Skip to main content
CVE-2024-4548 CRITICAL POC THREAT Emergency

An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Diaenergie
NVD
CVSS 3.1
9.8
EPSS
29.4%
CVE-2024-34069 HIGH POC PATCH Act Now

Werkzeug is a comprehensive WSGI web application library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Werkzeug Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2024-34532 CRITICAL POC Act Now

A SQL injection vulnerability in Yvan Dotet PostgreSQL Query Deluxe module (aka query_deluxe) 17.x before 17.0.0.4 allows a remote attacker to gain privileges via the query parameter to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PostgreSQL
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-33411 CRITICAL POC Act Now

A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the my_index parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-33409 CRITICAL POC Act Now

SQL injection vulnerability in index.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the name parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-33408 CRITICAL POC Act Now

A SQL injection vulnerability in /model/get_classroom.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-33403 CRITICAL POC Act Now

A SQL injection vulnerability in /model/get_events.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the event_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-34249 CRITICAL POC Act Now

wasm3 v0.5.0 was discovered to contain a heap buffer overflow which leads to segmentation fault via the function "DeallocateSlot" in wasm3/source/m3_compile.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Wasm3
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-4547 CRITICAL POC Act Now

A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Diaenergie
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-33110 CRITICAL POC Act Now

D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php component. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link PHP Dir 845L Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-33749 CRITICAL POC Act Now

DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_manage.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Dedecms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-33405 HIGH POC This Week

SQL injection vulnerability in add_friends.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the friend_index parameter. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-34470 HIGH POC This Week

An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Mailinspector
NVD GitHub
CVSS 3.1
8.6
EPSS
6.7%
CVE-2024-33404 HIGH POC This Week

A SQL injection vulnerability in /model/add_student_first_payment.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub
CVSS 3.1
8.3
EPSS
0.6%
CVE-2024-32982 HIGH POC PATCH This Week

Litestar and Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Path Traversal
NVD GitHub
CVSS 3.1
8.2
EPSS
0.7%
CVE-2024-33410 HIGH POC This Week

SQL injection vulnerability in /model/delete_range_grade.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-33830 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-33788 HIGH POC This Week

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E5600 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.9%
CVE-2024-3661 HIGH POC This Week

DHCP can add routes to a client’s routing table via the classless static route option (121). Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Forticlient Anyconnect Vpn Client Secure Client Globalprotect +5
NVD
CVSS 3.1
7.6
EPSS
4.1%
CVE-2024-34251 HIGH POC This Week

An out-of-bound memory read vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause a denial of service via the "block_type_get_arity". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Webassembly Micro Runtime
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-34246 HIGH POC This Week

wasm3 v0.5.0 was discovered to contain an out-of-bound memory read which leads to segmentation fault via the function "main" in wasm3/platforms/app/main.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Wasm3
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-34252 HIGH POC This Week

wasm3 v0.5.0 was discovered to contain a global buffer overflow which leads to segmentation fault via the function "PreserveRegisterIfOccupied" in wasm3/source/m3_compile.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wasm3
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-33112 HIGH POC This Week

D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 845L Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
6.5%
CVE-2024-4549 HIGH POC This Week

A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Diaenergie
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-3756 HIGH POC This Week

The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

WordPress CSRF Mf Gig Calendar
NVD WPScan
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-34534 HIGH POC This Week

A SQL injection vulnerability in Cybrosys Techno Solutions Text Commander module (aka text_commander) 16.0 through 16.0.1 allows a remote attacker to gain privileges via the data parameter to. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
7.3
EPSS
0.5%
CVE-2024-34533 HIGH POC This Week

A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Data Query module (aka izi_data) 11.0 through 17.x before 17.0.3 allows a remote attacker to gain privileges via a query to. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
7.3
EPSS
0.5%
CVE-2024-33406 HIGH POC This Week

SQL injection vulnerability in /model/delete_student_grade_subject.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub
CVSS 3.1
7.3
EPSS
0.4%
CVE-2024-28725 HIGH POC This Week

Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attackers to run arbitrary code via Ads Management, Carousel Management, and System Settings. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Yzmcms
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2024-33752 MEDIUM POC This Month

An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 at admin/views/plugin.php that could be exploited by a remote attacker to submit a special request to upload a malicious. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Emlog
NVD GitHub
CVSS 3.1
6.3
EPSS
4.6%
CVE-2024-34250 MEDIUM POC This Month

A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause at least a denial of service via the "wasm_loader_check_br". Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service Webassembly Micro Runtime
NVD GitHub
CVSS 3.1
6.2
EPSS
0.3%
CVE-2024-4527 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-4526 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-4525 MEDIUM POC This Month

A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-4524 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-4523 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-4522 MEDIUM POC This Month

A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-4521 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-4519 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-4518 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-4517 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-4516 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-4515 MEDIUM POC This Month

A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-4514 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-4513 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-33407 MEDIUM POC This Month

SQL injection vulnerability in /model/delete_record.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-0904 MEDIUM POC This Month

The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress XSS Fancy Product Designer
NVD WPScan
CVSS 3.1
5.9
EPSS
0.6%
CVE-2024-21480 CRITICAL Act Now

Memory corruption while playing audio file having large-sized input buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware +108
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-34472 MEDIUM POC This Month

An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Mailinspector
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2024-34471 MEDIUM POC This Month

An issue was discovered in HSC Mailinspector 5.2.17-3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Mailinspector
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy