Skip to main content
CVE-2024-4535 HIGH POC This Week

The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Kkprogressbar2
NVD WPScan
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-35219 HIGH POC PATCH This Week

OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
8.3
EPSS
3.6%
CVE-2024-36428 HIGH POC This Week

OrangeHRM 3.3.3 allows admin/viewProjects sortOrder SQL injection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Orangehrm
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2024-35182 HIGH POC PATCH This Week

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Kubernetes Meshery
NVD GitHub
CVSS 3.1
8.1
EPSS
1.6%
CVE-2024-35181 HIGH POC PATCH This Week

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Kubernetes Meshery
NVD GitHub
CVSS 3.1
8.1
EPSS
1.6%
CVE-2024-34477 HIGH POC This Week

configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Fogproject
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-4531 HIGH POC This Week

The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing cards via CSRF. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Business Card
NVD WPScan
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-5384 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Facebook News Feed Like 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Facebook News Feed Like
NVD VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-4533 MEDIUM POC This Month

The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin users to perform SQL injection attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Kkprogressbar2
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-4532 MEDIUM POC This Month

The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting cards via CSRF. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Business Card
NVD WPScan
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-4530 MEDIUM POC This Month

The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing card categories. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Business Card
NVD WPScan
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-4534 MEDIUM POC This Month

The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Kkprogressbar2
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-0851 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Grup Arge Energy and Control Systems Smartpower allows SQL Injection.05.27. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 4.0
10.0
EPSS
0.1%
CVE-2024-5407 CRITICAL Act Now

A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection PHP RCE Rhinos
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-26289 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.5.1 before 7.5.6-2, from 7.4.1 before 7.4.9, from 7.3.1 before 7.3.18. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Pmb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-3939 MEDIUM POC This Month

The Ditty WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ditty
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-5397 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Online Student Enrollment System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Student Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-5396 MEDIUM POC This Month

A vulnerability classified as critical has been found in itsourcecode Online Student Enrollment System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Student Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-5395 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Student Enrollment System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Student Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-5394 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Student Enrollment System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Student Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-5393 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Student Enrollment System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Student Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-5392 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Student Enrollment System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Student Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-5391 MEDIUM POC This Month

A vulnerability has been found in itsourcecode Online Student Enrollment System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Student Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-5390 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in itsourcecode Online Student Enrollment System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Student Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-4529 MEDIUM POC This Month

The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting card. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

WordPress CSRF Business Card
NVD WPScan
CVSS 3.1
5.0
EPSS
0.2%
CVE-2024-35236 MEDIUM POC PATCH This Month

Audiobookshelf is a self-hosted audiobook and podcast server. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS Microsoft Audiobookshelf
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2024-5035 HIGH This Week

The affected device expose a network service called "rftest" that is vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
8.8
EPSS
3.2%
CVE-2024-5400 HIGH This Week

Openfind Mail2000 does not properly filter parameters of specific CGI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Mail2000
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-35231 HIGH PATCH This Week

rack-contrib provides contributed rack middleware and utilities for Rack, a Ruby web server interface. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
8.6
EPSS
0.7%
CVE-2024-29415 HIGH This Week

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF Node.js
NVD GitHub
CVSS 3.1
8.1
EPSS
8.3%
CVE-2024-36426 HIGH This Week

In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-35237 HIGH This Week

MIT IdentiBot is an open-source Discord bot written in Node.js that verifies individuals' affiliations with MIT, grants them roles in a Discord server, and stores information about them in a database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Node.js
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-3933 HIGH PATCH This Week

In Eclipse OpenJ9 release versions prior to 0.44.0 and after 0.13.0, when running with JVM option -Xgc:concurrentScavenge, the sequence generated for System.arrayCopy on the IBM Z platform with. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

IBM Buffer Overflow Information Disclosure Openj9
NVD GitHub
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-5403 HIGH This Week

ASKEY 5G NR Small Cell fails to properly filter user input for certain functionality, allowing remote attackers with administrator privilege to execute arbitrary system commands on the remote server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-5399 HIGH This Week

Openfind Mail2000 does not properly filter parameters of specific API. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Mail2000
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-32978 MEDIUM PATCH This Month

Kaminari is a paginator for web app frameworks and object relational mappings. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
6.6
EPSS
0.6%
CVE-2024-27310 MEDIUM This Month

Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection LDAP Information Disclosure Zoho Manageengine Adselfservice Plus
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2024-5406 MEDIUM This Month

A vulnerability had been discovered in WinNMP 19.02 consisting of an XSS attack via index page in from, subject, text and hash parameters. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-5405 MEDIUM This Month

A vulnerability had been discovered in WinNMP 19.02 consisting of an XSS attack via /tools/redis.php page in the k, hash, key and p parameters. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Redis PHP XSS
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-34923 MEDIUM This Month

In Avocent DSR2030 Appliance firmware 03.04.00.07 before 03.07.01.23, and SVIP1020 Appliance firmware 01.06.00.03 before 01.07.00.00, there is reflected cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-5409 MEDIUM This Month

RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in /admin/lib/phpthumb/phpthumb.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Rhinos
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-5408 MEDIUM This Month

Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "search" parameter of /portal/search.htm. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rhinos
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-35291 MEDIUM This Month

Cross-site scripting vulnerability exists in Splunk Config Explorer versions prior to 1.7.16. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Splunk
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-36384 MEDIUM This Month

Pointsharp Cryptshare Server before 7.0.0 has an XSS issue that is related to notification messages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-36037 MEDIUM This Month

Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to view the session recordings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Zoho Manageengine Adaudit Plus
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2024-36105 MEDIUM PATCH This Month

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-35238 MEDIUM PATCH This Month

Minder by Stacklok is an open source software supply chain security platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-35229 MEDIUM This Month

ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-36383 MEDIUM This Month

An issue was discovered in Logpoint SAML Authentication before 6.0.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Saml Authentication
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-5385 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in oretnom23 Online Car Wash Booking System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Online Car Wash Booking System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy