Skip to main content
CVE-2024-4434 CRITICAL POC THREAT Emergency

SQL injection in the LearnPress LMS plugin for WordPress (versions up to and including 4.2.6.5) allows remote unauthenticated attackers to append arbitrary SQL to a backend query via the term_id parameter, enabling extraction of sensitive database contents such as user credentials and session data. Publicly available exploit code exists and the EPSS score of 77.09% (99th percentile) indicates a very high probability of opportunistic exploitation against exposed WordPress sites running this plugin.

SQLi WordPress Learnpress
NVD
CVSS 3.1
9.8
EPSS
77.1%
Threat
5.8
CVE-2024-3806 CRITICAL Emergency

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'porto_ajax_posts' function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 56.5% and no vendor patch available.

WordPress PHP RCE LFI Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
56.5%
CVE-2024-29895 CRITICAL POC THREAT Act Now

Cacti provides an operational monitoring and fault management framework. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection Docker
NVD GitHub
CVSS 3.1
10.0
EPSS
94.3%
CVE-2024-4764 CRITICAL POC Act Now

Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-33485 CRITICAL POC Act Now

SQL Injection vulnerability in CASAP Automated Enrollment System using PHP/MySQLi with Source Code V1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-34256 CRITICAL POC Act Now

OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ofcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-32353 CRITICAL POC Act Now

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'port' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2024-34945 CRITICAL POC Act Now

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPW parameter at ip/goform/WizardHandle. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Fh1206 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-34943 CRITICAL POC Act Now

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/NatStaticSetting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1206 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-34213 CRITICAL POC Act Now

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the SetPortForwardRules function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Cp450 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-34209 CRITICAL POC Act Now

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFilterRules function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Cp450 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-34204 CRITICAL POC Act Now

TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp450 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-32735 CRITICAL POC Act Now

An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Powerpanel
NVD
CVSS 3.1
9.8
EPSS
6.8%
CVE-2024-31810 CRITICAL POC Act Now

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-32977 CRITICAL POC PATCH Act Now

OctoPrint provides a web interface for controlling consumer 3D printers. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Octoprint
NVD GitHub
CVSS 3.1
9.4
EPSS
0.9%
CVE-2024-34226 CRITICAL POC Act Now

SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id=1 in SourceCodester Visitor Management System 1.0 allow attackers to execute arbitrary SQL commands via the id parameters. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Visitor Management System
NVD GitHub
CVSS 3.1
9.4
EPSS
0.8%
CVE-2024-35049 CRITICAL POC Act Now

SurveyKing v1.3.1 was discovered to keep users' sessions active after logout. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Surveyking
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-32964 CRITICAL POC PATCH THREAT Act Now

Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Lobe Chat
NVD GitHub
CVSS 3.1
9.0
EPSS
52.7%
CVE-2024-4560 CRITICAL Act Now

The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the chatbot_chatgpt_upload_file_to_assistant function in all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.3% and no vendor patch available.

WordPress File Upload RCE
NVD
CVSS 3.1
9.8
EPSS
13.3%
CVE-2024-34555 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in URBAN BASE Z-Downloads.11.3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
7.9%
CVE-2024-4413 CRITICAL Act Now

The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.11.1 via deserialization of untrusted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Deserialization PHP Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2024-31377 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
1.7%
CVE-2024-3070 CRITICAL Act Now

The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure WordPress
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2024-34411 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Thomas Scholl canvasio3D Light.5.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.8%
CVE-2024-32741 CRITICAL Act Now

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Simatic Cn 4100 Firmware
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2024-30207 CRITICAL Act Now

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
10.0
EPSS
0.8%
CVE-2024-32700 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks Kognetiks Chatbot for WordPress.0.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress File Upload
NVD
CVSS 3.1
10.0
EPSS
2.6%
CVE-2024-4701 CRITICAL PATCH Act Now

A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD GitHub
CVSS 3.1
9.9
EPSS
24.6%
CVE-2024-29212 CRITICAL Act Now

Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Veeam Service Provider Console
NVD
CVSS 3.0
9.9
EPSS
1.6%
CVE-2024-31473 CRITICAL Act Now

There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-31472 CRITICAL Act Now

There are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-31471 CRITICAL Act Now

There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-31470 CRITICAL Act Now

There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that could lead to unauthenticated remote code execution by sending specially crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aruba RCE Arubaos +1
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-31469 CRITICAL Act Now

There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aruba RCE Arubaos +1
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-31468 CRITICAL Act Now

There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aruba RCE Arubaos +1
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-31467 CRITICAL Act Now

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aruba RCE Arubaos +1
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-31466 CRITICAL Act Now

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aruba RCE Arubaos +1
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-4778 CRITICAL Act Now

Memory safety bugs present in Firefox 125. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Mozilla Firefox
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-33868 CRITICAL Act Now

An issue was discovered in linqi before 1.4.0.1 on Windows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection LDAP Microsoft Linqi
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-33863 CRITICAL Act Now

An issue was discovered in linqi before 1.4.0.1 on Windows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI PHP Information Disclosure Microsoft Linqi
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-32740 CRITICAL Act Now

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Simatic Cn 4100 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-27939 CRITICAL Act Now

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Ruggedcom Crossbow
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-4825 CRITICAL PATCH Act Now

A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Cockpit
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-4824 CRITICAL Act Now

Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP/office_admin/' index in the parameters groups_id, examname, classes_id, es_voucherid, es_class, etc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi School Erp Pro Responsive
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-3263 CRITICAL Act Now

YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-35099 CRITICAL Act Now

TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow via the password parameter in the function loginAuth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Lr350 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-34706 CRITICAL PATCH Act Now

Valtimo is an open source business process and case management platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-33874 CRITICAL Act Now

HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Hdf5
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-32991 CRITICAL Act Now

Permission verification vulnerability in the wpa_supplicant module Impact: Successful exploitation of this vulnerability will affect availability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-32621 CRITICAL Act Now

HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5HG_read in H5HG.c (called from H5VL__native_blob_get in H5VLnative_blob.c), resulting in the corruption of the instruction. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Hdf5
NVD
CVSS 3.1
9.8
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy