Skip to main content
CVE-2024-3922 CRITICAL POC THREAT Emergency

The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.5%.

SQLi WordPress Dokan
NVD
CVSS 3.1
10.0
EPSS
89.5%
Threat
6.2
CVE-2024-34102 CRITICAL POC KEV PATCH THREAT Act Now

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Adobe XXE Commerce Commerce Webhooks +1
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2024-31777 CRITICAL POC Act Now

File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Openeclass
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
3.8%
CVE-2024-37635 CRITICAL POC Act Now

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-37634 CRITICAL POC Act Now

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiEasyCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-37632 CRITICAL POC Act Now

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password parameter in function loginAuth . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-37849 CRITICAL POC Act Now

A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Billing System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-3552 CRITICAL POC THREAT Act Now

The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Web Directory Free
NVD WPScan
CVSS 3.1
9.8
EPSS
67.3%
CVE-2024-37633 HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiGuestCfg. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-37631 HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the File parameter in function UploadCustomModule. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-37630 HIGH POC This Week

D-Link DIR-605L v2.13B01 was discovered to contain a hardcoded password vulnerability in /etc/passwd, which allows attackers to log in as root. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 605l Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-4145 HIGH POC This Week

The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks (such as within a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Search Replace
NVD WPScan
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-5976 MEDIUM POC This Month

A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Employee And Visitor Gate Pass Logging System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-5947 MEDIUM POC This Month

Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Dse855 Firmware
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2024-3032 MEDIUM POC This Month

Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Builder
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2024-4371 CRITICAL Act Now

The CoDesigner WooCommerce Builder for Elementor - Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization PHP Information Disclosure WordPress Codesigner
NVD
CVSS 3.1
9.0
EPSS
5.4%
CVE-2024-32913 CRITICAL Act Now

In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-32911 CRITICAL Act Now

There is a possible escalation of privilege due to improperly used crypto. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-32905 CRITICAL Act Now

In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an incorrect bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-29786 CRITICAL Act Now

In pktproc_fill_data_addr_without_bm of link_rx_pktproc.c, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-22441 CRITICAL Act Now

HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cray Parallel Application Launch Service
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-37131 CRITICAL Act Now

SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cors Misconfiguration Policy Manager For Secure Connect Gateway
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-30300 CRITICAL Act Now

Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Information Exposure vulnerability (CWE-200) that could lead to privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Information Disclosure Framemaker Publishing Server
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-30299 CRITICAL Act Now

Adobe Framemaker Publishing Server versions 2020.3, 2022.2 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Privilege Escalation Framemaker Publishing Server
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-34107 CRITICAL PATCH Act Now

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Commerce Commerce Webhooks Magento
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-26029 CRITICAL Act Now

Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Experience Manager
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-38295 CRITICAL Act Now

ALCASAR before 3.6.1 allows still_connected.php remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Alcasar
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-38294 CRITICAL Act Now

ALCASAR before 3.6.1 allows email_registration_back.php remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Alcasar
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-38293 CRITICAL Act Now

ALCASAR before 3.6.1 allows CSRF and remote code execution in activity.php. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP CSRF Alcasar
NVD
CVSS 3.1
9.6
EPSS
0.4%
CVE-2024-33253 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Openeclass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-37308 MEDIUM POC PATCH This Month

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the `_recipe_settings[post_title]` parameter in versions up to, and including, 1.7.15.4 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Cooked
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-36647 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Church CRM v5.8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Family Name parameter under. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Churchcrm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-2762 MEDIUM POC This Month

The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Foogallery
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-37309 MEDIUM POC PATCH This Month

CrateDB is a distributed SQL database. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

OpenSSL Denial Of Service Cratedb
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-32925 HIGH This Week

In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-5950 HIGH This Week

Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Dse855 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-5948 HIGH This Week

Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Dse855 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-5924 HIGH This Week

Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Dropbox Desktop
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-36586 HIGH This Week

An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-29168 HIGH This Week

Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Dell Secure Connect Gateway
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-36396 HIGH This Week

Verint - CWE-434: Unrestricted Upload of File with Dangerous Type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Workforce Optimization
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-34111 HIGH PATCH This Week

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Adobe Commerce Commerce Webhooks Magento
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-4149 MEDIUM POC This Month

The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Floating Chat Widget
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-38284 HIGH This Week

Transmitted data is logged between the device and the backend service. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2024-38281 HIGH This Week

An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the device. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Vigilant Fixed Lpr Coms Box Firmware
NVD
CVSS 4.0
8.6
EPSS
0.4%
CVE-2024-38282 HIGH This Week

Utilizing default credentials, an attacker is able to log into the camera's operating system which could allow changes to be made to the operations or shutdown the camera requiring a physical reboot. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-37029 HIGH This Week

Fuji Electric Tellus Lite V-Simulator is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Tellus Lite V Simulator
NVD
CVSS 4.0
8.5
EPSS
0.3%
CVE-2024-37022 HIGH This Week

Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary code. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Tellus Lite V Simulator
NVD
CVSS 4.0
8.5
EPSS
0.3%
CVE-2024-37164 HIGH PATCH This Week

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Microsoft Computer Vision Annotation Tool
NVD GitHub
CVSS 3.1
8.5
EPSS
0.3%
CVE-2024-32860 HIGH This Week

Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Alienware Area 51M R2 Firmware Alienware Aurora R11 Firmware Alienware Aurora R12 Firmware +19
NVD
CVSS 3.1
8.2
EPSS
0.2%
Page 1 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy