Skip to main content
CVE-2024-37734 CRITICAL POC PATCH Act Now

An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Openemr
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-5181 CRITICAL POC PATCH Act Now

A command injection vulnerability exists in the mudler/localai version 2.14.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Localai
NVD GitHub
CVSS 3.0
9.8
EPSS
2.7%
CVE-2024-4758 HIGH POC This Week

The Muslim Prayer Time BD WordPress plugin through 2.4 does not have CSRF check in place when reseting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Muslim Prayer Time Bd
NVD WPScan
CVSS 3.1
7.6
EPSS
0.3%
CVE-2024-38526 HIGH POC PATCH This Week

pdoc provides API Documentation for Python Projects. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure
NVD GitHub
CVSS 3.1
7.2
EPSS
3.8%
CVE-2024-38950 MEDIUM POC This Month

Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to __interceptor_memcpy function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Libde265
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-5071 MEDIUM POC This Month

The Bookster WordPress plugin through 1.1.0 allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment (the request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Bookster
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-33326 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component XsltResultControllerHtml.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2024-1839 CRITICAL Act Now

Intrado 911 Emergency Gateway login form is vulnerable to an unauthenticated blind time-based SQL injection, which may allow an unauthenticated remote attacker to execute malicious code, exfiltrate. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi 911 Emergency Gateway Firmware
NVD
CVSS 4.0
10.0
EPSS
0.5%
CVE-2024-5573 MEDIUM POC This Month

The Easy Table of Contents WordPress plugin before 2.0.66 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Easy Table Of Contents
NVD WPScan
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-4228 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE - 522 - Insufficiently Protected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-39243 CRITICAL Act Now

An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to /index.php?s=/admin/develop/editor_save. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Skycaiji
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-37098 CRITICAL Act Now

Server-Side Request Forgery (SSRF) vulnerability in Blossom Themes BlossomThemes Email Newsletter.2.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Blossomthemes Email Newsletter
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-5199 MEDIUM POC This Month

The Spotify Play Button WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Spotify Play Button
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-3633 MEDIUM POC This Month

The WebP & SVG Support WordPress plugin through 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Webp Svg Support
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37252 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Icegram Email Subscribers & Newsletters allows SQL Injection.7.25. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.5%
CVE-2024-23767 HIGH This Week

An issue was discovered on HMS Anybus X-Gateway AB7832-F firmware version 3. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-5169 MEDIUM POC This Month

The Video Widget WordPress plugin through 1.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Video Widget
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-4959 MEDIUM POC This Month

The Frontend Checklist WordPress plugin through 2.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Frontend Checklist
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-37140 HIGH This Week

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Data Domain Operating System
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-29176 HIGH This Week

Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Dell Memory Corruption Data Domain Operating System
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-4957 MEDIUM POC This Month

The Frontend Checklist WordPress plugin through 2.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Frontend Checklist
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-28982 HIGH This Week

Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Pentaho Business Analytics Server
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-5460 HIGH This Week

A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fabric Operating System
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-5473 MEDIUM POC This Month

The Simple Photoswipe WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Photoswipe
NVD WPScan
CVSS 3.1
4.0
EPSS
0.3%
CVE-2024-4869 HIGH This Week

The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Wp Cookie Consent
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2024-36829 HIGH This Week

Incorrect access control in Teldat M1 v11.00.05.50.01 allows attackers to obtain sensitive information via a crafted query string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure M1 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-23766 HIGH This Week

An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-33329 HIGH This Week

A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authentication and access internal pages and other sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-34581 HIGH This Week

The W3C XML Signature Syntax and Processing (XMLDsig) specification, starting with 1.0, was originally published with a "RetrievalMethod is a URI ... Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-6354 HIGH This Week

Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the PAM. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Remote Desktop Manager
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-38272 HIGH PATCH This Week

There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dialog on Quick Share Windows. Rated high severity (CVSS 7.1).

Authentication Bypass Microsoft Nearby
NVD GitHub
CVSS 4.0
7.1
EPSS
0.2%
CVE-2024-6355 MEDIUM This Month

A vulnerability was found in Genexis Tilgin Fiber Home Gateway HG1522 CSx000-01_09_01_12. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-37138 MEDIUM This Month

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Dell Data Domain Operating System
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-37248 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Anima allows Stored XSS.4.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-37247 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in twinpictures, baden03 jQuery T(-) Countdown Widget allows Stored XSS.3.25. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-38949 MEDIUM This Month

Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to display444as420 function at sdl.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Libde265
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-37139 MEDIUM This Month

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Data Domain Operating System
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-5173 MEDIUM This Month

The HT Mega - Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video player widget settings in all versions up to, and including, 2.5.5 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Ht Mega
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-5332 MEDIUM PATCH This Month

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Card widget in all versions up to, and including, 2.6.9.8 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Exclusive Addons For Elementor Elementor
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5215 MEDIUM PATCH This Month

The HT Mega - Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.5.5 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Ht Mega
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-4604 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magarsus Consultancy SSO (Single Sign On) allows Manipulating Hidden Fields.0 before 1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-28984 MEDIUM This Month

Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pentaho Business Analytics Server
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-28983 MEDIUM This Month

Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pentaho Business Analytics Server
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-39242 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in skycaiji v2.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload using eval(String.fromCharCode()). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Skycaiji
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-39241 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in skycaiji 2.8 allows attackers to run arbitrary code via /admin/tool/preview. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Skycaiji
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-33328 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the component main.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-33327 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the component UrlAccessibilityEvaluation.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-35545 MEDIUM PATCH This Month

MAP-OS v4.45.0 and earlier was discovered to contain a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Map Os
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-38271 MEDIUM PATCH This Month

There exists a vulnerability in Quick Share/Nearby, where an attacker can force a victim to stay connected to a temporary hotspot created for the sharing. Rated medium severity (CVSS 5.9).

Denial Of Service Nearby
NVD GitHub
CVSS 4.0
5.9
EPSS
0.2%
CVE-2024-29175 MEDIUM This Month

Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Dell Data Domain Operating System
NVD
CVSS 3.1
5.9
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy