Skip to main content
CVE-2024-4351 HIGH Act Now

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 31.0% and no vendor patch available.

Authentication Bypass SQLi WordPress Tutor Lms
NVD
CVSS 3.1
8.8
EPSS
31.0%
CVE-2024-22476 CRITICAL POC THREAT Act Now

Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Intel
NVD GitHub
CVSS 3.1
10.0
EPSS
33.4%
CVE-2024-4326 CRITICAL POC PATCH Act Now

A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Lollms Web Ui
NVD GitHub
CVSS 3.0
9.8
EPSS
1.0%
CVE-2024-2358 CRITICAL POC Act Now

A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Lollms Web Ui
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2024-2361 CRITICAL POC Act Now

A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to insufficient sanitization of user-supplied input. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Lollms Web Ui
NVD
CVSS 3.0
9.6
EPSS
0.6%
CVE-2024-4352 HIGH Act Now

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 23.3% and no vendor patch available.

SQLi WordPress Authentication Bypass Tutor Lms
NVD
CVSS 3.1
8.8
EPSS
23.3%
CVE-2024-2366 CRITICAL POC Act Now

A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstall_binding functionality in. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Command Injection Lollms Web Ui
NVD
CVSS 3.0
9.0
EPSS
0.7%
CVE-2024-4181 HIGH POC PATCH This Week

A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Command Injection RCE Llamaindex
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2024-3643 HIGH POC This Week

The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Newsletter Popup
NVD WPScan
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-3435 HIGH POC PATCH This Week

A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Lollms Web Ui
NVD GitHub
CVSS 3.0
8.4
EPSS
0.8%
CVE-2024-3126 HIGH POC PATCH This Week

A command injection vulnerability exists in the 'run_xtts_api_server' function of the parisneo/lollms-webui application, specifically within the 'lollms_xtts.py' script. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Python Command Injection Lollms Web Ui
NVD GitHub
CVSS 3.0
8.4
EPSS
1.3%
CVE-2024-4956 HIGH POC THREAT This Week

Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
18.2%
CVE-2024-34905 HIGH POC This Week

FlyFish v3.0.0 was discovered to contain a buffer overflow via the password parameter on the login page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Flyfish
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-4322 HIGH POC THREAT This Week

A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `/list_personalities` endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Lollms Web Ui
NVD
CVSS 3.0
7.5
EPSS
31.0%
CVE-2024-4321 HIGH POC This Week

A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Chuanhuchatgpt
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2024-3848 HIGH POC PATCH THREAT This Week

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Mlflow
NVD GitHub
CVSS 3.1
7.5
EPSS
43.3%
CVE-2024-3403 HIGH POC This Week

imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Path Traversal File Upload Privategpt
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2024-4966 MEDIUM POC This Month

A vulnerability was found in SourceCodester SchoolWebTech 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Schoolwebtech
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-3642 MEDIUM POC This Month

The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Newsletter Popup
NVD WPScan
CVSS 3.1
6.9
EPSS
0.3%
CVE-2024-4929 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Simple Online Bidding System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Simple Online Bidding System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-4927 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Simple Online Bidding System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-4920 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Discussion Forum Site
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-34958 MEDIUM POC This Month

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-4223 CRITICAL PATCH Act Now

The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Tutor Lms
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2024-3641 MEDIUM POC This Month

The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Newsletter Popup
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-4992 CRITICAL Act Now

Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_kuliah/aksi_kuliah.php parameter in nim. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Siadmin
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-4991 CRITICAL Act Now

Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_pass/aksi_pass.php parameter in nama_lengkap. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Siadmin
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-4078 CRITICAL PATCH Act Now

A vulnerability in the parisneo/lollms, specifically in the `/unInstall_binding` endpoint, allows for arbitrary code execution due to insufficient sanitization of user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
NVD GitHub
CVSS 3.0
9.8
EPSS
0.9%
CVE-2024-34957 MEDIUM POC This Month

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/sysImages_deal.php?mudi=infoSet. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-4999 CRITICAL Act Now

A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.95-2; PRO:. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.4
EPSS
12.2%
CVE-2024-4263 MEDIUM POC PATCH This Month

A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Mlflow
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-3851 MEDIUM POC This Month

A stored Cross-Site Scripting (XSS) vulnerability exists in the 'imartinez/privategpt' repository due to improper validation of file uploads. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Privategpt
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-5023 CRITICAL PATCH Act Now

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Netflix ConsoleMe allows Command Injection.4.0. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 4.0
9.3
EPSS
0.9%
CVE-2024-4826 CRITICAL Act Now

SQL injection vulnerability in Simple PHP Shopping Cart affecting version 0.9. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-4975 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in code-projects Simple Chat System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Chat System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-4974 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in code-projects Simple Chat System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simple Chat System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-4973 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Simple Chat System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Chat System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-4972 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Simple Chat System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Chat System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-4968 MEDIUM POC This Month

A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Interactive Map With Marker
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-4967 MEDIUM POC This Month

A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Interactive Map With Marker
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-4946 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Art Gallery Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Art Gallery Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-4945 MEDIUM POC This Month

A vulnerability was found in SourceCodester Best Courier Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Best Courier Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.9%
CVE-2024-4933 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Simple Online Bidding System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Online Bidding System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-4932 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Bidding System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Online Bidding System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-4931 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Bidding System 1.0.php?page=view_udet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Online Bidding System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-4930 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Simple Online Bidding System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Online Bidding System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-4928 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Online Bidding System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-4926 MEDIUM POC This Month

A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Intramurals Student Attendance Management System
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-4925 MEDIUM POC This Month

A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Intramurals Student Attendance Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-4923 MEDIUM POC This Month

A vulnerability has been found in Codezips E-Commerce Site 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload E Commerce Site
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy