Skip to main content
CVE-2024-31678 CRITICAL POC Act Now

Sourcecodester Loan Management System v1.0 is vulnerable to SQL Injection via the "password" parameter in the "login.php" file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Loan Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-29937 CRITICAL POC Act Now

NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Buffer Overflow Freebsd Openbsd
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2024-22718 CRITICAL POC Act Now

Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the client_id parameter in the application URL. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Form Tools
NVD
CVSS 3.1
9.6
EPSS
0.7%
CVE-2024-25852 HIGH POC THREAT This Week

Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Linksys Re7000 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
16.5%
CVE-2024-22719 HIGH POC This Week

SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary SQL commands via the 'keyword' when searching for a client. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Form Tools
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-51142 HIGH POC This Week

An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Biotime
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-29399 HIGH POC This Week

An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component. Rated high severity (CVSS 7.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Savane
NVD GitHub
CVSS 3.1
7.6
EPSS
0.9%
CVE-2024-28458 HIGH POC This Week

Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 allows attackers to crash the appliation via the function compileSWFActionCode in action/actioncompiler.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Swftools
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-22722 HIGH POC This Week

Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Form Tools
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-3621 HIGH POC This Week

A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Microsoft Advocate Office Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-3620 HIGH POC This Week

A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Microsoft Advocate Office Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-3619 HIGH POC This Week

A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Microsoft Advocate Office Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-3618 HIGH POC This Week

A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Microsoft Advocate Office Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-3617 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Microsoft Advocate Office Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-30916 HIGH POC This Week

An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted max_samples parameter in. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fast Dds
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-30884 HIGH POC This Week

Reflected Cross-Site Scripting (XSS) vulnerability in Discuz!. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Discuzx
NVD GitHub
CVSS 3.1
7.1
EPSS
0.5%
CVE-2023-51141 MEDIUM POC This Month

An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Biotime
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-22721 MEDIUM POC This Month

Cross Site Request Forgery (CSRF) vulnerability in Form Tools 3.1.1 allows attackers to manipulate sensitive user data via crafted link. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Form Tools
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-22717 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the First Name field in the application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Form Tools
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-30885 MEDIUM POC This Month

Reflected Cross-Site Scripting (XSS) vulnerability in HadSky v7.6.3, allows remote attackers to execute arbitrary code and obtain sensitive information via the chklogin.php component . Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Hadsky
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-30879 MEDIUM POC This Month

Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rageframe
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-30878 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection XSS RCE Rageframe
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-25912 CRITICAL Act Now

Missing Authorization vulnerability in Skymoonlabs MoveTo.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-28402 MEDIUM POC This Month

TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

XSS X2000r Firmware
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-21508 CRITICAL PATCH Act Now

Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2024-27683 CRITICAL Act Now

D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function hnap_main. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow D-Link Go Rt Ac750 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-30917 MEDIUM POC This Month

An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted history_depth parameter in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fast Dds
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-0881 MEDIUM POC THREAT This Month

The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not have proper authorization, resulting in password protected posts to be. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Post Grid
NVD WPScan
CVSS 3.1
5.4
EPSS
16.9%
CVE-2024-30880 MEDIUM POC This Month

Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rageframe
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-3616 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Warehouse Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Warehouse Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-3614 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Warehouse Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Warehouse Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-3613 MEDIUM POC This Month

A vulnerability was found in SourceCodester Warehouse Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Warehouse Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-3612 MEDIUM POC This Month

A vulnerability was found in SourceCodester Warehouse Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Warehouse Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-25572 HIGH This Week

Cross-site request forgery (CSRF) vulnerability exists in Ninja Forms prior to 3.4.31. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ninja Forms
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-30883 MEDIUM POC This Month

Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rageframe
NVD GitHub
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-27592 MEDIUM POC This Month

Open Redirect vulnerability in Corezoid Process Engine v6.5.0 allows attackers to redirect to arbitrary websites via appending a crafted link to /login/ in the login page URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Corezoid
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-30915 MEDIUM POC This Month

An issue was discovered in OpenDDS commit b1c534032bb62ad4ae32609778de6b8d6c823a66, allows a local attacker to cause a denial of service and obtain sensitive information via the max_samples parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Opendds
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-29019 HIGH PATCH This Week

ESPHome is a system to control microcontrollers remotely through Home Automation systems. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD GitHub
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-25376 HIGH This Week

An issue discovered in Thesycon Software Solutions Gmbh & Co. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection RCE Tusbaudio
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-30273 HIGH This Week

Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-30272 HIGH This Week

Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-30271 HIGH This Week

Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-20797 HIGH This Week

Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Animate
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-20795 HIGH This Week

Animate versions 23.0.4, 24.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Animate
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-2740 HIGH This Week

Information exposure vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2023-51672 HIGH This Week

Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.10.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-6811 HIGH This Week

The Language Translate Widget for WordPress - ConveyThis plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key’ parameter in all versions up to, and including, 223 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-27992 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Whisper Link Whisper Free allows Reflected XSS.6.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-31285 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Tooltip WordPress Tooltips allows Stored XSS.5.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-2741 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
7.1
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy