Skip to main content
CVE-2024-5326 HIGH Act Now

The Post Grid Gutenberg Blocks and WordPress Blog Plugin - PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 52.9% and no vendor patch available.

WordPress Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
52.9%
CVE-2024-35469 CRITICAL POC Act Now

A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Human Resource Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-35359 CRITICAL POC Act Now

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Dino Physics School Assistant
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-35353 CRITICAL POC Act Now

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Dino Physics School Assistant
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-35350 CRITICAL POC Act Now

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Dino Physics School Assistant
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-35349 CRITICAL POC Act Now

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Dino Physics School Assistant
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-35355 CRITICAL POC Act Now

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Dino Physics School Assistant
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-35354 CRITICAL POC Act Now

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Dino Physics School Assistant
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-3300 CRITICAL POC Act Now

An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization RCE
NVD
CVSS 3.1
9.0
EPSS
2.8%
CVE-2024-5499 HIGH POC This Week

Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google RCE Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-5498 HIGH POC This Week

Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-5497 HIGH POC This Week

Out of bounds memory access in Browser UI in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-5495 HIGH POC This Week

Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-5494 HIGH POC This Week

Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-5493 HIGH POC This Week

Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-35433 HIGH POC This Week

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zkbio Cvsecurity
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-35430 HIGH POC This Week

In ZKTeco ZKBio CVSecurity v6.1.1_R and earlier (fixed in 6.1.3_R) an authenticated user can bypass password checks while exporting data from the application. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zkbio Cvsecurity
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-35431 HIGH POC This Week

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Zkbio Cvsecurity
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-3584 HIGH POC PATCH This Week

{name}/snapshots/upload` endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Qdrant
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-35428 HIGH POC This Week

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Zkbio Cvsecurity
NVD GitHub
CVSS 3.1
7.1
EPSS
0.8%
CVE-2024-5519 MEDIUM POC This Month

A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Learning Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-5517 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Blood Bank Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-35189 MEDIUM POC PATCH This Month

Fides is an open-source privacy engineering platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Fides
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-35429 MEDIUM POC This Month

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Zkbio Cvsecurity
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-35358 MEDIUM POC This Month

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Dino Physics School Assistant
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-35356 MEDIUM POC This Month

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Dino Physics School Assistant
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-35352 MEDIUM POC This Month

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dino Physics School Assistant
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-35432 MEDIUM POC This Month

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting (XSS) via an Audio File. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zkbio Cvsecurity
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-1100 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection.23.5. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 4.0
10.0
EPSS
0.2%
CVE-2024-36031 CRITICAL PATCH Act Now

In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is unconditionally overwritten during. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-5514 CRITICAL Act Now

MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-35345 MEDIUM POC This Month

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dino Physics School Assistant
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-35504 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the login page of FineSoft v8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL:errorname parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Finesoft
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-2422 CRITICAL Act Now

LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lenels2 Netbox
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-2421 CRITICAL Act Now

LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Lenels2 Netbox
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-5518 MEDIUM POC This Month

A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Discussion Forum
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-35357 MEDIUM POC This Month

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Dino Physics School Assistant
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-5516 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Blood Bank Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-5515 MEDIUM POC This Month

A vulnerability was found in SourceCodester Stock Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Stock Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-36896 CRITICAL PATCH Act Now

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix access violation during port device removal Testing with KASAN and syzkaller revealed a bug in. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2024-2420 HIGH This Week

LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Lenels2 Netbox
NVD
CVSS 4.0
8.8
EPSS
0.5%
CVE-2024-5271 HIGH This Week

Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a type confusion, which could result in arbitrary code execution. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Memory Corruption Monitouch V Sft
NVD
CVSS 4.0
8.5
EPSS
0.4%
CVE-2024-34171 HIGH This Week

Fuji Electric Monitouch V-SFT is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Monitouch V Sft
NVD
CVSS 4.0
8.5
EPSS
0.6%
CVE-2024-3301 HIGH This Week

An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization RCE
NVD
CVSS 3.1
8.5
EPSS
0.7%
CVE-2024-36913 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails In CoCo VMs it is possible for the untrusted host to cause. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Linux Debian Linux Linux Kernel
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2024-36912 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl In CoCo VMs it is possible for the untrusted host to cause. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2024-36267 HIGH This Week

Path traversal vulnerability exists in Redmine DMSF Plugin versions prior to 3.1.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-36904 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free VMware Linux +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-36940 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-36898 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix uninitialised kfifo If a line is requested with debounce, and that results in debouncing in software, and the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Linux
NVD
CVSS 3.1
7.8
EPSS
0.0%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy