Skip to main content
CVE-2024-31546 CRITICAL POC Act Now

Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/damage/view_damage.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Computer Laboratory Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-31750 CRITICAL POC THREAT Act Now

SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Datacube3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
19.4%
CVE-2024-31547 CRITICAL POC Act Now

Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/item/view_item.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Computer Laboratory Management System
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-32166 HIGH POC This Week

Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended (horizontal privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Privilege Escalation Webid
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-32652 HIGH POC PATCH This Week

The adapter @hono/node-server allows you to run your Hono application on Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Information Disclosure Node Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-32650 HIGH POC PATCH This Week

Rustls is a modern TLS library written in Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-31846 HIGH POC This Week

An issue was discovered in Italtel Embrace 1.6.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Embrace
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-31841 HIGH POC This Week

An issue was discovered in Italtel Embrace 1.6.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Embrace
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-22640 HIGH POC PATCH This Week

TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tcpdf Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-32391 HIGH POC This Week

Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 allows a remote attacker to execute arbitrary code via a crafted payload. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Maccms
NVD GitHub
CVSS 3.1
7.3
EPSS
0.9%
CVE-2024-30974 HIGH POC This Week

SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to run arbitrary SQL commands via the carId parameter. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi Autoexpress
NVD GitHub
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-2761 MEDIUM POC This Month

The Genesis Blocks WordPress plugin before 3.1.3 does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS attacks. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Genesis Blocks
NVD WPScan
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-31994 MEDIUM POC PATCH This Month

Mealie is a self hosted recipe manager and meal planner. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available.

Docker Denial Of Service Mealie
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-31450 MEDIUM POC PATCH This Month

Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Owncast
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-29029 MEDIUM POC PATCH This Month

memos is a privacy-first, lightweight note-taking service. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF XSS Memos
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2024-32038 CRITICAL Act Now

Wazuh is a free and open source platform used for threat prevention, detection, and response. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Wazuh Microsoft
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-29966 CRITICAL Act Now

Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Brocade Sannav
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-29204 CRITICAL Act Now

A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Ivanti Avalanche
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2024-24996 CRITICAL Act Now

A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Ivanti Avalanche
NVD
CVSS 3.1
9.8
EPSS
32.2%
CVE-2024-22061 CRITICAL Act Now

A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ivanti Avalanche
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2024-30938 CRITICAL Act Now

SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to obtain sensitive information via the ID parameter in the SEMCMS_User.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Semcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-27752 MEDIUM POC This Month

Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the Default Keyword field in the settings function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Csz Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-1681 MEDIUM POC PATCH This Month

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python Flask Cors
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-29030 MEDIUM POC PATCH This Month

memos is a privacy-first, lightweight note-taking service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Memos
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2024-29028 MEDIUM POC PATCH This Month

memos is a privacy-first, lightweight note-taking service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Memos
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2024-32644 CRITICAL PATCH Act Now

Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Evmos
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2024-27976 HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2024-27975 HIGH This Week

An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Ivanti Memory Corruption Avalanche
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2024-25000 HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2024-24999 HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2024-24998 HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2024-24997 HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2024-24994 HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
CVSS 3.1
8.8
EPSS
68.1%
CVE-2024-24992 HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
CVSS 3.1
8.8
EPSS
70.9%
CVE-2024-23535 HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
CVSS 3.1
8.8
EPSS
68.1%
CVE-2024-23534 HIGH This Week

An Unrestricted File-upload vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti File Upload Avalanche
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2024-32206 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the component \affiche\admin\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhicms
NVD GitHub VulDB
CVSS 3.1
4.6
EPSS
0.5%
CVE-2024-29959 HIGH This Week

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brocade Sannav
NVD
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-32392 MEDIUM POC This Month

Cross Site Scripting vulnerability in CmSimple v.5.15 allows a remote attacker to execute arbitrary code via the functions.php component. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Cmsimple
NVD GitHub
CVSS 3.1
4.5
EPSS
0.8%
CVE-2024-29961 HIGH This Week

A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brocade Sannav
NVD
CVSS 3.1
8.2
EPSS
0.8%
CVE-2024-27977 HIGH This Week

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Avalanche
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2024-4018 HIGH This Week

Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (local appliance api modules) allows Privilege Escalation.4 before 4.0.3. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft U Series Appliance
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-4017 HIGH This Week

Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (filesystem modules) allows DLL Side-Loading.4 before 4.0.3. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft U Series Appliance
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-1480 HIGH This Week

Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-31744 HIGH This Week

In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-29969 HIGH This Week

When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added by default for port 18082. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brocade Sannav
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-29960 HIGH This Week

In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Brocade Sannav
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-29957 HIGH This Week

When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brocade Sannav
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-24995 HIGH This Week

A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ivanti Avalanche
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2024-24993 HIGH This Week

A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ivanti Avalanche
NVD
CVSS 3.1
7.5
EPSS
2.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy