-ai/lunary version 1.0.1, a vulnerability exists where a user removed from an organization can still read, create, modify, and delete logs by re-using an old authorization token. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Lunary
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-31997 HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
73.9%
CVE-2024-31988 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Python CSRF Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-31987 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-31986 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-31984 HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
83.0%
CVE-2024-31983 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-31981 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-31465 HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
75.6%
CVE-2024-29269 HIGH POC This Week

An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tlr 2005Ksh Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
5.8%
CVE-2024-2196 HIGH POC This Week

aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Aim
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2024-27474 HIGH POC This Week

Leantime 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Leantime
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-3540 HIGH POC This Week

A vulnerability was found in Campcodes Church Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Church Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-3539 HIGH POC This Week

A vulnerability was found in Campcodes Church Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Church Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-3538 HIGH POC This Week

A vulnerability was found in Campcodes Church Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Church Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-3537 HIGH POC This Week

A vulnerability was found in Campcodes Church Management System 1.0 and classified as critical.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Church Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-3536 HIGH POC This Week

A vulnerability has been found in Campcodes Church Management System 1.0 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Church Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-29504 HIGH POC This Week

Cross Site Scripting vulnerability in Summernote v.0.8.18 and before allows a remote attacker to execute arbtirary code via a crafted payload to the codeview parameter. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Summernote
NVD GitHub
CVSS 3.1
7.6
EPSS
0.7%
CVE-2024-29903 HIGH POC PATCH This Week

Cosign provides code signing and transparency for containers and binaries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Cosign
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-3569 HIGH POC PATCH This Week

A Denial of Service (DoS) vulnerability exists in the mintplex-labs/anything-llm repository when the application is running in 'just me' mode with a password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Anythingllm
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2024-2217 HIGH POC PATCH This Week

gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the `config.json` file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Chuanhuchatgpt
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2024-1902 HIGH POC PATCH This Week

lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Lunary
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-1728 HIGH POC PATCH THREAT This Week

gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal File Upload Gradio
NVD GitHub
CVSS 3.1
7.5
EPSS
85.4%
CVE-2024-3283 HIGH POC PATCH This Week

A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Anythingllm
NVD GitHub
CVSS 3.0
7.2
EPSS
0.9%
CVE-2024-3101 HIGH POC PATCH This Week

In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Anythingllm
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-29460 MEDIUM POC This Month

An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate the flight path allowing for crashes of the drone via the home point location of the mission_block.cpp component. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Px4 Drone Autopilot
NVD GitHub
CVSS 3.1
6.6
EPSS
0.2%
CVE-2024-29502 MEDIUM POC This Month

An issue in Secure Lockdown Multi Application Edition v2.00.219 allows attackers to read arbitrary files via using UNC paths. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Secure Lockdown
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-3515 MEDIUM POC This Month

Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-1625 MEDIUM POC PATCH This Month

An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Lunary
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-21509 MEDIUM POC PATCH This Month

Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Mysql2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-1602 MEDIUM POC This Month

parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XSS) that leads to Remote Code Execution (RCE). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Lollms Web Ui
NVD
CVSS 3.1
6.1
EPSS
0.7%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy