Skip to main content
CVE-2024-37014 CRITICAL POC PATCH Act Now

Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE Langflow
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-36412 CRITICAL POC Act Now

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Suitecrm
NVD GitHub
CVSS 3.1
9.8
EPSS
5.7%
CVE-2024-32167 CRITICAL POC Act Now

Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Arbitrary file deletion vulnerability as the backend settings have the function of deleting pictures to delete any files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Online Medicine Ordering System
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-31611 CRITICAL POC Act Now

SeaCMS 12.9 has a file deletion vulnerability via admin_template.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Seacms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-4403 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Lollms Webui
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-36528 HIGH POC This Week

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE PHP Egovernment Nukeviet
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-27815 HIGH Act Now

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 24.3% and no vendor patch available.

Apple RCE Memory Corruption Buffer Overflow Ipados +5
NVD VulDB
CVSS 3.1
7.8
EPSS
24.3%
CVE-2024-4328 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Lollms Web Ui
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2024-37393 HIGH POC This Week

Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Multi Factor Authentication Solutions
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2024-37880 HIGH POC PATCH This Week

The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Kyber
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-31612 MEDIUM POC This Month

Emlog pro2.3 is vulnerable to Cross Site Request Forgery (CSRF) via twitter.php which can be used with a XSS vulnerability to access administrator information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS CSRF Emlog
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-34762 CRITICAL Act Now

Vulnerability discovered by executing a planned security audit. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP
NVD
CVSS 3.1
9.9
EPSS
0.6%
CVE-2024-35746 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.1.4.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Buddypress Cover
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-35677 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes MegaMenu allows PHP Local File Inclusion.3.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Mega Menu
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-35735 CRITICAL Act Now

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.2.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp Time Slots Booking Form
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-22298 CRITICAL Act Now

Missing Authorization vulnerability in TMS Amelia ameliabooking.0.98. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Amelia
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-36531 MEDIUM POC This Month

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Egovernment Nukeviet
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2024-31613 MEDIUM POC This Month

BOSSCMS v3.10 is vulnerable to Cross Site Request Forgery (CSRF) in name="head_code" or name="foot_code.". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Bosscms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-35307 CRITICAL Act Now

Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute arbitrary code on the server. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Pandora Fms
NVD
CVSS 4.0
9.4
EPSS
0.9%
CVE-2024-37169 MEDIUM POC PATCH This Month

@jmondi/url-to-png is a self-hosted URL to PNG utility. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-35304 CRITICAL Act Now

System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Pandora Fms
NVD
CVSS 4.0
9.3
EPSS
1.1%
CVE-2024-3700 CRITICAL Act Now

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Simple Care
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-3699 CRITICAL Act Now

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Gabinet
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-1228 CRITICAL Act Now

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Przychodnia
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-27833 HIGH This Week

An integer overflow was addressed with improved input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple RCE Integer Overflow Safari Ipados +3
NVD VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-35658 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal WordPress Checkout Field Editor For Woocommerce
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-27851 HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow Safari Ipados +5
NVD VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-27820 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Buffer Overflow Safari Ipados +5
NVD VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-27808 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-36417 CRITICAL Act Now

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Suitecrm
NVD GitHub
CVSS 3.1
9.0
EPSS
0.4%
CVE-2024-37166 HIGH PATCH This Week

ghtml is software that uses tagged templates for template engine functionality. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
8.9
EPSS
0.4%
CVE-2024-35305 HIGH This Week

Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. Rated high severity (CVSS 8.9). No vendor patch available.

SQLi Pandora Fms
NVD
CVSS 4.0
8.9
EPSS
0.4%
CVE-2024-27855 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Information Disclosure Ipados Iphone Os +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-36418 HIGH This Week

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-36415 HIGH This Week

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

LFI RCE PHP Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-36411 HIGH This Week

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-36410 HIGH This Week

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-36409 HIGH This Week

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-3850 MEDIUM POC This Month

Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nvr301 04S2 P4 Firmware
NVD GitHub
CVSS 4.0
4.8
EPSS
0.9%
CVE-2024-36408 HIGH This Week

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-35741 HIGH This Week

Missing Authorization vulnerability in Awesome Support Team Awesome Support.1.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Awesome Support
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-35727 HIGH This Week

Missing Authorization vulnerability in actpro Extra Product Options for WooCommerce.0.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Extra Product Options For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-35726 HIGH This Week

Missing Authorization vulnerability in ThemeKraft WooBuddy.4.19. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Buddypress Woocommerce My Account Integration Create Woocommerce Member Pages
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-35725 HIGH This Week

Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.3.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Element Kit For Elementor
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-35724 HIGH This Week

Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.0.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Bosa Elementor Addons And Templates For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-35722 HIGH This Week

Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow - Image slider, Gallery slideshow.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Slider Responsive Slideshow
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-35721 HIGH This Week

Missing Authorization vulnerability in A WP Life Image Gallery - Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.4.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Image Gallery
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-35720 HIGH This Week

Missing Authorization vulnerability in A WP Life Album Gallery - WordPress Gallery.5.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Album Gallery
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-35717 HIGH This Week

Missing Authorization vulnerability in A WP Life Media Slider - Photo Sleder, Video Slider, Link Slider, Carousal Slideshow.3.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Media Slider
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-23524 HIGH This Week

Missing Authorization vulnerability in ONTRAPORT Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Pilotpress
NVD
CVSS 3.1
8.8
EPSS
0.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy