Skip to main content
CVE-2024-2961 HIGH POC THREAT Act Now

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 92.6%.

Memory Corruption Buffer Overflow
NVD VulDB
CVSS 3.1
7.3
EPSS
92.6%
Threat
5.7
CVE-2024-32161 CRITICAL POC Act Now

jizhiCMS 2.5 suffers from a File upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Jizhicms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-30990 CRITICAL POC Act Now

SQL Injection vulnerability in the "Invoices" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "searchdata" parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Client Management System
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-30985 CRITICAL POC Act Now

SQL Injection vulnerability in "B/W Dates Reports" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "todate" and "fromdate". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Client Management System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-30981 CRITICAL POC Act Now

SQL Injection vulnerability in /edit-computer-detail.php in phpgurukul Cyber Cafe Management System Using PHP & MySQL v1.0 allows attackers to run arbitrary SQL commands via editid in the application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Cyber Cafe Management System
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-30980 CRITICAL POC Act Now

SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the Computer Location parameter in manage-computer.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Cyber Cafe Management System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-32318 CRITICAL POC Act Now

Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the vlan parameter in the formSetVlanInfo function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac500 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-32286 CRITICAL POC Act Now

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromVirtualSer function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Information Disclosure W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-32301 CRITICAL POC Act Now

Tenda AC7V1.0 v15.03.06.44 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Information Disclosure Ac7 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-3908 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Tenda AC500 2.0.1.9(1307). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac500 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
8.7%
CVE-2024-3907 CRITICAL POC Act Now

A vulnerability was found in Tenda AC500 2.0.1.9(1307). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac500 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-32340 CRITICAL POC Act Now

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the WEBSITE TITLE. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wondercms
NVD GitHub
CVSS 3.1
9.6
EPSS
0.7%
CVE-2024-32299 HIGH POC This Week

Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1203 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-32292 HIGH POC This Week

Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection W30e Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-32281 HIGH POC This Week

Tenda AC7V1.0 v15.03.06.44 firmware contains a command injection vulnerablility in formexeCommand function via the cmdinput parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac7 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-3910 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Tenda AC500 2.0.1.9(1307). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac500 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-3906 HIGH POC This Week

A vulnerability was found in Tenda AC500 2.0.1.9(1307). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac500 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-3905 HIGH POC This Week

A vulnerability was found in Tenda AC500 2.0.1.9(1307). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac500 Firmware
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-3833 HIGH POC THREAT This Week

Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
15.0%
CVE-2024-3832 HIGH POC This Week

Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-32293 HIGH POC This Week

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromDhcpListClient function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
5.6%
CVE-2024-32285 HIGH POC This Week

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the password parameter in the formaddUserName function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-32310 HIGH POC This Week

Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the PPW parameter of the fromWizardHandle function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow F1203 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-31041 HIGH POC This Week

Null Pointer Dereference vulnerability in topic_filtern function in mqtt_parser.c in NanoMQ 0.21.7 allows attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Nanomq
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-31031 HIGH POC This Week

An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Libcoap Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-32317 HIGH POC This Week

Tenda AC10 v4.0 V16.03.10.13 and V16.03.10.20 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac10 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-32291 HIGH POC This Week

Tenda W30E v1.0 firmware v1.0.1.25(633) has a stack overflow vulnerability via the page parameter in the fromNatlimit function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-32307 HIGH POC This Week

Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1205 Firmware
NVD GitHub
CVSS 3.1
7.4
EPSS
0.6%
CVE-2024-32283 HIGH POC This Week

Tenda FH1203 V2.0.1.6 firmware has a command injection vulnerablility in formexeCommand function via the cmdinput parameter. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Fh1203 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.9%
CVE-2024-32345 HIGH POC This Week

A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cmsimple
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-32344 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cmsimple
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2024-30988 MEDIUM POC This Month

Cross Site Scripting vulnerability in /search-invoices.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Client Management System
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2024-30987 MEDIUM POC This Month

Cross Site Scripting vulnerability in /bwdates-reports-ds.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and obtain sensitive information. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Client Management System
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2024-32290 MEDIUM POC This Month

Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromAddressNat function. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub
CVSS 3.1
6.7
EPSS
0.7%
CVE-2024-30986 MEDIUM POC This Month

Cross Site Scripting vulnerability in /edit-services-details.php of phpgurukul Client Management System using PHP & MySQL 1.1 allows attackers to execute arbitrary code and via "price" and "sname". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Client Management System
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-32316 MEDIUM POC This Month

Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability in the fromDhcpListClient function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac500 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-32311 MEDIUM POC This Month

Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1203 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-32287 MEDIUM POC This Month

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in the fromqossetting function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-32313 MEDIUM POC This Month

Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located via the adslPwd parameter of the formWanParameterSetting function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1205 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-32163 MEDIUM POC This Month

CMSeasy 7.7.7.9 is vulnerable to code execution. Rated medium severity (CVSS 6.4). Public exploit code available and no vendor patch available.

RCE Path Traversal Cmseasy
NVD GitHub
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-32288 MEDIUM POC This Month

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromwebExcptypemanFilter function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-32472 MEDIUM POC PATCH This Month

excalidraw is an open source virtual hand-drawn style whiteboard. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-32343 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Boidcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-32342 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Boidcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-32339 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wondercms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-32337 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wondercms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-30953 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Htmly
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-30951 MEDIUM POC This Month

FUDforum v3.1.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the chpos parameter at /adm/admsmiley.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Fudforum
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-3847 MEDIUM POC This Month

Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Google Chrome Fedora
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2024-3841 MEDIUM POC This Month

Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Google Chrome Fedora
NVD
CVSS 3.1
6.1
EPSS
0.7%
Page 1 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy