Skip to main content
CVE-2024-5084 CRITICAL POC PATCH THREAT Act Now

The Hash Form - Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.2%.

RCE WordPress File Upload Hash Form
NVD
CVSS 3.1
9.8
EPSS
93.2%
Threat
6.3
CVE-2024-35570 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component \controller\ImageUploadController.class of inxedu v2.0.6 allows attackers to execute arbitrary code via uploading a crafted jsp file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Inxedu
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-35086 CRITICAL POC Act Now

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in BpmTaskFromMapper.xml . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-34935 CRITICAL POC Act Now

A SQL injection vulnerability in /view/conversation_history_admin.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-34934 CRITICAL POC Act Now

A SQL injection vulnerability in /view/emarks_range_grade_update_form.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-34932 CRITICAL POC Act Now

A SQL injection vulnerability in /model/update_exam.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-34931 CRITICAL POC Act Now

A SQL injection vulnerability in /model/update_subject.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-34929 CRITICAL POC Act Now

A SQL injection vulnerability in /view/find_friends.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the my_index parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-34927 CRITICAL POC Act Now

A SQL injection vulnerability in /model/update_classroom.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the name parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-4399 CRITICAL POC Act Now

The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Central Authentication Service
NVD WPScan
CVSS 3.1
9.1
EPSS
1.8%
CVE-2024-3594 HIGH POC This Week

The IDonate WordPress plugin through 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Idonate
NVD WPScan
CVSS 3.1
8.7
EPSS
0.5%
CVE-2024-4978 HIGH POC KEV THREAT This Week

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Javs Viewer
NVD
CVSS 4.0
8.7
EPSS
26.9%
CVE-2024-34936 HIGH POC This Week

A SQL injection vulnerability in /view/event1.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the month parameter. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub
CVSS 3.1
8.6
EPSS
0.4%
CVE-2024-4835 HIGH POC This Week

A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
8.2
EPSS
0.8%
CVE-2024-34928 HIGH POC This Week

A SQL injection vulnerability in /model/update_subject_routing.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-5230 MEDIUM POC THREAT This Month

A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
6.9
EPSS
18.8%
CVE-2024-2874 MEDIUM POC This Month

An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-4662 HIGH This Week

The Oxygen Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.8.2 via post metadata. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Code Injection WordPress
NVD
CVSS 3.1
8.8
EPSS
7.9%
CVE-2024-34933 MEDIUM POC This Month

A SQL injection vulnerability in /model/update_grade.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the admission_fee. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-3917 MEDIUM POC This Month

The Pet Manager WordPress plugin through 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pet Manager
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-35222 MEDIUM POC PATCH This Month

Tauri is a framework for building binaries for all major desktop platforms. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-5296 CRITICAL Act Now

D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link D View 8
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2024-35375 CRITICAL Act Now

There is an arbitrary file upload vulnerability on the media add .php page in the backend of the website in version 5.7.114 of DedeCMS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Dedecms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-35080 CRITICAL Act Now

An arbitrary file upload vulnerability in the gok4 method of inxedu v2024.4 allows attackers to execute arbitrary code via uploading a crafted .jsp file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Inxedu
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-35079 CRITICAL Act Now

An arbitrary file upload vulnerability in the uploadAudio method of inxedu v2024.4 allows attackers to execute arbitrary code via uploading a crafted .jsp file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Inxedu
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-35091 CRITICAL Act Now

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysTenantMapper.xml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-35084 CRITICAL Act Now

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysMsgPushMapper.xml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi J2Eefast
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-5168 CRITICAL Act Now

Improper access control vulnerability in Prodys' Quantum Audio codec affecting versions 2.3.4t and below. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-5165 MEDIUM POC PATCH This Month

In Eclipse Ditto versions 3.0.0 to 3.5.5, the user input of several input fields of the Eclipse Ditto Explorer User Interface https://eclipse.dev/ditto/user-interface.html was not properly. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ditto
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-34930 MEDIUM POC This Month

A SQL injection vulnerability in /model/all_events1.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the month parameter. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-5240 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-5239 MEDIUM POC This Month

A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-5238 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-5237 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-5236 MEDIUM POC This Month

A vulnerability classified as critical was found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-5235 MEDIUM POC This Month

A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-5234 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-5233 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-5232 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-5231 MEDIUM POC This Month

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complete Web Based School Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-5085 HIGH PATCH This Week

The Hash Form - Drag & Drop Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input in the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

WordPress Deserialization PHP Information Disclosure Hash Form
NVD
CVSS 3.1
8.1
EPSS
4.4%
CVE-2024-4779 HIGH PATCH This Week

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to SQL Injection via the ‘data[post_ids][0]’ parameter in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Unlimited Elements For Elementor Elementor
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-5299 HIGH This Week

D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link RCE D View 8
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2024-5298 HIGH This Week

D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link RCE D View 8
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2024-5297 HIGH This Week

D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection RCE D View 8
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2024-5295 HIGH This Week

D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection RCE G416 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-5293 HIGH This Week

D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow D-Link RCE Dir 2640 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2024-5291 HIGH This Week

D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection RCE Dir 2150 Firmware
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2024-5247 HIGH This Week

NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear RCE File Upload Prosafe Network Management System
NVD
CVSS 3.1
8.8
EPSS
26.9%
CVE-2024-5246 HIGH This Week

NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat RCE Apache Netgear Prosafe Network Management Software 300
NVD
CVSS 3.1
8.8
EPSS
31.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy