Skip to main content
CVE-2024-32651 CRITICAL POC PATCH THREAT Act Now

changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Ssti
NVD GitHub
CVSS 3.1
10.0
EPSS
83.7%
CVE-2024-28322 CRITICAL POC Act Now

SQL Injection vulnerability in /event-management-master/backend/register.php in PuneethReddyHC Event Management 1.0 allows attackers to run arbitrary SQL commands via the event_id parameter in a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Event Management
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-33344 CRITICAL POC THREAT Act Now

D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 822 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
19.9%
CVE-2024-0740 CRITICAL POC PATCH Act Now

Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Target Management
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-33343 HIGH POC This Week

D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 822 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
8.3%
CVE-2024-3075 HIGH POC This Week

The MM-email2image WordPress plugin through 0.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mm Email2Image
NVD WPScan
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-3962 CRITICAL PATCH Act Now

The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.5%.

WordPress File Upload RCE Product Addons Fields For Woocommerce
NVD
CVSS 3.1
9.8
EPSS
10.5%
CVE-2024-31755 HIGH POC This Week

cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Cjson
NVD GitHub
CVSS 3.1
7.6
EPSS
0.6%
CVE-2024-33342 HIGH POC This Week

D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 822 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2024-32406 HIGH POC This Week

Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Ssti Relate
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-32880 HIGH POC This Week

pyload is an open-source Download Manager written in pure Python. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python File Upload Pyload
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2024-3154 HIGH POC PATCH This Week

A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2024-33258 HIGH POC This Week

Jerryscript commit ff9ff8f was discovered to contain a segmentation violation via the component vm_loop at jerry-core/vm/vm.c. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Jerryscript
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-33669 MEDIUM POC PATCH This Month

An issue was discovered in Passbolt Browser Extension before 4.6.2. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Passbolt Browser Extension
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2024-33663 MEDIUM POC PATCH This Month

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure SSH Python Jose
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-3188 MEDIUM POC This Month

The WP Shortcodes Plugin - Shortcodes Ultimate WordPress plugin before 7.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Shortcodes Ultimate
NVD WPScan
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-2603 MEDIUM POC This Month

The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin (or editor depending on Salon booking. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Salon Booking System
NVD WPScan
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-0905 MEDIUM POC This Month

The Fancy Product Designer WordPress plugin before 6.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Fancy Product Designer
NVD WPScan
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-33255 MEDIUM POC This Month

Jerryscript commit cefd391 was discovered to contain an Assertion Failure via ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p) in ecma_free_string_list. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
6.2
EPSS
0.3%
CVE-2024-31828 MEDIUM POC This Month

Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows attackers to execute arbitrary code and obtain sensitive information via a crafted payload to the URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Lavalite
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-31741 MEDIUM POC This Month

Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary code via crafted string in the URL after login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Minicms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-32766 CRITICAL Act Now

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Qnap Qts Quts Hero Qutscloud
NVD
CVSS 3.1
10.0
EPSS
2.3%
CVE-2024-32764 CRITICAL Act Now

A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Myqnapcloud Link
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2024-2310 MEDIUM POC This Month

The WP Google Review Slider WordPress plugin before 13.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Google Wp Google Review Slider
NVD WPScan
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-30804 CRITICAL Act Now

An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an attacker to execute arbitrary code via crafted IOCTL requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-32881 CRITICAL Act Now

Danswer is the AI Assistant connected to company's docs, apps, and people. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-31601 CRITICAL Act Now

An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-22633 CRITICAL Act Now

Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hprinter parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-22632 CRITICAL Act Now

Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hmsg parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-3059 MEDIUM POC This Month

The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Enl Newsletter
NVD WPScan
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-33259 MEDIUM POC This Month

Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component scanner_seek at jerry-core/parser/js/js-scanner-util.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-3048 MEDIUM POC This Month

The Bannerlid WordPress plugin through 1.1.0 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bannerlid
NVD WPScan
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-3058 MEDIUM POC This Month

The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Enl Newsletter
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-2837 MEDIUM POC This Month

The WP Chat App WordPress plugin before 3.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Chat App
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-33664 MEDIUM POC PATCH This Month

python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Python Jose
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2024-25343 CRITICAL Act Now

Tenda N300 F3 router vulnerability allows users to bypass intended security policy and create weak passwords. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Tenda N300 Firmware
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-33260 MEDIUM POC This Month

Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Jerryscript
NVD GitHub
CVSS 3.1
5.1
EPSS
0.2%
CVE-2024-33668 CRITICAL Act Now

An issue was discovered in Zammad before 6.3.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zammad
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-33661 CRITICAL PATCH Act Now

Portainer before 2.20.0 allows redirects when the target is not index.yaml. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Portainer
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-4235 MEDIUM POC This Month

A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear Dg834Gv5 Firmware
NVD VulDB
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-4244 HIGH This Week

A vulnerability classified as critical was found in Tenda W9 1.0.0.7(4456). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow W9 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-4243 HIGH This Week

A vulnerability classified as critical has been found in Tenda W9 1.0.0.7(4456). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow W9 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-4242 HIGH This Week

A vulnerability was found in Tenda W9 1.0.0.7(4456). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow W9 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-4241 HIGH This Week

A vulnerability was found in Tenda W9 1.0.0.7(4456). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow W9 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-4240 HIGH This Week

A vulnerability was found in Tenda W9 1.0.0.7(4456). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow W9 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-4239 HIGH This Week

A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Ax1806 Firmware
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-32878 HIGH This Week

Llama.cpp is LLM inference in C/C++. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Llama Cpp
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-4238 HIGH This Week

A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Ax1806 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-4237 HIGH This Week

A vulnerability, which was classified as critical, was found in Tenda AX1806 1.0.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Ax1806 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-4236 HIGH This Week

A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Ax1803 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
14.9%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy