Skip to main content
CVE-2024-30163 CRITICAL POC Act Now

Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\_store::_categoryView() method, where user input passed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Invisioncommunity
NVD
CVSS 3.1
9.8
EPSS
8.7%
CVE-2024-36673 CRITICAL POC Act Now

Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pharmacy Medical Store Point Of Sale System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-4620 CRITICAL POC Act Now

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure PHP Arforms
NVD WPScan
CVSS 3.1
9.8
EPSS
3.3%
CVE-2024-3592 CRITICAL PATCH Act Now

The Quiz And Survey Master - Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'question_id' parameter in all versions up to, and including,. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Quiz And Survey Master
NVD
CVSS 3.1
9.9
EPSS
0.6%
CVE-2024-37385 CRITICAL PATCH Act Now

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Microsoft Webmail
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-37388 CRITICAL PATCH Act Now

An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of lxml before v4.9.1 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Denial Of Service Ebookmeta
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy