Skip to main content
CVE-2024-33111 MEDIUM POC This Month

D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP XSS Dir 845L Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2024-33829 MEDIUM POC This Month

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-3755 MEDIUM POC This Month

The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mf Gig Calendar
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-3752 MEDIUM POC This Month

The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Crelly Slider
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-4512 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Prison Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Prison Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-33113 MEDIUM POC This Month

D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Command Injection Dir 845L Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
3.4%
CVE-2024-34525 MEDIUM POC This Month

FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext env file. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Filecodebox
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-33294 CRITICAL Act Now

An issue in Library System using PHP/MySQli with Source Code V1.0 allows a remote attacker to execute arbitrary code via the _FAILE variable in the student_edit_photo.php component. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection PHP RCE
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-34524 CRITICAL Act Now

In XLANG OpenAgents through fe73ac4, the allowed_file protection mechanism can be bypassed by using an incorrect file extension for the nature of the file content. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-30973 HIGH This Week

An issue in V-SOL G/EPON ONU HG323AC-B with firmware version V2.0.08-210715 allows an attacker to execute arbtirary code and obtain sensitive information via crafted POST request to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-34092 HIGH This Week

An issue was discovered in Archer Platform 6 before 2024.04. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Archer
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-4528 MEDIUM POC This Month

A vulnerability was found in SourceCodester Prison Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Prison Management System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2024-34378 HIGH This Week

Missing Authorization vulnerability in LeadConnector.7. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2024-34412 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Parcel Panel ParcelPanel.8.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2024-32807 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brevo Sendinblue for WooCommerce allows Relative Path Traversal, Manipulating Web Input to File System. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal WordPress
NVD
CVSS 3.1
8.5
EPSS
0.6%
CVE-2024-3576 HIGH This Week

The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
8.3
EPSS
0.4%
CVE-2024-33599 HIGH This Week

nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow Glibc Debian Linux H300s Firmware +6
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2024-33753 HIGH This Week

Section Camera V2.5.5.3116-S50-SMA-B20160811 and earlier versions allow the accounts and passwords of administrators and users to be changed without authorization. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-29941 HIGH This Week

Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware binary allows malicious actors to create credentials for any site code and card number that is using the default ICT. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2024-23354 HIGH PATCH This Week

Memory corruption when the IOCTL call is interrupted by a signal. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Fastconnect 6700 Firmware Fastconnect 6900 Firmware +72
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-23351 HIGH PATCH This Week

Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Buffer Overflow Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware +88
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-21476 HIGH This Week

Memory corruption when the channel ID passed by user is not validated and further used. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6800 Firmware +42
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-21475 HIGH PATCH This Week

Memory corruption when the payload received from firmware is not as per the expected protocol size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Memory Corruption 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware +226
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-21474 HIGH This Week

Memory corruption when size of buffer from previous call is used without validation or re-initialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Ar8035 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware +21
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-21471 HIGH PATCH This Week

Memory corruption when IOMMU unmap of a GPU buffer fails in Linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Ar8035 Firmware C V2x 9150 Firmware +167
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-20064 HIGH This Week

In wlan service, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-34528 HIGH PATCH This Week

WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race condition because the conf_path os.open does not use a mode parameter during file creation. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.7
EPSS
0.2%
CVE-2024-34386 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.4.3.1. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2024-34388 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Scribit GDPR Compliance.2.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-33602 HIGH This Week

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Glibc Debian Linux H300s Firmware H500s Firmware +8
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2024-33118 HIGH This Week

LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulnerability via the fileDownload method in class com.luckyframe.project.common.CommonController. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Luckyframeweb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-32972 HIGH PATCH This Week

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-21477 HIGH This Week

Transient DOS while parsing a protected 802.11az Fine Time Measurement (FTM) frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Ar8035 Firmware Csr8811 Firmware Fastconnect 6200 Firmware +178
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-34538 HIGH This Week

Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-34527 HIGH This Week

spaces_plugin/app.py in SolidUI 0.4.0 has an unnecessary print statement for an OpenAI key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-33601 HIGH This Week

nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Glibc Debian Linux H300s Firmware H500s Firmware +8
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-20057 HIGH This Week

In keyInstall, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-4510 HIGH This Week

A vulnerability was found in Ruijie RG-UAC up to 20240428. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Rg Uac 6000 Cc Firmware Rg Uac 6000 E10 Firmware Rg Uac 6000 E10C Firmware +24
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
7.1%
CVE-2024-4509 HIGH This Week

A vulnerability was found in Ruijie RG-UAC up to 20240428. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Rg Uac 6000 Cc Firmware Rg Uac 6000 E10 Firmware Rg Uac 6000 E10C Firmware +24
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
6.9%
CVE-2024-4508 HIGH This Week

A vulnerability was found in Ruijie RG-UAC up to 20240428. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Rg Uac 6000 Cc Firmware Rg Uac 6000 E10 Firmware Rg Uac 6000 E10C Firmware +24
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
7.1%
CVE-2024-4507 HIGH This Week

A vulnerability was found in Ruijie RG-UAC up to 20240428 and classified as critical.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Rg Uac 6000 Cc Firmware Rg Uac 6000 E10 Firmware Rg Uac 6000 E10C Firmware +24
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
7.9%
CVE-2024-33912 HIGH This Week

Missing Authorization vulnerability in Academy LMS.9.16. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Academy Lms
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-34369 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webpushr Web Push Notifications Webpushr allows Reflected XSS.35.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-34367 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Popup Box Team Popup box allows Cross-Site Scripting (XSS).1.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-20059 MEDIUM This Month

In da, there is a possible escalation of privilege due to an incorrect status check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20056 MEDIUM This Month

In preloader, there is a possible escalation of privilege due to an insecure default value. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Rdk B Android Openwrt
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20021 MEDIUM This Month

In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-33576 MEDIUM This Month

Missing Authorization vulnerability in Ollybach WPPizza.18.10. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-34376 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Freesia Edge allows Stored XSS.0.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-34381 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PropertyHive allows Stored XSS.0.10. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Propertyhive
NVD
CVSS 3.1
6.5
EPSS
0.2%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy