Skip to main content
CVE-2024-25852 HIGH POC THREAT This Week

Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Linksys Re7000 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
16.5%
CVE-2024-22719 HIGH POC This Week

SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary SQL commands via the 'keyword' when searching for a client. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Form Tools
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-51142 HIGH POC This Week

An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Biotime
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-29399 HIGH POC This Week

An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component. Rated high severity (CVSS 7.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Savane
NVD GitHub
CVSS 3.1
7.6
EPSS
0.9%
CVE-2024-28458 HIGH POC This Week

Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 allows attackers to crash the appliation via the function compileSWFActionCode in action/actioncompiler.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Swftools
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-22722 HIGH POC This Week

Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Form Tools
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-3621 HIGH POC This Week

A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Microsoft Advocate Office Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-3620 HIGH POC This Week

A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Microsoft Advocate Office Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-3619 HIGH POC This Week

A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Microsoft Advocate Office Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-3618 HIGH POC This Week

A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Microsoft Advocate Office Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-3617 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Microsoft Advocate Office Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-30916 HIGH POC This Week

An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted max_samples parameter in. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fast Dds
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-30884 HIGH POC This Week

Reflected Cross-Site Scripting (XSS) vulnerability in Discuz!. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Discuzx
NVD GitHub
CVSS 3.1
7.1
EPSS
0.5%
CVE-2024-25572 HIGH This Week

Cross-site request forgery (CSRF) vulnerability exists in Ninja Forms prior to 3.4.31. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ninja Forms
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-29019 HIGH PATCH This Week

ESPHome is a system to control microcontrollers remotely through Home Automation systems. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD GitHub
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-25376 HIGH This Week

An issue discovered in Thesycon Software Solutions Gmbh & Co. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection RCE Tusbaudio
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-30273 HIGH This Week

Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-30272 HIGH This Week

Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-30271 HIGH This Week

Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-20797 HIGH This Week

Animate versions 23.0.4, 24.0.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Animate
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-20795 HIGH This Week

Animate versions 23.0.4, 24.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Animate
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-2740 HIGH This Week

Information exposure vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2023-51672 HIGH This Week

Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.10.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-6811 HIGH This Week

The Language Translate Widget for WordPress - ConveyThis plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key’ parameter in all versions up to, and including, 223 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-27992 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Whisper Link Whisper Free allows Reflected XSS.6.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-31285 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Tooltip WordPress Tooltips allows Stored XSS.5.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-2741 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy