Skip to main content
CVE-2024-3740 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in cym1102 nginxWebUI up to 3.9.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Nginxwebui
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-3739 CRITICAL POC Act Now

A vulnerability classified as critical was found in cym1102 nginxWebUI up to 3.9.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Nginxwebui
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.9%
CVE-2024-3738 CRITICAL POC Act Now

A vulnerability classified as critical has been found in cym1102 nginxWebUI up to 3.9.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nginxwebui
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-3737 CRITICAL POC Act Now

A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Nginxwebui
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-3719 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Campcodes House Rental Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP House Rental Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-3736 HIGH POC This Week

A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Nginxwebui
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-3721 MEDIUM POC THREAT This Month

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
86.5%
CVE-2024-2583 MEDIUM POC This Month

The WP Shortcodes Plugin - Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Shortcodes Ultimate
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-32487 HIGH PATCH This Week

less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Command Injection Less Debian Linux Bootstrap Os Hci Storage Nodes +1
NVD GitHub
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-1957 MEDIUM PATCH This Month

The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'give_form' shortcode in all versions up to, and including,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Givewp
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-3027 MEDIUM This Month

The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the upload function in all versions up to, and including, 3.5.1.22. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-3735 MEDIUM This Month

A vulnerability was found in Smart Office up to 20240405. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Brute Force Information Disclosure Microsoft
NVD VulDB
CVSS 4.0
6.3
EPSS
0.6%
CVE-2024-3720 MEDIUM This Month

A vulnerability has been found in Tianwell Fire Intelligent Command Platform 1.1.1.1 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-26817 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing the multiplication which might. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2023-6494 MEDIUM PATCH This Month

The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.2 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wpc Smart Quick View For Woocommerce
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-3662 MEDIUM This Month

The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpzoom_instagram_clear_data() function in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy