Skip to main content
CVE-2024-6127 CRITICAL POC THREAT Emergency

BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal
NVD GitHub
CVSS 3.1
9.8
EPSS
10.3%
CVE-2024-5980 CRITICAL POC PATCH MAL Act Now

A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Pytorch Lightning
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-5822 CRITICAL POC Act Now

A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions <= ChuanhuChatGPT-20240410-git.zip. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Information Disclosure Chuanhuchatgpt
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-5820 HIGH POC This Week

An unprotected WebSocket connection in the latest version of stitionai/devika (commit ecee79f) allows a malicious website to connect to the backend and issue commands on behalf of the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass SSRF Devika
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-39158 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/userSys_deal.php?mudi=infoSet. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-39154 HIGH POC This Week

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=del&dataType=word&dataTypeCN. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-5885 HIGH POC This Week

stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Quivr
NVD
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-39134 HIGH POC This Week

A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Zziplib
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-6250 HIGH POC This Week

An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the `open_file` endpoint of `lollms_advanced.py`. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft Lollms Web Ui
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2024-6090 HIGH POC This Week

A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Denial Of Service Chuanhuchatgpt
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2024-6038 HIGH POC This Week

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Chuanhuchatgpt
NVD GitHub
CVSS 3.0
7.5
EPSS
0.7%
CVE-2024-5979 HIGH POC This Week

In h2oai/h2o-3 version 3.46.0, the `run_tool` command in the `rapids` component allows the `main` function of any class under the `water.tools` namespace to be called. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Denial Of Service H2O
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2024-5548 HIGH POC PATCH This Week

A directory traversal vulnerability exists in the stitionai/devika repository, specifically within the /api/download-project endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Path Traversal Devika
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2024-5547 HIGH POC PATCH This Week

A directory traversal vulnerability exists in the /api/download-project-pdf endpoint of the stitionai/devika repository, affecting the latest version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Devika
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2024-5334 HIGH POC PATCH This Week

A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Devika
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2024-6373 MEDIUM POC This Month

A vulnerability has been found in itsourcecode Online Food Ordering System up to 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Food Ordering System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-6371 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in itsourcecode Pool of Bethesda Online Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pool Of Bethesda Online Reservation System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-5714 MEDIUM POC This Month

In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with team management permissions to manipulate project identifiers in requests, enabling them to invite. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass Privilege Escalation Lunary
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2024-39155 MEDIUM POC This Month

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=add. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Idccms
NVD GitHub
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-5710 MEDIUM POC PATCH MAL This Month

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Litellm
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-6054 HIGH This Week

The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress RCE Auto Featured Image
NVD
CVSS 3.1
8.8
EPSS
6.9%
CVE-2024-5535 CRITICAL Act Now

Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Buffer Overflow Information Disclosure
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
5.1%
CVE-2024-5936 MEDIUM POC THREAT This Month

An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Privategpt
NVD
CVSS 3.1
6.1
EPSS
28.9%
CVE-2024-4704 MEDIUM POC This Month

The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Contact Form 7
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-6071 CRITICAL Act Now

PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
10.0
EPSS
1.1%
CVE-2024-2973 CRITICAL Act Now

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper
NVD
CVSS 4.0
10.0
EPSS
1.1%
CVE-2024-3330 CRITICAL Act Now

Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE Microsoft
NVD
CVSS 3.1
9.9
EPSS
0.6%
CVE-2024-0947 CRITICAL Act Now

Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-0949 CRITICAL Act Now

Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass.0.68. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2024-1107 CRITICAL Act Now

Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.0.68. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Travel Apps
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2024-39705 CRITICAL PATCH Act Now

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Python
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-36072 CRITICAL Act Now

Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the logging component of the Endpoint Protector and Unify server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-39208 CRITICAL Act Now

luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-5826 CRITICAL Act Now

In the latest version of vanna-ai/vanna, the `vanna.ask` function is vulnerable to remote code execution due to prompt injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2024-5751 CRITICAL PATCH MAL Act Now

BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Google Litellm
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-35260 CRITICAL Act Now

An authenticated attacker can exploit an untrusted search path vulnerability in Microsoft Dataverse to execute code over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Power Platform
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-39669 CRITICAL Act Now

In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java objects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Java RCE
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-36059 CRITICAL Act Now

Directory Traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart upto and including version 2.3.5 allows attackers to read/write arbitrary files via the IEC61850 File Transfer protocol. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
9.4
EPSS
0.7%
CVE-2024-5935 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of imartinez/privategpt allows an attacker to delete all uploaded files on the server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Privategpt
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-5933 MEDIUM POC This Month

A Cross-site Scripting (XSS) vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lollms Web Ui
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-3111 MEDIUM POC This Month

The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS H5P
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-5755 MEDIUM POC This Month

In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot character ('.') in the email address. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lunary
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-2882 CRITICAL Act Now

SDG Technologies PnPSCADA allows a remote attacker to attach various entities without requiring system authentication. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.7%
CVE-2024-39376 CRITICAL Act Now

TELSAT marKoni FM Transmitters are vulnerable to users gaining unauthorized access to sensitive information or performing actions beyond their designated permissions. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Markoni D Compact Firmware Markoni Dh Exciter Amplifiers Firmware
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-39375 CRITICAL Act Now

TELSAT marKoni FM Transmitters are vulnerable to an attacker bypassing authentication and gaining administrator privileges. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Markoni D Compact Firmware Markoni Dh Exciter Amplifiers Firmware
NVD
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-39374 CRITICAL Act Now

TELSAT marKoni FM Transmitters are vulnerable to an attacker exploiting a hidden admin account that can be accessed through the use of hard-coded credentials. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Markoni D Compact Firmware Markoni Dh Exciter Amplifiers Firmware
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-39373 CRITICAL Act Now

TELSAT marKoni FM Transmitters are vulnerable to a command injection vulnerability through the manipulation of settings and could allow an attacker to gain unauthorized access to the system with. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection Markoni D Compact Firmware Markoni Dh Exciter Amplifiers Firmware
NVD
CVSS 4.0
9.3
EPSS
1.2%
CVE-2024-6372 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tailoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-6370 MEDIUM POC This Month

A vulnerability classified as problematic was found in LabVantage LIMS 2017. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Laboratory Information Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-6369 MEDIUM POC This Month

A vulnerability classified as problematic has been found in LabVantage LIMS 2017. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Laboratory Information Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy