Skip to main content
CVE-2024-32128 CRITICAL POC THREAT Emergency

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Realtyna Realtyna Organic IDX plugin.14.4. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.0%.

SQLi
NVD
CVSS 3.1
9.3
EPSS
11.0%
CVE-2024-32136 HIGH Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xenioushk BWL Advanced FAQ Manager.0.3. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 32.8% and no vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
32.8%
CVE-2024-28557 CRITICAL POC Act Now

SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Php Task Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-28556 CRITICAL POC Act Now

SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Php Task Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-28056 CRITICAL POC PATCH Act Now

Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Authentication Bypass Amplify Cli
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-3797 CRITICAL POC Act Now

A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Qr Code Bookmark System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-3770 CRITICAL POC Act Now

A vulnerability has been found in PHPGurukul Student Record System 3.20 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-3769 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-31650 CRITICAL POC Act Now

A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cosmetics And Beauty Product Online Store
NVD GitHub
CVSS 3.1
9.6
EPSS
0.8%
CVE-2024-28558 HIGH POC This Week

SQL Injection vulnerability in sourcecodester Petrol pump management software v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Petrol Pump Management
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-22014 HIGH POC This Week

An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft 360 Total Security
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-3771 HIGH POC This Week

A vulnerability was found in PHPGurukul Student Record System 3.20 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-1755 HIGH POC This Week

The NPS computy WordPress plugin through 2.7.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow WordPress CSRF Nps Computy
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-2739 HIGH POC This Week

The Advanced Search WordPress plugin through 1.1.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Advanced Search
NVD WPScan
CVSS 3.1
8.7
EPSS
0.3%
CVE-2024-0399 HIGH POC This Week

The WooCommerce Customers Manager WordPress plugin before 29.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Woocommerce Customers Manager
NVD WPScan Exploit-DB
CVSS 3.1
8.1
EPSS
2.9%
CVE-2024-3772 HIGH POC PATCH This Week

Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Pydantic Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-1307 MEDIUM POC This Month

The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Smart Forms
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-31651 MEDIUM POC This Month

A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cosmetics And Beauty Product Online Store
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-31652 MEDIUM POC This Month

A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cosmetics And Beauty Product Online Store
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-31648 MEDIUM POC This Month

Cross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection XSS RCE Insurance Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-2857 MEDIUM POC This Month

The Simple Buttons Creator WordPress plugin through 1.04 does not have any authorisation as well as CSRF in its add button function, allowing unauthenticated users to call them either directly or via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Simple Buttons Creator
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-32139 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Podlove Podlove Podcast Publisher.0.12. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Podlove Podcast Publisher
NVD
CVSS 3.1
8.5
EPSS
7.3%
CVE-2024-23486 CRITICAL Act Now

Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wsr 2533Dhp Firmware Wsr 2533Dhpl Firmware Wsr 2533Dhp2 Firmware Wsr A2533Dhp2 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-3701 CRITICAL Act Now

The system application (com.transsion.kolun.aiservice) component does not perform an authentication check, which allows attackers to perform malicious exploitations and affect system services. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hios
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-3777 CRITICAL Act Now

The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Qbibot
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-29844 CRITICAL Act Now

Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Evolution
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-29836 CRITICAL Act Now

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control, allowing for an unauthenticated attacker to update and add user profiles. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Evolution
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-31649 MEDIUM POC This Month

A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cosmetics And Beauty Product Online Store
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-1849 MEDIUM POC This Month

The WP Customer Reviews WordPress plugin before 3.7.1 does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Wp Customer Reviews
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-1846 MEDIUM POC This Month

The Responsive Tabs WordPress plugin before 4.0.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Responsive Tabs
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-1746 MEDIUM POC This Month

The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Testimonial Slider And Showcase
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-1306 MEDIUM POC This Month

The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Smart Forms
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-3768 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul/itsourcecode News Portal 4.1.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP News Portal Project
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-3767 MEDIUM POC This Month

A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP News Portal Project
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-24486 CRITICAL Act Now

An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to edit device settings via the SAVE EEP_DATA command. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ds 600 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-3781 CRITICAL Act Now

Command injection vulnerability in the operating system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Wbsairback
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2024-1310 MEDIUM POC This Month

The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Woocommerce
NVD WPScan
CVSS 3.1
4.9
EPSS
0.7%
CVE-2024-31424 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Hamid Alinia Login with phone number login-with-phone-number.6.93. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-3782 HIGH This Week

Cross-Site Request Forgery vulnerability in WBSAirback 21.02.04, which could allow an attacker to create a manipulated HTML form to perform privileged actions once it is executed by a privileged user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wbsairback
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-30220 HIGH This Week

Command injection vulnerability in PLANEX COMMUNICATIONS wireless LAN routers allows a network-adjacent unauthenticated attacker to execute an arbitrary command by sending a specially crafted request. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Mzk Mf300N Firmware Mzk Mf300Hp2 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-29218 HIGH This Week

Out-of-bounds write vulnerability exists in KV STUDIO Ver.11.64 and earlier, KV REPLAY VIEWER Ver.2.64 and earlier, and VT5-WX15/WX12 Ver.6.02 and earlier, which may lead to information disclosure or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Memory Corruption Kv Replay Viewer +3
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-2858 MEDIUM POC This Month

The Simple Buttons Creator WordPress plugin through 1.04 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Simple Buttons Creator
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-2836 MEDIUM POC This Month

The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.64 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Super Socializer
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-1660 MEDIUM POC This Month

The Top Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Top Bar
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-0902 MEDIUM POC This Month

The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Fancy Product Designer
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-1655 HIGH This Week

Certain ASUS WiFi routers models has an OS Command Injection vulnerability, allowing an authenticated remote attacker to execute arbitrary system commands by sending a specially crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-29837 HIGH This Week

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Evolution
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-1754 MEDIUM POC This Month

The NPS computy WordPress plugin through 2.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Nps Computy
NVD WPScan
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-1712 MEDIUM POC This Month

The Carousel Slider WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Carousel Slider
NVD WPScan
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-32127 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Markus Seyer Find Duplicates.4.6. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Find Duplicates
NVD
CVSS 3.1
8.5
EPSS
0.4%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy