Skip to main content
CVE-2024-3400 CRITICAL POC KEV THREAT Emergency

Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection via arbitrary file creation (CVSS 10.0) allowing unauthenticated root-level RCE, triggering an emergency patching directive from CISA in April 2024.

NVD Exploit-DB
CVSS 3.1
10.0
EPSS
94.3%
Threat
9.8
CVE-2023-51409 CRITICAL POC THREAT Emergency

Unrestricted file upload in Jordy Meow's AI Engine: ChatGPT Chatbot plugin for WordPress (versions up to and including 1.9.98) allows remote attackers to upload arbitrary files of dangerous types, including executable PHP scripts, leading to remote code execution on the underlying web server. With a maximum CVSS score of 10.0, an EPSS score of 92.78% (100th percentile), and publicly available exploit code, this represents an extreme-priority issue for any WordPress site running the plugin.

File Upload Ai Engine
NVD GitHub
CVSS 3.1
10.0
EPSS
92.8%
Threat
6.3
CVE-2024-30850 POC PATCH THREAT Act Now

DO NOT USE THIS CVE RECORD. Public exploit code available and EPSS exploitation probability 80.5%.

Information Disclosure Chaos
NVD VulDB
EPSS
80.5%
CVE-2024-3691 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in PHPGurukul Small CRM 3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Small Crm
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-31818 CRITICAL POC Act Now

Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary code via the page parameter of the kiosk.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal PHP Derbynet
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-28718 CRITICAL POC PATCH Act Now

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Magnum
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-3698 HIGH POC This Week

A vulnerability was found in Campcodes House Rental Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP House Rental Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-3697 HIGH POC This Week

A vulnerability was found in Campcodes House Rental Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP House Rental Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-3696 HIGH POC This Week

A vulnerability was found in Campcodes House Rental Management System 1.0 and classified as critical.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP House Rental Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-3690 HIGH POC This Week

A vulnerability classified as critical was found in PHPGurukul Small CRM 3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Small Crm
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-31839 MEDIUM POC This Month

Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

XSS Chaos
NVD GitHub
CVSS 3.1
4.8
EPSS
8.1%
CVE-2024-3686 HIGH POC This Week

A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Dedecms
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-29400 HIGH POC This Week

An issue was discovered in RuoYi v4.5.1, allows attackers to obtain sensitive information via the status parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ruoyi
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-3054 HIGH PATCH Act Now

WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.5%.

Deserialization PHP Information Disclosure WordPress Migration Backup Staging
NVD
CVSS 3.1
7.2
EPSS
20.5%
CVE-2024-29461 MEDIUM POC This Month

An issue in Floodlight SDN OpenFlow Controller v.1.2 allows a remote attacker to cause a denial of service via the datapath id component. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open Sdn Controller
NVD GitHub
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-22734 MEDIUM POC This Month

An issue was discovered in AMCS Group Trux Waste Management Software before version 7.19.0018.26912, allows local attackers to obtain sensitive information via a static, hard-coded AES Key-IV pair in. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Trux Waste Management
NVD
CVSS 3.1
6.2
EPSS
0.7%
CVE-2024-30845 MEDIUM POC This Month

Cross Site Scripting vulnerability in Rainbow external link network disk v.5.5 allows a remote attacker to execute arbitrary code via the validation component of the input parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection XSS RCE Rainbow External Link Network Disk
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-3704 CRITICAL Act Now

SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Opengnsys
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-3685 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in DedeCMS 5.7.112-UTF8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Dedecms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-28878 CRITICAL Act Now

IO-1020 Micro ELD downloads source code or an executable from an adjacent location and executes the code without sufficiently verifying the origin or integrity of the code. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.6
EPSS
0.3%
CVE-2024-3695 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Computer Laboratory Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Computer Laboratory Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-3092 MEDIUM POC This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-2279 MEDIUM POC This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-30407 CRITICAL Act Now

The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper
NVD
CVSS 4.0
9.2
EPSS
0.7%
CVE-2024-3211 HIGH This Week

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to SQL Injection via the 'productid' attribute of the ec_addtocart shortcode in all versions up to, and including, 5.6.3 due to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-51515 HIGH This Week

Missing Authorization vulnerability in Undsgn Uncode Core allows Privilege Escalation.8.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-32003 HIGH PATCH This Week

wn-dusk-plugin (Dusk plugin) is a plugin which integrates Laravel Dusk browser testing into Winter CMS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation PHP Google
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-29022 HIGH This Week

Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-22358 HIGH This Week

IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Devops Deploy Urbancode Deploy
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-3705 HIGH This Week

Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Opengnsys
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-30398 HIGH This Week

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Juniper Denial Of Service Junos
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-30397 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2024-30392 HIGH This Week

A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Juniper Denial Of Service Junos
NVD
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-30382 HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-30405 HIGH This Week

An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-30395 HIGH This Week

An Improper Validation of Specified Type of Input vulnerability in Routing Protocol Daemon (RPD) of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause Denial of. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-30394 HIGH This Week

A Stack-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) component of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an rpd crash,. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Juniper Denial Of Service Junos +1
NVD
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-21598 HIGH This Week

An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-30381 HIGH This Week

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Juniper Networks Paragon Active Assurance Control Center allows a network-adjacent attacker with root access to a Test. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Juniper Paragon Active Assurance Control Center
NVD
CVSS 4.0
8.4
EPSS
0.5%
CVE-2024-32005 HIGH PATCH This Week

NiceGUI is an easy-to-use, Python-based UI framework. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Python
NVD GitHub
CVSS 3.1
8.2
EPSS
0.8%
CVE-2024-30402 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated,. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.2
EPSS
0.5%
CVE-2024-30401 HIGH This Week

An Out-of-bounds Read vulnerability in the advanced forwarding management process aftman of Juniper Networks Junos OS on MX Series with MPC10E, MPC11, MX10K-LC9600 line cards, MX304, and EX9200-15C,. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Juniper Junos
NVD
CVSS 4.0
8.2
EPSS
0.6%
CVE-2024-25545 HIGH This Week

An issue in Weave Weave Desktop v.7.78.10 allows a local attacker to execute arbitrary code via a crafted script to the nwjs framework component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Weave Desktop
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-28869 HIGH PATCH This Week

Traefik is an HTTP reverse proxy and load balancer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Traefik
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-3706 HIGH This Week

Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Opengnsys
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-31069 HIGH This Week

IO-1020 Micro ELD web server uses a default password for authentication. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2024-30210 HIGH This Week

IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2024-27309 HIGH PATCH This Week

While an Apache Kafka cluster is being migrated from ZooKeeper mode to KRaft mode, in some cases ACLs will not be correctly enforced. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Apache Kafka
NVD
CVSS 3.1
7.4
EPSS
1.1%
CVE-2024-29023 HIGH This Week

Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-30403 HIGH This Week

A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
7.1
EPSS
0.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy