Skip to main content
CVE-2024-31615 CRITICAL POC Act Now

ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Thinkcmf
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-22391 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Grassroots Dicom Fedora
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-22373 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Grassroots Dicom Fedora
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-4024 HIGH POC THREAT This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.8 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
14.9%
CVE-2024-4170 HIGH POC This Week

A vulnerability was found in Tenda 4G300 1.01.42. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow 4G300 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-4169 HIGH POC This Week

A vulnerability was found in Tenda 4G300 1.01.42. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow 4G300 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-33247 HIGH POC This Week

Sourcecodester Employee Task Management System v1.0 is vulnerable to SQL Injection via admin-manage-user.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Employee Task Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-4168 HIGH POC This Week

A vulnerability was found in Tenda 4G300 1.01.42. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow 4G300 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-4167 HIGH POC This Week

A vulnerability was found in Tenda 4G300 1.01.42 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow 4G300 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-4166 HIGH POC This Week

A vulnerability has been found in Tenda 4G300 1.01.42 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow 4G300 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-2434 HIGH POC THREAT This Week

An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Path Traversal
NVD
CVSS 3.1
8.1
EPSS
22.9%
CVE-2024-32324 HIGH POC This Week

Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v.3.2 allows a local attacker to execute arbitrary code via the vpn_client_ip variable of the config_vpn_pptp. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Lbt T300 T400 Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-31609 HIGH POC This Week

Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attackers to run arbitrary code via the header code and footer code fields in code configuration. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Bosscms
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-30939 MEDIUM POC This Month

An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a physically proximate attacker to gain control of an account via a flaw in the factory reset procedure. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Vp59 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-2907 MEDIUM POC This Month

The AGCA WordPress plugin before 7.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Absolutely Glamorous Custom Admin
NVD WPScan
CVSS 3.1
6.8
EPSS
0.5%
CVE-2024-32467 MEDIUM POC This Month

MeterSphere is an open source continuous testing platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Metersphere
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-1102 MEDIUM POC PATCH This Month

A vulnerability was found in jberet-core logging. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jberet Jboss Enterprise Application Platform
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-25569 MEDIUM POC This Month

An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Grassroots Dicom Fedora
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-31610 MEDIUM POC This Month

File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attackers to run arbitrary code via upload of crafted file. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Simple School Management System
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-0916 CRITICAL Act Now

Unauthenticated file upload allows remote code execution.0.0 through 1.1.3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload
NVD GitHub
CVSS 3.1
10.0
EPSS
1.0%
CVE-2023-51482 CRITICAL Act Now

Improper Authentication vulnerability in EazyPlugins Eazy Plugin Manager allows Accessing Functionality Not Properly Constrained by ACLs.1.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.9
EPSS
0.2%
CVE-2023-51484 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in wp-buy Login as User or Customer (User Switching) login-as-customer-or-user allows Privilege Escalation.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-51478 CRITICAL Act Now

Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.0.19. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Build App Online
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-4165 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.17(9502). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow G3 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-4164 CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.17(9502). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow G3 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-4173 CRITICAL Act Now

A vulnerability in Brocade SANnav exposes Kafka in the wan interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brocade Sannav
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-30560 CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability in 大侠WP DX-Watermark.0.4. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2024-32649 MEDIUM POC PATCH This Month

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Information Disclosure Vyper
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-32648 MEDIUM POC PATCH This Month

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Vyper
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-32647 MEDIUM POC PATCH This Month

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Information Disclosure Vyper
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-32646 MEDIUM POC PATCH This Month

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vyper
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-32645 MEDIUM POC PATCH This Month

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vyper
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-32481 MEDIUM POC PATCH This Month

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Vyper
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2024-31266 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.4.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress Code Injection
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-22144 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.21.96. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Code Injection
NVD
CVSS 3.1
9.0
EPSS
0.7%
CVE-2024-31574 MEDIUM POC This Month

Cross Site Scripting vulnerability in TWCMS v.2.6 allows a local attacker to execute arbitrary code via a crafted script. Rated medium severity (CVSS 5.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Twcms
NVD GitHub
CVSS 3.1
5.0
EPSS
0.3%
CVE-2024-25917 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodeRevolution WP Setup Wizard.0.8.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-3622 HIGH This Week

A flaw was found when using mirror-registry to install Quay. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mirror Registry
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-4171 HIGH This Week

A vulnerability classified as critical has been found in Tenda W30E 1.0/1.0.1.25. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow W30e Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-3265 MEDIUM POC This Month

The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Advance Search
NVD WPScan
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-30890 MEDIUM POC This Month

Cross Site Scripting vulnerability in ED01-CMS v.1.0 allows an attacker to obtain sensitive information via the categories.php component. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ed01 Cms
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-4172 MEDIUM POC This Month

A vulnerability classified as problematic was found in idcCMS 1.35. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-4006 MEDIUM POC This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-1657 HIGH This Week

A flaw was found in the ansible automation platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-28241 HIGH PATCH This Week

The GLPI Agent is a generic management agent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Glpi Agent
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-28240 HIGH PATCH This Week

The GLPI Agent is a generic management agent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Glpi Agent
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-1139 HIGH This Week

A credentials leak vulnerability was found in the cluster monitoring operator in OCP. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.7
EPSS
0.9%
CVE-2024-32358 HIGH This Week

An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Jpress
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-32236 LOW POC Monitor

An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index.php component. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Cmseasy
NVD GitHub
CVSS 3.1
3.5
EPSS
0.4%
CVE-2024-25026 HIGH This Week

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Websphere Application Server
NVD
CVSS 3.1
7.5
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy