Skip to main content
CVE-2024-33375 CRITICAL POC Act Now

LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bl W1210M Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-37637 CRITICAL POC Act Now

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWizardCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-3080 CRITICAL POC THREAT Act Now

Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
43.5%
CVE-2024-37642 CRITICAL POC THREAT Act Now

TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability via the ipv4_ping, ipv6_ping parameter at /formSystemCheck . Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tew 814Dap Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
11.4%
CVE-2024-36597 HIGH POC This Week

Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Life Insurance Management System
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
2.3%
CVE-2024-24320 HIGH POC This Week

Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Cloudpanel
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2024-37645 HIGH POC This Week

TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formSysLog . Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Tew 814Dap Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-37643 HIGH POC This Week

TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formPasswordAuth . Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Tew 814Dap Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-37641 HIGH POC This Week

TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Tew 814Dap Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-37644 HIGH POC This Week

TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tew 814Dap Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-37640 HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWiFiEasyGuestCfg. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-37639 HIGH POC This Week

TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via eport in the function setIpPortFilterRules. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow A3700r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-2024 HIGH Act Now

The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.1% and no vendor patch available.

RCE WordPress Path Traversal
NVD
CVSS 3.1
8.8
EPSS
17.1%
CVE-2024-33377 HIGH POC This Week

LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bl W1210M Firmware
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-4936 CRITICAL PATCH Act Now

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.5%.

LFI PHP WordPress RCE Canto
NVD
CVSS 3.1
9.8
EPSS
11.5%
CVE-2024-5984 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Bookstore 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Book Store Project
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-5983 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Bookstore 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Book Store Project
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-37889 MEDIUM POC PATCH This Month

MyFinances is a web application for managing finances. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Myfinances
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-1295 MEDIUM POC This Month

The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure The Events Calendar
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-37312 MEDIUM POC PATCH This Month

user_oidc app is an OpenID Connect user backend for Nextcloud. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Nextcloud User Oidc
NVD GitHub
CVSS 3.1
6.3
EPSS
0.6%
CVE-2024-5577 CRITICAL Act Now

The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version <= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP WordPress RCE
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2024-36599 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at insertClient.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Life Insurance Management System
NVD Exploit-DB GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-36656 MEDIUM POC This Month

In MintHCM 4.0.3, a registered user can execute arbitrary JavaScript code and achieve a reflected Cross-site Scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Minthcm
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-5155 MEDIUM POC This Month

The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Inquiry Cart
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-4480 MEDIUM POC This Month

The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Prayer
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-3966 MEDIUM POC This Month

The Pray For Me WordPress plugin through 1.0.4 does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pray For Me
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37831 CRITICAL Act Now

Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Payroll Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-33374 CRITICAL Act Now

Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-5671 CRITICAL Act Now

Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attackers to perform arbitrary code execution and access to the vulnerable Trellix IPS Manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-3912 CRITICAL Act Now

Certain models of ASUS routers have an arbitrary firmware upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-27174 CRITICAL Act Now

Remote Command program allows an attacker to get Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-27173 CRITICAL Act Now

Remote Command program allows an attacker to get Remote Code Execution by overwriting existing Python files containing executable code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Python
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2024-27172 CRITICAL Act Now

Remote Command program allows an attacker to get Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 3.1
9.8
EPSS
26.8%
CVE-2024-27145 CRITICAL Act Now

The Toshiba printers provide several ways to upload files using the admin web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-27144 CRITICAL Act Now

The Toshiba printers provide several ways to upload files using the web interface without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-27143 CRITICAL Act Now

Toshiba printers use SNMP for configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-2472 CRITICAL Act Now

The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Latepoint
NVD
CVSS 3.1
9.1
EPSS
1.8%
CVE-2024-34539 CRITICAL Act Now

Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.4
EPSS
0.5%
CVE-2024-4270 MEDIUM POC This Month

The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Svgmagic
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-3978 MEDIUM POC This Month

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wordpress Jitsi Shortcode
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-3965 MEDIUM POC This Month

The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Pray For Me
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-5985 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Best Online News Portal 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Best Online News Portal
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-5981 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online House Rental System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online House Rental System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-5995 HIGH This Week

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-4005 MEDIUM POC This Month

The Social Pixel WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Social Pixel
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-3992 MEDIUM POC This Month

The Amen WordPress plugin through 3.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Amen
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-3977 MEDIUM POC This Month

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wordpress Jitsi Shortcode
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-3497 HIGH This Week

Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the printer. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-3496 HIGH This Week

Attackers can bypass the web login authentication process to gain access to the printer's system information and upload malicious drivers to the printer. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-3754 MEDIUM POC This Month

The Alemha watermarker WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Alemha Watermark
NVD WPScan
CVSS 3.1
4.7
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy