Skip to main content
CVE-2024-5827 CRITICAL POC Act Now

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Python
NVD
CVSS 3.0
9.8
EPSS
3.5%
CVE-2024-39704 CRITICAL POC Act Now

Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Melty Blood Actress Again Current Code
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-5736 HIGH POC This Week

Server Side Request Forgery (SSRF) vulnerability in AdmirorFrames Joomla!. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SSRF PHP Admirorframes
NVD GitHub
CVSS 4.0
8.2
EPSS
1.2%
CVE-2024-5712 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the stitionai/devika application, affecting the latest version. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Devika
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2024-27628 HIGH POC PATCH This Week

Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow RCE Dcmtk
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-38514 HIGH POC This Week

NextChat is a cross-platform ChatGPT/Gemini UI. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
7.4
EPSS
2.2%
CVE-2024-6403 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Tenda A301 15.13.08.12. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow A301 Firmware
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
1.0%
CVE-2024-6402 HIGH POC This Week

A vulnerability classified as critical was found in Tenda A301 15.13.08.12. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow A301 Firmware
NVD VulDB GitHub
CVSS 4.0
7.1
EPSS
1.0%
CVE-2024-5570 MEDIUM POC This Month

The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Simple Photoswipe
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-38522 MEDIUM POC PATCH This Month

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Hush Line
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-5737 MEDIUM POC This Month

Script afGdStream.php in AdmirorFrames Joomla!. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP XSS Admirorframes
NVD GitHub
CVSS 4.0
6.3
EPSS
1.1%
CVE-2024-5735 MEDIUM POC This Month

Full Path Disclosure vulnerability in AdmirorFrames Joomla!. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Information Disclosure Admirorframes
NVD GitHub
CVSS 4.0
6.3
EPSS
1.5%
CVE-2024-38521 MEDIUM POC This Month

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hush Line
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-5730 MEDIUM POC This Month

The Pagerank tools WordPress plugin through 1.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pagerank Tools
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-5729 MEDIUM POC This Month

The Simple AL Slider WordPress plugin through 1.2.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Al Slider
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-38371 CRITICAL Act Now

authentik is an open-source Identity Provider. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Authentik
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-3816 CRITICAL Act Now

Sites managed in S@M CMS (Concept Intermedia) might be vulnerable to a blind SQL Injection executed using the search bar. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi S M Cms
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-30110 CRITICAL Act Now

HCL DRYiCE AEX product is impacted by lack of input validation vulnerability in a particular web application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Dryice Aex
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-39349 CRITICAL Act Now

A vulnerability regarding buffer copy without checking size of input ('Classic Buffer Overflow') is found in the libjansson component and it does not affect the upstream library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Synology Bc500 Firmware Tc500 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-37282 CRITICAL Act Now

It was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be subsequently used to create new API keys that have elevated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Elastic Cloud Enterprise
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-37371 CRITICAL PATCH Act Now

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Kerberos 5 Debian Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
2.6%
CVE-2024-37741 MEDIUM POC This Month

OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openplc V3 Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-5728 MEDIUM POC This Month

The Animated AL List WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Animated Al List
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-37905 HIGH This Week

authentik is an open-source Identity Provider that emphasizes flexibility and versatility. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Authentik
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-31912 HIGH This Week

IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Mq
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-5727 MEDIUM POC This Month

The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Widget4Call
NVD WPScan
CVSS 3.1
4.7
EPSS
0.6%
CVE-2024-27629 HIGH This Week

An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via the generated file name is not properly escaped and injected into a system call when certain types of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-37370 HIGH PATCH This Week

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Kerberos 5
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-38525 HIGH This Week

dd-trace-cpp is the Datadog distributed tracing for C++. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-38528 HIGH PATCH This Week

nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-38322 HIGH This Week

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Storage Defender Resiliency Service
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-35116 HIGH This Week

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Mq
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-38374 HIGH PATCH This Week

The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XXE
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-31919 HIGH This Week

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Denial Of Service Mq
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-30135 HIGH This Week

HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is taken. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dryice Aex
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-39350 HIGH This Week

A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Synology Tc500 Firmware Bc500 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-39348 HIGH This Week

Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Synology Router Manager
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-30111 HIGH This Week

HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dryice Aex
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-39351 HIGH This Week

A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the NTP configuration. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Synology Bc500 Firmware Tc500 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2024-38532 HIGH This Week

The NXP Data Co-Processor (DCP) is a built-in hardware module for specific NXP SoCs¹ that implements a dedicated AES cryptographic engine for encryption/decryption operations. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-39708 HIGH This Week

An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manager) before 12.0.1096 on Windows. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Microsoft
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2024-38533 MEDIUM This Month

ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-35156 MEDIUM This Month

IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Mq
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-25031 MEDIUM This Month

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Storage Defender
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-35155 MEDIUM This Month

IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Mq
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-5662 MEDIUM This Month

The Ultimate Post Kit Addons For Elementor - (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) plugin for WordPress is vulnerable to Stored. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-5796 MEDIUM This Month

The Infinite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘project_url’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-5788 MEDIUM This Month

The Silesia theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute within the theme's Button shortcode in all versions up to, and including, 1.0.6 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD VulDB
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-6296 MEDIUM This Month

The Stackable - Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-caption’ parameter in all versions up to, and including, 3.13.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-5925 MEDIUM This Month

The Theron Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 2.0 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy