Skip to main content
CVE-2024-38902 CRITICAL POC Act Now

H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Magic R230 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-37759 CRITICAL POC Act Now

DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language) expression injection vulnerability via the Data Viewing interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Java Datagear
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2024-29868 CRITICAL POC PATCH Act Now

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Streampipes
NVD
CVSS 3.1
9.1
EPSS
6.0%
CVE-2024-24551 HIGH POC This Week

A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE PHP Command Injection Bludit
NVD
CVSS 4.0
8.9
EPSS
0.8%
CVE-2024-24550 HIGH POC This Week

A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE PHP Command Injection Bludit
NVD
CVSS 4.0
8.9
EPSS
0.7%
CVE-2024-6293 HIGH POC This Week

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-6292 HIGH POC This Week

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-6290 HIGH POC This Week

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-37677 HIGH POC This Week

An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Access Management Specialist
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-36683 HIGH POC This Week

SQL injection vulnerability in the module "Products Alert" (productsalert) before 1.7.4 from Smart Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2024-38892 MEDIUM POC This Month

An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh component. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wn551K1 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-4499 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Lollms
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-37228 CRITICAL Act Now

Unrestricted file upload in the InstaWP Connect WordPress plugin (versions up to and including 0.1.0.38) allows remote unauthenticated attackers to upload dangerous file types, leading to full site compromise with scope change. The maximum CVSS 10.0 score reflects network-reachable exploitation with no privileges or user interaction, though EPSS of 0.85% (75th percentile) and absence from CISA KEV indicate no public exploit identified at time of analysis.

File Upload
NVD VulDB
CVSS 3.1
10.0
EPSS
0.8%
CVE-2024-34312 MEDIUM POC This Month

Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component vplide.js. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Virtual Programming Lab
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2024-37732 MEDIUM POC THREAT This Month

Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Anchor Cms
NVD
CVSS 3.1
6.1
EPSS
16.0%
CVE-2024-37680 MEDIUM POC This Month

Hangzhou Meisoft Information Technology Co., Ltd. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Finesoft
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-37679 MEDIUM POC This Month

Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Finesoft
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-4900 MEDIUM POC This Month

The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Seopress
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-5683 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM Software Business Process Manangement (BPM) allows Remote Code Inclusion.6.4.4 before 6.6.4.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-36681 CRITICAL Act Now

SQL Injection vulnerability in the module "Isotope" (pk_isotope) <=1.7.3 from Promokit.eu for PrestaShop allows attackers to obtain sensitive information and cause other impacts via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-34988 CRITICAL Act Now

SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro" (askforaquotemodul) <= 1.0.51 from Buy Addons for PrestaShop allows attackers to view sensitive. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-33898 CRITICAL Act Now

Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 is affected by an Incorrect Access Control vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-34313 CRITICAL Act Now

An issue in VPL Jail System up to v4.0.2 allows attackers to execute a directory traversal via a crafted request to a public endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-33879 CRITICAL Act Now

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft Sharepoint Bulk File Download
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-33278 CRITICAL Act Now

Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware versions v3.0.0.4.388_24198 allows a remote attacker to execute arbitrary code via the connection_state_machine due to improper. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-37089 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Consulting Elementor Widgets
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-38897 MEDIUM POC This Month

WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wn551K1 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-38896 MEDIUM POC This Month

WAVLINK WN551K1 found a command injection vulnerability through the start_hour parameter of /cgi-bin/nightled.cgi. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wn551K1 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2024-38895 MEDIUM POC This Month

WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wn551K1 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-38894 MEDIUM POC This Month

WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchlist_sync.cgi. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wn551K1 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2024-37678 MEDIUM POC This Month

Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Command Injection Finesoft
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-6160 CRITICAL Act Now

SQL Injection vulnerability in MegaBIP software allows attacker to disclose the contents of the database, obtain session cookies or modify the content of pages.12.1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-6280 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Simple Online Bidding System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-6279 MEDIUM POC This Month

A vulnerability was found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-37231 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.9. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Salon Booking System
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-36497 CRITICAL Act Now

The decrypted configuration file contains the password in cleartext which is used to configure WINSelect. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-6278 MEDIUM POC This Month

A vulnerability has been found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-6277 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in lahirudanushka School Management System 1.0.0/1.0.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-6276 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in lahirudanushka School Management System 1.0.0/1.0.1.php of the component Teacher Page. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-6275 MEDIUM POC This Month

A vulnerability classified as critical was found in lahirudanushka School Management System 1.0.0/1.0.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-6274 MEDIUM POC This Month

A vulnerability classified as critical has been found in lahirudanushka School Management System 1.0.0/1.0.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-4899 MEDIUM POC This Month

The SEOPress WordPress plugin before 7.8 does not sanitise and escape some of its Post settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

WordPress XSS Seopress
NVD WPScan
CVSS 3.1
5.0
EPSS
0.3%
CVE-2024-34992 HIGH This Week

SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop allows attackers to obtain sensitive. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-37109 HIGH This Week

Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.26.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Wishlist Member
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-37107 HIGH This Week

Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.26.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Wishlist Member X
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-37092 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP Consulting Elementor Widgets
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-37091 HIGH This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets, StylemixThemes Masterstudy Elementor Widgets allows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Consulting Elementor Widgets
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-38384 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from reorder of WRITE ->lqueued __blkcg_rstat_flush() can be run anytime, especially when. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-38903 MEDIUM POC This Month

H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Magic R230 Firmware
NVD GitHub
CVSS 3.1
4.1
EPSS
0.4%
CVE-2024-38373 HIGH This Week

FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Freertos Plus Tcp
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy