Skip to main content
CVE-2024-25510 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-25508 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-32370 CRITICAL POC Act Now

An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Mailinspector
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-4346 CRITICAL Act Now

The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 22.2% and no vendor patch available.

WordPress PHP Path Traversal RCE
NVD
CVSS 3.1
9.1
EPSS
22.2%
CVE-2024-25514 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /SysManage/wf_template_child_field_list.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.4
EPSS
0.6%
CVE-2024-25511 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.4
EPSS
0.6%
CVE-2024-25509 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.4
EPSS
0.6%
CVE-2024-25507 CRITICAL POC Act Now

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
9.4
EPSS
0.6%
CVE-2024-4345 CRITICAL Act Now

The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.0% and no vendor patch available.

WordPress File Upload RCE
NVD
CVSS 3.1
9.8
EPSS
15.0%
CVE-2024-25512 HIGH POC This Week

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attach_id parameter at /Bulletin/AttachDownLoad.aspx. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-29889 HIGH POC PATCH THREAT This Week

GLPI is a Free Asset and IT Management Software package. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Glpi
NVD GitHub
CVSS 3.1
8.1
EPSS
63.0%
CVE-2024-25513 HIGH POC This Week

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruvaroa
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-34315 HIGH POC This Week

CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fckedit_action method of /admin/template_admin.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Cmseasy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-34523 HIGH POC This Week

AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-32371 HIGH POC This Week

An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account to escalate their privileges and gain administrative access by changing the type parameter from 1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Mailinspector
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-33782 HIGH POC This Week

MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function OTExtensionWithMatrix::extend in /OT/OTExtensionWithMatrix.cpp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Denial Of Service Multi Protocol Spdz
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-33781 HIGH POC This Week

MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function octetStream::get_bytes in /Tools/octetStream.cpp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Multi Protocol Spdz
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-33434 CRITICAL PATCH GHSA Act Now

An issue in tiagorlampert CHAOS v5.0.1 before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
5.6%
CVE-2024-4559 MEDIUM POC This Month

Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-4595 MEDIUM POC This Month

A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Semcms
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-33783 MEDIUM POC This Month

MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::SilentMultiPprfReceiver::expand in /Tools/SilentPprf.cpp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Multi Protocol Spdz
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-33780 MEDIUM POC This Month

MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::copyOut at /Tools/SilentPprf.cpp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Multi Protocol Spdz
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-2913 MEDIUM POC This Month

A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Anythingllm
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2024-33120 CRITICAL Act Now

Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Roothub
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-4186 CRITICAL Act Now

The Edwiser Bridge plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-33164 CRITICAL Act Now

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authUserList() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-33155 CRITICAL Act Now

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the getDeptList() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-33153 CRITICAL Act Now

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-33124 CRITICAL Act Now

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the nodeTitle parameter in the parentNode() function.. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Roothub
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-33857 CRITICAL Act Now

An issue was discovered in Logpoint before 7.4.0. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Siem
NVD
CVSS 3.1
9.6
EPSS
0.4%
CVE-2024-34397 MEDIUM POC This Month

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Glib Debian Linux Fedora Ontap Tools
NVD
CVSS 3.1
5.2
EPSS
0.2%
CVE-2024-33146 CRITICAL Act Now

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the export function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-34346 CRITICAL PATCH Act Now

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Deno
NVD GitHub
CVSS 3.1
9.0
EPSS
0.4%
CVE-2024-33147 HIGH This Week

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authRoleList function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-29150 HIGH This Week

An issue was discovered in Alcatel-Lucent ALE NOE deskphones through 86x8_NOE-R300.1.40.12.4180 and SIP deskphones through 86x8_SIP-R200.1.01.10.728. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-33144 HIGH This Week

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findApplyedTasksPage function in BpmTaskMapper.xml. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-4594 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-32369 MEDIUM POC This Month

SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Mailinspector
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2024-4593 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-4592 MEDIUM POC This Month

A vulnerability classified as problematic was found in DedeCMS 5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-4591 MEDIUM POC This Month

A vulnerability classified as problematic has been found in DedeCMS 5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-4590 MEDIUM POC This Month

A vulnerability was found in DedeCMS 5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-4589 MEDIUM POC This Month

A vulnerability was found in DedeCMS 5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-4588 MEDIUM POC This Month

A vulnerability was found in DedeCMS 5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-4587 MEDIUM POC This Month

A vulnerability was found in DedeCMS 5.7 and classified as problematic.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-4586 MEDIUM POC This Month

A vulnerability has been found in DedeCMS 5.7 and classified as problematic. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-4585 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dedecms
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-33149 HIGH This Week

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the myProcessList function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-22472 HIGH This Week

A buffer Overflow vulnerability in Silicon Labs 500 Series Z-Wave devices may allow Denial of Service, and potential Remote Code execution85.2 running on Silicon Labs 500 series Z-wave devices. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Denial Of Service
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2024-27273 HIGH This Week

IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Privilege Escalation Vios Aix
NVD
CVSS 3.1
7.8
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy