Skip to main content
CVE-2024-34950 HIGH POC This Week

D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer overflow vulnerability in the SetNetworkTomographySettings module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure D-Link Dir 822 Firmware
NVD
CVSS 3.1
7.5
EPSS
5.2%
CVE-2024-4068 HIGH POC PATCH This Week

The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Denial Of Service Braces
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-34352 HIGH POC PATCH This Week

1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection 1panel
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-34351 HIGH POC PATCH This Week

Next.js is a React framework that can provide building blocks to create web applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Next Js
NVD GitHub
CVSS 3.1
7.5
EPSS
5.5%
CVE-2024-34220 HIGH POC This Week

Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Human Resource Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-32739 HIGH POC This Week

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Powerpanel
NVD
CVSS 3.1
7.5
EPSS
5.4%
CVE-2024-32738 HIGH POC This Week

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Powerpanel
NVD
CVSS 3.1
7.5
EPSS
4.5%
CVE-2024-32737 HIGH POC This Week

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Powerpanel
NVD
CVSS 3.1
7.5
EPSS
5.4%
CVE-2024-32736 HIGH POC This Week

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Powerpanel
NVD
CVSS 3.1
7.5
EPSS
5.4%
CVE-2024-31441 HIGH POC This Week

DataEase is an open source data visualization analysis tool. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dataease
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-30259 HIGH POC This Week

FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Fast Dds
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-30258 HIGH POC PATCH This Week

FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Fast Dds
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-34224 HIGH POC This Week

Cross Site Scripting vulnerability in /php-lms/classes/Users.php?f=save in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Computer Laboratory Management System
NVD GitHub
CVSS 3.1
7.3
EPSS
0.9%
CVE-2024-34215 HIGH POC This Week

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setUrlFilterRules function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Cp450 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.6%
CVE-2024-34212 HIGH POC This Week

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the CloudACMunualUpdate function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Cp450 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.6%
CVE-2024-34210 HIGH POC This Week

TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp450 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
1.2%
CVE-2024-34205 HIGH POC This Week

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the download_firmware function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp450 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
1.2%
CVE-2024-34201 HIGH POC This Week

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the getSaveConfig function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Cp450 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.6%
CVE-2024-34077 HIGH POC PATCH This Week

MantisBT (Mantis Bug Tracker) is an open source issue tracker. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Information Disclosure Mantisbt
NVD GitHub
CVSS 3.1
7.3
EPSS
1.2%
CVE-2024-34338 HIGH POC This Week

Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection O3 Firmware
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2024-3903 HIGH POC This Week

The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Add Custom Css And Js
NVD WPScan
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-34231 HIGH POC This Week

A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Laboratory Management System
NVD GitHub
CVSS 3.1
7.1
EPSS
0.5%
CVE-2024-4818 MEDIUM POC This Month

A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as problematic.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Online Laundry Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.0%
CVE-2024-4397 HIGH This Week

The LearnPress - WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_post_materials' function in versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload Learnpress
NVD
CVSS 3.1
8.8
EPSS
9.4%
CVE-2024-4413 CRITICAL Act Now

The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.11.1 via deserialization of untrusted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Deserialization PHP Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2024-34946 MEDIUM POC This Month

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/DhcpListClient. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1206 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-34245 MEDIUM POC This Month

An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtml_js_action.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Dedecms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-34206 MEDIUM POC This Month

TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp450 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2024-34202 MEDIUM POC This Month

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setMacFilterRules function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Cp450 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-33774 MEDIUM POC This Month

A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanSetup_Wizard allows remote authenticated users to trigger a denial of service (DoS) through the parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Denial Of Service Dir 619l Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-33773 MEDIUM POC This Month

A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formWlanGuestSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Denial Of Service Dir 619l Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-33771 MEDIUM POC This Month

A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via goform/formWPS, allows remote authenticated users to trigger a denial of service (DoS) through the parameter "webpage.". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Denial Of Service Dir 619l Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-33454 MEDIUM POC This Month

Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the Bluetooth stack component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Esp Idf
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-4107 MEDIUM POC This Month

The Elementor Website Builder - More than Just a Page Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in versions up to, and including, 3.21.0. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Website Builder Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-31377 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
1.7%
CVE-2024-3070 CRITICAL Act Now

The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure WordPress
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2024-35012 MEDIUM POC This Month

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-34698 MEDIUM POC PATCH This Month

FreeScout is a free, self-hosted help desk and shared mailbox. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Prototype Pollution XSS Freescout
NVD GitHub
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-4768 MEDIUM POC This Month

A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mozilla Firefox Thunderbird Debian Linux
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-4860 MEDIUM POC This Month

The 'WordPress RSS Aggregator' WordPress Plugin, versions < 4.23.9 are affected by a Cross-Site Scripting (XSS) vulnerability due to the lack of sanitization of the 'notice_id' GET parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Rss Aggregator
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-3590 MEDIUM POC This Month

The LetterPress WordPress plugin through 1.2.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Letterpress
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-34697 MEDIUM POC PATCH This Month

FreeScout is a free, self-hosted help desk and shared mailbox. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Freescout
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-34230 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Laboratory Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-34225 MEDIUM POC This Month

Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP XSS RCE Computer Laboratory Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-2299 MEDIUM POC This Month

A stored Cross-Site Scripting (XSS) vulnerability exists in the parisneo/lollms-webui application due to improper validation of uploaded files in the profile picture upload functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass XSS CSRF Lollms Web Ui
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-24157 MEDIUM POC This Month

Gnuboard g6 / https://github.com/gnuboard/g6 commit c2cc1f5069e00491ea48618d957332d90f6d40e4 is vulnerable to Cross Site Scripting (XSS) via board.py. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gnuboard
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-3807 HIGH This Week

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via 'porto_page_header_shortcode_type', 'slideshow_type' and 'post_layout' post meta. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP RCE LFI Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
6.4%
CVE-2024-34411 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Thomas Scholl canvasio3D Light.5.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.8%
CVE-2024-32741 CRITICAL Act Now

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Simatic Cn 4100 Firmware
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2024-32354 MEDIUM POC This Month

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
6.0
EPSS
1.0%
Prev Page 2 of 15 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy