Skip to main content
CVE-2023-37058 CRITICAL POC Act Now

Insecure Permissions vulnerability in JLINK Unionman Technology Co. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Jlink Ax1800 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-34833 CRITICAL POC Act Now

Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Payroll Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-6047 CRITICAL POC KEV THREAT Act Now

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gv Dsp Lpr Firmware Gv Bx130 Firmware Gv Bx1500 Firmware Gv Cb220 Firmware +16
NVD
CVSS 3.1
9.8
EPSS
10.1%
CVE-2024-37840 HIGH POC This Week

SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Learning Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-37848 HIGH POC This Week

SQL Injection vulnerability in Online-Bookstore-Project-In-PHP v1.0 allows a local attacker to execute arbitrary code via the admin_delete.php component. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Online Book Store Project
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-37621 HIGH POC This Week

StrongShop v1.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the component /shippingOptionConfig/index.blade.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP Strongshop
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-6065 MEDIUM POC This Month

A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bakery Online Ordering System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-6043 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Best House Rental Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.9%
CVE-2024-6042 MEDIUM POC This Month

A vulnerability was found in itsourcecode Real Estate Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Real Estate Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-4305 MEDIUM POC This Month

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Postx
NVD WPScan
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-37891 MEDIUM POC PATCH This Month

urllib3 is a user-friendly HTTP client library for Python. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Information Disclosure Urllib3 Debian Linux Active Iq Unified Manager
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-36527 MEDIUM POC This Month

puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
6.5
EPSS
2.6%
CVE-2024-6056 MEDIUM POC This Month

A vulnerability was found in nasirkhan Laravel Starter up to 11.8.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Laravel Starter
NVD VulDB
CVSS 4.0
6.3
EPSS
0.7%
CVE-2024-37662 MEDIUM POC This Month

TP-LINK TL-7DR5130 v1.0.23 is vulnerable to TCP DoS or hijacking attacks. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Tl 7Dr5130 Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-37661 MEDIUM POC This Month

TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect message attacks. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Tl 7Dr5130 Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-38469 MEDIUM POC This Month

zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /pay.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ibarn
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-38470 MEDIUM POC This Month

zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /own.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ibarn
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37625 MEDIUM POC This Month

zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ibarn
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37624 MEDIUM POC This Month

Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Xinhu
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37623 MEDIUM POC This Month

Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /kaoqin/tpl_kaoqin_locationchange.html component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xinhu
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37622 MEDIUM POC This Month

Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the num parameter at /flow/flow.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Xinhu
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-37619 MEDIUM POC This Month

StrongShop v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the spec_group_id parameter at /spec/index.blade.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Strongshop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-37902 CRITICAL PATCH Act Now

DeepJavaLibrary(DJL) is an Engine-Agnostic Deep Learning Framework in Java. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
10.0
EPSS
0.7%
CVE-2023-37057 CRITICAL Act Now

An issue in JLINK Unionman Technology Co. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-36543 CRITICAL Act Now

Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-37798 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Beauty Parlour Management System
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-36575 CRITICAL Act Now

A Prototype Pollution issue in getsetprop 1.1.0 allows an attacker to execute arbitrary code via global.accessor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-36573 CRITICAL PATCH Act Now

almela obx before v.0.0.4 has a Prototype Pollution issue which allows arbitrary code execution via the obx/build/index.js:656), reduce (@almela/obx/build/index.js:470), Object.set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-36582 CRITICAL Act Now

alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend() method of Module.deepAssign (/src/index.js). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-36580 CRITICAL Act Now

A Prototype Pollution issue in cdr0 sg 1.0.10 allows an attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-6057 CRITICAL Act Now

Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Remote Desktop Manager
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-6048 CRITICAL Act Now

Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-5163 CRITICAL Act Now

Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security risks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-37895 MEDIUM POC PATCH This Month

Lobe Chat is an open-source LLMs/AI chat framework. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lobe Chat
NVD GitHub
CVSS 3.1
5.7
EPSS
0.5%
CVE-2024-3236 MEDIUM POC This Month

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup Builder
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-6067 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Music Class Enrollment System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Music Class Enrollment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6066 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Best House Rental Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6058 MEDIUM POC This Month

A vulnerability classified as problematic has been found in LabVantage LIMS 2017. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Laboratory Information Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-37664 MEDIUM POC This Month

Redmi router RB03 v1.0.57 is vulnerable to TCP DoS or hijacking attacks. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Redmi Ax6S Firmware
NVD GitHub
CVSS 3.1
5.2
EPSS
0.4%
CVE-2024-6059 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Ingenico Estate Manager 2023. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Estate Management
NVD VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-6064 MEDIUM POC PATCH This Month

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Gpac
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.3%
CVE-2024-6063 MEDIUM POC PATCH This Month

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.3%
CVE-2024-6062 MEDIUM POC PATCH This Month

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.3%
CVE-2024-6061 MEDIUM POC PATCH This Month

A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Gpac
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.4%
CVE-2024-37896 HIGH PATCH This Week

Gin-vue-admin is a backstage management system based on vue and gin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-6045 HIGH This Week

Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link
NVD
CVSS 3.1
8.8
EPSS
6.3%
CVE-2024-6080 HIGH This Week

A vulnerability classified as critical was found in Intelbras InControl 2.21.56. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Incontrol
NVD VulDB
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-5650 HIGH This Week

DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2024-36577 HIGH PATCH This Week

apphp js-object-resolver < 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
8.3
EPSS
0.4%
CVE-2024-37305 HIGH This Week

oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow OpenSSL
NVD GitHub
CVSS 3.1
8.2
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy