Skip to main content
CVE-2024-4889 HIGH POC This Week

A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Google Litellm
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-5248 MEDIUM POC This Month

In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the `GET /v1/users/me/org` endpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lunary
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-5131 MEDIUM POC PATCH This Month

An Improper Access Control vulnerability exists in the lunary-ai/lunary repository, affecting versions up to and including 1.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Lunary
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-5126 MEDIUM POC PATCH This Month

An improper access control vulnerability exists in the lunary-ai/lunary repository, specifically within the versions.patch functionality for updating prompts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Lunary
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-3404 MEDIUM POC This Month

In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Chuanhuchatgpt
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-3153 MEDIUM POC PATCH This Month

mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service (DOS) condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Anythingllm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-2035 MEDIUM POC PATCH This Month

An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Zenml
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-3504 MEDIUM POC PATCH This Month

An improper access control vulnerability exists in lunary-ai/lunary versions up to and including 1.2.2, where an admin can update any organization user to the organization owner. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Lunary
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-5658 MEDIUM POC PATCH This Month

The CraftCMS plugin Two-Factor Authentication through 3.3.3 allows reuse of TOTP tokens multiple times within the validity period. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Two Factor Authentication
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-36399 MEDIUM POC PATCH This Month

Kanboard is project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass PHP Kanboard
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-5153 CRITICAL PATCH Act Now

The Startklar Elementor Addons plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.15 via the 'dropzone_hash' parameter. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Startklar Elmentor Addons
NVD
CVSS 3.1
9.1
EPSS
5.5%
CVE-2024-5478 MEDIUM POC This Month

A Cross-site Scripting (XSS) vulnerability exists in the SAML metadata endpoint `/auth/saml/${org?.id}/metadata` of lunary-ai/lunary version 1.2.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lunary
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-5278 MEDIUM POC This Month

gaizhenbiao/chuanhuchatgpt is vulnerable to an unrestricted file upload vulnerability due to insufficient validation of uploaded file types in its `/upload` endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Python File Upload Chuanhuchatgpt
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-2383 MEDIUM POC PATCH This Month

A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Zenml
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-22074 CRITICAL Act Now

Dynamsoft Service 1.8.1025 through 1.8.2013, 1.7.0330 through 1.7.2531, 1.6.0428 through 1.6.1112, 1.5.0625 through 1.5.3116, 1.4.0618 through 1.4.1230, and 1.0.516 through 1.3.0115 has Incorrect. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dynamsoft Service
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-1881 CRITICAL PATCH Act Now

AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Autogpt Classic
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-36736 CRITICAL Act Now

An issue in the oneflow.permute component of OneFlow-Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oneflow
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-5675 CRITICAL Act Now

Untrusted data deserialization vulnerability has been found in Mentor - Employee Portal, affecting version 3.83.35. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Mentor
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-36394 CRITICAL Act Now

SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Sysaid
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-36393 CRITICAL Act Now

SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sysaid
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-4177 CRITICAL Act Now

A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Gravityzone
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-22525 MEDIUM POC This Month

dnspod-sr 0dfbd37 contains a SEGV. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Dnspod Security Recursive
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-22524 MEDIUM POC This Month

dnspod-sr 0dfbd37 is vulnerable to buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Buffer Overflow Denial Of Service Dnspod Security Recursive
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-36775 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Monstra
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-3402 MEDIUM POC This Month

A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Chuanhuchatgpt
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-3099 MEDIUM POC PATCH This Month

A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mlflow
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-5127 MEDIUM POC PATCH This Month

In lunary-ai/lunary versions 1.2.2 through 1.2.25, an improper access control vulnerability allows users on the Free plan to invite other members and assign them any role, including those intended. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Lunary
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-5550 MEDIUM POC This Month

In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal H2O
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2024-3102 MEDIUM POC PATCH This Month

A JSON Injection vulnerability exists in the `mintplex-labs/anything-llm` application, specifically within the username parameter during the login process at the `/api/request-token` endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Anythingllm
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-24192 CRITICAL Act Now

robdns commit d76d2e6 was discovered to contain a heap overflow via the component block->filename at /src/zonefile-insertion.c. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Robdns
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-1873 CRITICAL Act Now

parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed `/select_database` endpoint in version a9d16b0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Denial Of Service Lollms Web Ui
NVD GitHub
CVSS 3.1
9.1
EPSS
13.4%
CVE-2024-5329 HIGH PATCH This Week

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to blind SQL Injection via the ‘data[addonID]’ parameter in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Unlimited Elements For Elementor Elementor
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-4890 MEDIUM POC MAL This Month

A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass SQLi Litellm
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-5179 HIGH PATCH This Week

The Cowidgets - Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.2 via the 'item_style' and 'style' parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Information Disclosure RCE WordPress +2
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-32752 HIGH This Week

The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated communications with ICU, which may allow an attacker to gain unauthorized access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.8
EPSS
0.6%
CVE-2024-2171 MEDIUM POC PATCH This Month

A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Zenml
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-5505 HIGH This Week

NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Netgear Prosafe Network Management System
NVD
CVSS 3.1
8.8
EPSS
47.0%
CVE-2024-5269 HIGH This Week

Sonos Era 100 SMB2 Message Handling Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Era 100 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-5267 HIGH This Week

Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Era 100 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-30368 HIGH This Week

A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Advanced Core Operating System
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2024-5684 HIGH This Week

An attacker with access to the private network (the charger is connected to) or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Id Charger Connect Firmware Id Charger Pro Firmware
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-2965 MEDIUM POC PATCH This Month

A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Python Denial Of Service Langchain
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-0912 HIGH This Week

Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Software House C Cure 9000 Siteserver
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2023-6966 HIGH PATCH This Week

The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass PHP WordPress The Moneytizer
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-6968 HIGH This Week

The The Moneytizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.6.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass CSRF The Moneytizer
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-36795 MEDIUM POC This Month

Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Netgear Wnr614 Firmware
NVD
CVSS 3.1
4.0
EPSS
0.3%
CVE-2024-5306 HIGH This Week

Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Power Pdf
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-5305 HIGH This Week

Kofax Power PDF PDF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Power Pdf
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-5304 HIGH This Week

Kofax Power PDF TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Power Pdf
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-30373 HIGH This Week

Kofax Power PDF JPF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Power Pdf
NVD
CVSS 3.1
7.8
EPSS
0.6%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy