Skip to main content
CVE-2024-24809 HIGH POC THREAT Act Now

Traccar is an open source GPS tracking system. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal XSS File Upload
NVD GitHub
CVSS 3.1
8.5
EPSS
54.4%
CVE-2024-31997 HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
73.9%
CVE-2024-31988 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Python CSRF Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-31987 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-31986 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-31984 HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
83.0%
CVE-2024-31983 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-31981 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-31465 HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
75.6%
CVE-2024-29269 HIGH POC This Week

An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tlr 2005Ksh Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
5.8%
CVE-2024-2196 HIGH POC This Week

aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Aim
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2024-27474 HIGH POC This Week

Leantime 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Leantime
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-3540 HIGH POC This Week

A vulnerability was found in Campcodes Church Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Church Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-3539 HIGH POC This Week

A vulnerability was found in Campcodes Church Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Church Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-3538 HIGH POC This Week

A vulnerability was found in Campcodes Church Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Church Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-3537 HIGH POC This Week

A vulnerability was found in Campcodes Church Management System 1.0 and classified as critical.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Church Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-3536 HIGH POC This Week

A vulnerability has been found in Campcodes Church Management System 1.0 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Church Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-29504 HIGH POC This Week

Cross Site Scripting vulnerability in Summernote v.0.8.18 and before allows a remote attacker to execute arbtirary code via a crafted payload to the codeview parameter. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Summernote
NVD GitHub
CVSS 3.1
7.6
EPSS
0.7%
CVE-2024-29903 HIGH POC PATCH This Week

Cosign provides code signing and transparency for containers and binaries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Cosign
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-3569 HIGH POC PATCH This Week

A Denial of Service (DoS) vulnerability exists in the mintplex-labs/anything-llm repository when the application is running in 'just me' mode with a password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Anythingllm
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2024-2217 HIGH POC PATCH This Week

gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the `config.json` file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Chuanhuchatgpt
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2024-1902 HIGH POC PATCH This Week

lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Lunary
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-1728 HIGH POC PATCH THREAT This Week

gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal File Upload Gradio
NVD GitHub
CVSS 3.1
7.5
EPSS
85.4%
CVE-2024-3283 HIGH POC PATCH This Week

A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Anythingllm
NVD GitHub
CVSS 3.0
7.2
EPSS
0.9%
CVE-2024-3101 HIGH POC PATCH This Week

In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Anythingllm
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-26362 HIGH This Week

HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Microsoft Password Manager
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-2243 HIGH This Week

A vulnerability was found in csmock where a regular user of the OSH service (anyone with a valid Kerberos ticket) can use the vulnerability to disclose the confidential Snyk authentication token and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Csmock
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-31355 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery.7.8. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2023-52070 HIGH This Week

JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the 'setSeriesNeedle(int index, int type)' method. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Jfreechart
NVD GitHub VulDB
CVSS 3.1
8.4
EPSS
0.3%
CVE-2024-0218 HIGH This Week

A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
8.2
EPSS
0.6%
CVE-2024-31872 HIGH This Week

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-31871 HIGH This Week

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Python Information Disclosure Security Verify Access
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-20759 HIGH PATCH This Week

Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Commerce Magento
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2024-31492 HIGH This Week

An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Forticlient
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-20772 HIGH This Week

Media Encoder versions 24.2.1, 23.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Media Encoder
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-22450 HIGH This Week

Dell Alienware Command Center, versions prior to 6.2.7.0, contain an uncontrolled search path element vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Dell Alienware Command Center
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-31240 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in InfoTheme WP Poll Maker.1. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Wp Poll Maker
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2024-31259 HIGH This Week

Insertion of Sensitive Information into Log File vulnerability in Searchiq SearchIQ.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Searchiq
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-31343 HIGH This Week

Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.10.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mp3 Audio Player For Music Radio Podcast
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-23076 HIGH This Week

JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /labels/BubbleXYItemLabelGenerator.java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Jfreechart
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-31356 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log.8. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2024-23077 HIGH This Week

JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the component /chart/plot/CompassPlot.java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Jfreechart
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-31358 HIGH This Week

Missing Authorization vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.2.67. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-31297 HIGH This Week

Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Wholesale For Woocommerce
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-3385 HIGH This Week

A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-3384 HIGH This Week

A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Microsoft Pan Os
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-3382 HIGH This Week

A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto Denial Of Service Pan Os
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-31873 HIGH This Week

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Security Verify Access
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-3020 HIGH This Week

The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the 'shortcode' parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-31999 HIGH PATCH This Week

@festify/secure-session creates a secure stateless cookie session for Fastify. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.4
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy