Skip to main content
CVE-2024-3605 CRITICAL POC THREAT Emergency

The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.4%.

SQLi WordPress Wp Hotel Booking
NVD
CVSS 3.1
10.0
EPSS
80.4%
Threat
5.9
CVE-2024-37626 HIGH POC This Week

A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vif_enable function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE A6000R Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-5182 CRITICAL POC PATCH THREAT Act Now

A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Information Disclosure Localai
NVD GitHub
CVSS 3.1
9.1
EPSS
25.5%
CVE-2024-6189 HIGH POC This Week

A vulnerability was found in Tenda A301 15.13.08.12. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow A301 Firmware
NVD VulDB
CVSS 4.0
8.7
EPSS
1.4%
CVE-2024-37818 HIGH POC This Week

Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /strapi.io/_next/image. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Strapi
NVD
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-28397 MEDIUM POC This Month

An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
4.5%
CVE-2024-37899 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection RCE Atlassian Xwiki
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-29390 HIGH POC This Week

Daily Expenses Management System version 1.0, developed by PHP Gurukul, contains a time-based blind SQL injection vulnerability in the 'add-expense.php' page. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Daily Expenses Management System
NVD GitHub
CVSS 3.1
7.3
EPSS
0.4%
CVE-2024-6196 MEDIUM POC This Month

A vulnerability was found in itsourcecode Banking Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Banking Management System Project In Php
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-6193 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in itsourcecode Vehicle Management System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Vehicle Management System Project In Php And Mysql With Source Code
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-6192 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Loan Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Loan Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-6191 MEDIUM POC This Month

A vulnerability classified as critical has been found in itsourcecode Student Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-6190 MEDIUM POC This Month

A vulnerability was found in itsourcecode Farm Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Farm Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-6188 MEDIUM POC This Month

A vulnerability was found in Parsec Automation TrackSYS 11.x.x and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
6.9
EPSS
2.1%
CVE-2024-6113 MEDIUM POC This Month

A vulnerability was found in itsourcecode Monbela Tourist Inn Online Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Monbela Tourist Inn Online Reservation System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-3558 MEDIUM POC This Month

The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_title]' parameter versions up to, and including, 2.6.7 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Custom Field Suite
NVD GitHub
CVSS 3.1
6.4
EPSS
0.9%
CVE-2024-5522 MEDIUM POC This Month

The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Html5 Video Player
NVD WPScan
CVSS 3.1
6.5
EPSS
2.6%
CVE-2024-4565 MEDIUM POC This Month

The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values for any post via shortcode without. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Advanced Custom Fields
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-5213 MEDIUM POC PATCH This Month

In mintplex-labs/anything-llm versions up to and including 1.5.3, an issue was discovered where the password hash of a user is returned in the response after login (`POST /api/request-token`) and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Anythingllm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-31586 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability exists in Computer Laboratory Management System version 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Computer Laboratory Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-5432 CRITICAL Act Now

The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Lifeline Donation
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-4098 CRITICAL PATCH Act Now

The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Information Disclosure RCE WordPress +1
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-37699 CRITICAL Act Now

An issue in DataLife Engine v.17.1 and before is vulnerable to SQL Injection in dboption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-37674 MEDIUM POC This Month

Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Moodle
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.6%
CVE-2024-5475 MEDIUM POC This Month

The Responsive video embed WordPress plugin before 0.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Responsive Video Embed
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-38361 MEDIUM POC PATCH This Month

Spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Google Spicedb
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-6195 MEDIUM POC This Month

A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tailoring Management System In Php With Source Code
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-6194 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tailoring Management System In Php With Source Code
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-6187 MEDIUM POC This Month

A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Rg Uac Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
7.6%
CVE-2024-6186 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Ruijie RG-UAC 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Rg Uac Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
8.7%
CVE-2024-6185 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Rg Uac Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
9.1%
CVE-2024-6184 MEDIUM POC This Month

A vulnerability classified as critical was found in Ruijie RG-UAC 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Rg Uac Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
9.7%
CVE-2024-6182 MEDIUM POC This Month

A vulnerability was found in LabVantage LIMS 2017. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Labvantage Lims
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-6181 MEDIUM POC This Month

A vulnerability was found in LabVantage LIMS 2017. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Labvantage Lims
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-3562 HIGH This Week

The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP WordPress Code Injection Custom Field Suite
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-3561 HIGH This Week

The Custom Field Suite plugin for WordPress is vulnerable to SQL Injection via the the 'Term' custom field in all versions up to, and including, 2.6.7 due to insufficient escaping on the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Custom Field Suite
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-5605 HIGH This Week

The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mla_tag_cloud Shortcode in all versions up to, and including, 3.16 due. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Media Library Assistant
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-37532 HIGH This Week

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Jwt Attack Information Disclosure Websphere Application Server
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-6102 HIGH This Week

Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-6100 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-35246 HIGH This Week

An attacker may be able to cause a denial-of-service condition by sending many packets repeatedly. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure L210 F2G Lynx Firmware
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-32943 HIGH This Week

An attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure L210 F2G Firmware
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-37676 HIGH This Week

An issue in htop-dev htop v.2.20 allows a local attacker to cause an out-of-bounds access in the Header_populateFromSettings function. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-6153 HIGH This Week

Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Parallels Desktop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-6147 HIGH This Week

Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Poly Plantronics Hub
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-6162 HIGH PATCH This Week

A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2024-29012 HIGH This Week

Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Denial Of Service Sonicos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-28147 HIGH This Week

An authenticated user can upload arbitrary files in the upload function for collection preview images. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Denial Of Service File Upload
NVD
CVSS 3.1
7.4
EPSS
0.8%
CVE-2024-5746 HIGH This Week

A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF RCE Enterprise Server
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-3597 HIGH This Week

The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.2.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Open Redirect Export Wp Page To Static Html Css
NVD
CVSS 3.1
7.1
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy