Skip to main content
CVE-2024-27477 MEDIUM POC This Month

In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modification functionality, allowing attackers to inject malicious JavaScript code into the title field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XSS Leantime
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-3542 MEDIUM POC This Month

A vulnerability classified as problematic was found in Campcodes Church Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Church Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-3541 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Campcodes Church Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Church Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-3533 MEDIUM POC This Month

A vulnerability classified as problematic was found in Campcodes Complete Online Student Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Student Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-3532 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Campcodes Complete Online Student Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Student Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-3531 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Online Student Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Student Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-3530 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Online Student Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Student Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-3529 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Online Student Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Student Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-3528 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Online Student Management System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Student Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-3098 CRITICAL PATCH Act Now

A vulnerability was identified in the `exec_utils` class of the `llama_index` package, specifically within the `safe_eval` function, allowing for prompt injection leading to arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.0
9.8
EPSS
1.0%
CVE-2024-3120 CRITICAL PATCH Act Now

A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Denial Of Service Sngrep
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2024-3119 CRITICAL PATCH Act Now

A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Denial Of Service Sngrep
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2024-29296 MEDIUM POC This Month

A user enumeration vulnerability was found in Portainer CE 2.19.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Portainer
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
1.3%
CVE-2024-28345 MEDIUM POC This Month

An issue discovered in Sipwise C5 NGCP Dashboard below mr11.5.1 allows a low privileged user to access the Journal endpoint by directly visit the URL. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Next Generation Communication Platform
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-3567 MEDIUM POC This Month

A flaw was found in QEMU. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Qemu Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-31985 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Xwiki
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-3570 MEDIUM POC PATCH This Month

A stored Cross-Site Scripting (XSS) vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Anythingllm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-3526 MEDIUM POC This Month

A vulnerability has been found in Campcodes Online Event Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Event Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-3525 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Campcodes Online Event Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Event Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-3524 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Campcodes Online Event Management System 1.0.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Event Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-21507 MEDIUM POC PATCH This Month

Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Mysql2
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-23080 CRITICAL Act Now

Joda Time v2.12.5 was discovered to contain a NullPointerException via the component org.joda.time.format.PeriodFormat::wordBased(Locale). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
1.0%
CVE-2024-31461 CRITICAL Act Now

Plane, an open-source project management tool, has a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 0.17-dev. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Authentication Bypass
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-3383 CRITICAL Act Now

A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-1643 CRITICAL Act Now

By knowing an organization's ID, an attacker can join the organization without permission and gain the ability to read and modify all data within that organization. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure
NVD GitHub
CVSS 3.0
9.1
EPSS
0.7%
CVE-2024-20758 CRITICAL PATCH Act Now

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution on the. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Adobe Commerce Magento
NVD
CVSS 3.1
9.0
EPSS
1.4%
CVE-2024-26362 HIGH This Week

HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Microsoft Password Manager
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-2243 HIGH This Week

A vulnerability was found in csmock where a regular user of the OSH service (anyone with a valid Kerberos ticket) can use the vulnerability to disclose the confidential Snyk authentication token and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Csmock
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-27476 MEDIUM POC This Month

Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show#/tickets/newTicket. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Leantime
NVD GitHub
CVSS 3.1
4.7
EPSS
0.6%
CVE-2024-2428 MEDIUM POC This Month

The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Presto Player
NVD WPScan
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-31355 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery.7.8. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2023-52070 HIGH This Week

JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the 'setSeriesNeedle(int index, int type)' method. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Jfreechart
NVD GitHub VulDB
CVSS 3.1
8.4
EPSS
0.3%
CVE-2024-0218 HIGH This Week

A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
8.2
EPSS
0.6%
CVE-2024-31872 HIGH This Week

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-31871 HIGH This Week

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Python Information Disclosure Security Verify Access
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-20759 HIGH PATCH This Week

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Commerce Magento
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2024-31492 HIGH This Week

An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Forticlient
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-20772 HIGH This Week

Media Encoder versions 24.2.1, 23.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Media Encoder
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-22450 HIGH This Week

Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Dell Alienware Command Center
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-31240 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in InfoTheme WP Poll Maker.1. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Wp Poll Maker
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2024-31259 HIGH This Week

Insertion of Sensitive Information into Log File vulnerability in Searchiq SearchIQ.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Searchiq
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-31343 HIGH This Week

Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.10.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mp3 Audio Player For Music Radio Podcast
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-23076 HIGH This Week

JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /labels/BubbleXYItemLabelGenerator.java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Jfreechart
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-31356 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log.8. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2024-23077 HIGH This Week

JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the component /chart/plot/CompassPlot.java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Jfreechart
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-31358 HIGH This Week

Missing Authorization vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.2.67. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-31297 HIGH This Week

Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Wholesale For Woocommerce
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-3385 HIGH This Week

A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-3384 HIGH This Week

A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Microsoft Pan Os
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-3382 HIGH This Week

A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Denial Of Service Pan Os
NVD
CVSS 3.1
7.5
EPSS
0.9%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy