Skip to main content
CVE-2024-4687 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-4686 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-4685 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-4684 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-4683 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-4682 MEDIUM POC This Month

A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-4678 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-4677 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-4676 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-4675 MEDIUM POC This Month

A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-4674 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-4673 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-4672 MEDIUM POC This Month

A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complete Web Based School Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-4067 MEDIUM POC PATCH This Month

The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Denial Of Service Micromatch
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2024-34440 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.2.63. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ai Engine
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-34416 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Pk Favicon Manager.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-3954 HIGH This Week

The Ditty plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.1.38 via deserialization of untrusted input when adding a new ditty. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Deserialization PHP Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-4681 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Campcodes Legal Case Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Legal Case Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
1.0%
CVE-2024-3016 CRITICAL Act Now

NEC Platforms DT900 and DT900S Series 5.0.0.0 - v5.3.4.4, v5.4.0.0 - v5.6.0.20 allows an attacker to access a non-documented the system settings to change settings via local network with. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-34365 CRITICAL Act Now

** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Karaf Cave
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2024-32622 CRITICAL Act Now

HDF5 Library through 1.14.3 contains a out-of-bounds read operation in H5FL_arr_malloc in H5FL.c (called from H5S_set_extent_simple in H5S.c). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Hdf5
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2024-2257 CRITICAL Act Now

This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to improper implementation of password policies. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2024-26517 CRITICAL Act Now

SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the delete-task.php component. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP XSS School Task Manager
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-31488 CRITICAL Act Now

An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortinac
NVD
CVSS 3.1
9.0
EPSS
1.0%
CVE-2024-34687 CRITICAL PATCH Act Now

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

XSS SAP Sap Basis
NVD
CVSS 3.1
9.0
EPSS
0.4%
CVE-2024-30209 CRITICAL Act Now

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS. Rated critical severity (CVSS 9.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.0
EPSS
0.3%
CVE-2024-34708 MEDIUM POC PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Directus
NVD GitHub
CVSS 3.1
4.9
EPSS
0.8%
CVE-2024-3055 HIGH This Week

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Unlimited Elements For Elementor Elementor
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-3808 HIGH This Week

The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the 'porto_portfolios' shortcode 'portfolio_layout'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE WordPress LFI
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-3809 HIGH This Week

The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 via the 'slideshow_type' post meta. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE WordPress LFI
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-3828 HIGH This Week

The Spectra Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation WordPress
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-31477 HIGH This Week

Multiple authenticated command injection vulnerabilities exist in the command line interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Instantos
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-31476 HIGH This Week

Multiple authenticated command injection vulnerabilities exist in the command line interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Instantos
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-4777 HIGH This Week

Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-31491 HIGH This Week

A client-side enforcement of server-side security vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6 allows attacker to execute unauthorized code or commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortisandbox
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-30040 HIGH KEV PATCH THREAT This Week

Windows MSHTML Platform Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2024-30017 HIGH This Week

Windows Hyper-V Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +11
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-30010 HIGH This Week

Windows Hyper-V Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019 +2
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2024-30009 HIGH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-30007 HIGH This Week

Microsoft Brokering File System Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Windows Server 2022 23h2
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-30006 HIGH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-30206 HIGH This Week

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.8
EPSS
0.3%
CVE-2024-27941 HIGH This Week

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Ruggedcom Crossbow
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-27940 HIGH This Week

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Ruggedcom Crossbow
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-4129 HIGH This Week

Improper Authentication vulnerability in Snow Software AB Snow License Manager on Windows allows a networked attacker to perform an Authentication Bypass if Active Directory Authentication is. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-3582 MEDIUM POC This Month

The UnGallery WordPress plugin through 2.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Ungallery
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-34944 HIGH This Week

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1206 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-34707 MEDIUM POC PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Nautobot
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2024-34310 HIGH This Week

Jin Fang Times Content Management System v3.2.3 was discovered to contain a SQL injection vulnerability via the id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-34308 HIGH This Week

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Lr350 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
Prev Page 5 of 15 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy