Skip to main content
CVE-2024-27348 CRITICAL POC KEV PATCH THREAT Act Now

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apache Hugegraph
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.2%
CVE-2024-4040 CRITICAL POC KEV PATCH THREAT Act Now

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Ssti Crushftp
NVD GitHub
CVSS 3.1
10.0
EPSS
99.5%
CVE-2024-32041 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Freerdp Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-32238 CRITICAL POC THREAT Act Now

H3C ER8300G2-X is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
53.2%
CVE-2024-31666 CRITICAL POC Act Now

An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted script to the edit_addon_post.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Flusity
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-32418 CRITICAL POC Act Now

An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE PHP Flusity
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-31545 CRITICAL POC Act Now

Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/?page=user/manage_user&id=6. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Computer Laboratory Management System
NVD GitHub
CVSS 3.1
9.4
EPSS
0.6%
CVE-2024-32461 HIGH POC PATCH THREAT This Week

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Librenms
NVD GitHub
CVSS 3.1
8.8
EPSS
19.1%
CVE-2024-32407 HIGH POC This Week

An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF RCE Relate
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-32399 HIGH POC This Week

Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
7.6
EPSS
3.2%
CVE-2024-32480 HIGH POC PATCH THREAT This Week

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Librenms
NVD GitHub
CVSS 3.1
7.2
EPSS
20.3%
CVE-2024-31036 MEDIUM POC This Month

A heap-buffer-overflow vulnerability in the read_byte function in NanoMQ v.0.21.7 allows attackers to cause a denial of service via transmission of crafted hexstreams. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service Nanomq
NVD GitHub
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-29368 MEDIUM POC This Month

An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Mozilocms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-29376 MEDIUM POC PATCH This Month

Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via the "Province" field in Address Book. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sylius
NVD GitHub
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-32460 CRITICAL Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Freerdp Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-32459 CRITICAL Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Freerdp Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
CVE-2024-32458 CRITICAL Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Freerdp Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2024-32040 CRITICAL Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Freerdp Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-32039 CRITICAL Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Freerdp Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2024-29661 CRITICAL Act Now

A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to execute arbitrary code via a crafted payload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Dedecms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-32479 MEDIUM POC PATCH THREAT This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
34.1%
CVE-2024-27574 CRITICAL Act Now

SQL Injection vulnerability in Trainme Academy version Ichin v.1.3.2 allows a remote attacker to obtain sensitive information via the informacion, idcurso, and tit parameters. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-27349 CRITICAL PATCH Act Now

Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server.0.0 before 1.3.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Hugegraph
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2024-32394 HIGH This Week

An issue in ruijie.com/cn RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01G-TW-S_07150910 and RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01G-TW-S_07150910 allows a remote attacker to execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
12.6%
CVE-2024-30799 MEDIUM POC This Month

An issue in PX4 Autopilot v1.14 and before allows a remote attacker to execute arbitrary code and cause a denial of service via the Breach Return Point function. Rated medium severity (CVSS 4.4). Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Px4 Drone Autopilot
NVD GitHub
CVSS 3.1
4.4
EPSS
0.3%
CVE-2024-22811 HIGH This Week

An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Pathpilot Controller
NVD GitHub
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-28699 HIGH This Week

A buffer overflow vulnerability in pdf2json v0.70 allows a local attacker to execute arbitrary code via the GString::copy() and ImgOutputDev::ImgOutputDev function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Buffer Overflow RCE
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-32656 HIGH PATCH This Week

Ant Media Server is live streaming engine software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass RCE Apache Java Privilege Escalation
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-32693 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in ValvePress Automatic.93.0. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2024-22808 HIGH This Week

An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pathpilot Controller
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-32368 HIGH This Week

Insecure Permission vulnerability in Agasta Sanketlife 2.0 Pocket 12-Lead ECG Monitor FW Version 3.0 allows a local attacker to cause a denial of service via the Bluetooth Low Energy (BLE) component. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service
NVD GitHub
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-32694 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder - Real 3D FlipBook WordPress. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-32682 HIGH This Week

Missing Authorization vulnerability in BdThemes Prime Slider - Addons For Elementor.13.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Prime Slider
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-32695 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marco Gasi Language Switcher for Transposh allows Reflected XSS.5.9. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-32405 LOW POC Monitor

Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Relate
NVD
CVSS 3.1
2.6
EPSS
0.5%
CVE-2024-32688 MEDIUM This Month

Missing Authorization vulnerability in Long Watch Studio MyRewards.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-32696 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud Infographic Maker - iList allows Stored XSS.6.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-32697 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HelloAsso allows Stored XSS.1.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-32698 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons.10.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-22809 MEDIUM This Month

Incorrect access control in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to access the G code's shared folder and view sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pathpilot Controller
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-22807 MEDIUM This Month

An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer from. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Pathpilot Controller
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-3645 MEDIUM This Month

The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Counter widget in all versions up to, and including, 5.8.11 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Essential Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-28722 MEDIUM This Month

Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3, v.12r2 allows a remote attacker to execute arbitrary code via the query parameter to the /CMD0/xml_modes.xml endpoint. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE
NVD VulDB
CVSS 3.1
6.3
EPSS
0.6%
CVE-2024-32653 MEDIUM This Month

jadx is a Dex to Java decompiler. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

RCE Java
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-28436 MEDIUM This Month

Cross Site Scripting vulnerability in D-Link DAP products DAP-2230, DAP-2310, DAP-2330, DAP-2360, DAP-2553, DAP-2590, DAP-2690, DAP-2695, DAP-3520, DAP-3662 allows a remote attacker to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link PHP XSS RCE
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-32690 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood RSS Feed Widget allows Stored XSS.9.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-32657 MEDIUM PATCH This Month

Hydra is a Continuous Integration service for Nix based projects. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Hydra
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-22856 MEDIUM This Month

A SQL injection vulnerability via the Save Favorite Search function in Axefinance Axe Credit Portal >= v.3.0 allows authenticated attackers to execute unintended queries and disclose sensitive. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-32691 MEDIUM This Month

Missing Authorization vulnerability in realmag777 Active Products Tables for WooCommerce.0.6.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-32684 MEDIUM This Month

Missing Authorization vulnerability in Wpmet Wp Ultimate Review.2.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp Ultimate Review
NVD
CVSS 3.1
5.3
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy