Skip to main content
CVE-2024-6075 HIGH POC This Week

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp Estore
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-5630 HIGH POC This Week

The Insert or Embed Articulate Content into WordPress plugin before 4.3000000024 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Insert Or Embed Articulate Content
NVD WPScan
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-6745 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Simple Ticket Booking 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Ticket Booking
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-6740 MEDIUM POC This Month

Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mail2000
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-6289 MEDIUM POC This Month

The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Wps Hide Login
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-6076 MEDIUM POC This Month

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Estore
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-6074 MEDIUM POC This Month

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Estore
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-6073 MEDIUM POC This Month

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Estore
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-6072 MEDIUM POC This Month

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Estore
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-6739 MEDIUM POC This Month

The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mailaudit Mailgates
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-39915 CRITICAL Act Now

Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Icinga and Shinken using the Livestatus API. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
9.9
EPSS
0.6%
CVE-2024-40524 CRITICAL Act Now

Directory Traversal vulnerability in xmind2testcase v.1.5 allows a remote attacker to execute arbitrary code via the webtool\application.py component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-4143 CRITICAL Act Now

A potential security vulnerability has been identified in certain HP PC products using AMI BIOS, which might allow arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow HP RCE
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-40624 CRITICAL PATCH Act Now

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-40416 CRITICAL Act Now

A vulnerability in /goform/SetVirtualServerCfg in the sub_6320C function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Memory Corruption Ax1806 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-40415 CRITICAL Act Now

A vulnerability in /goform/SetStaticRouteCfg in the sub_519F4 function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Memory Corruption Ax1806 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-40414 CRITICAL Act Now

A vulnerability in /goform/SetNetControlList in the sub_656BC function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Memory Corruption Ax1806 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-6744 CRITICAL Act Now

The SMTP Listener of Secure Email Gateway from Cellopoint does not properly validate user input, leading to a Buffer Overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Secure Email Gateway
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-6743 CRITICAL Act Now

AguardNet's Space Management System does not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Space Management System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-39736 CRITICAL Act Now

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Datacap Datacap Navigator
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-38492 CRITICAL Act Now

This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 4.0
9.4
EPSS
0.9%
CVE-2024-36456 CRITICAL Act Now

This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 4.0
9.4
EPSS
0.9%
CVE-2024-36455 CRITICAL Act Now

An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.4
EPSS
0.5%
CVE-2024-6746 MEDIUM POC This Month

A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft Easyspider
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
3.3%
CVE-2024-6741 MEDIUM POC This Month

Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mail2000
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-6736 MEDIUM POC This Month

A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Employee And Visitor Gate Pass Logging System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6735 MEDIUM POC This Month

A vulnerability was found in itsourcecode Tailoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tailoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-6734 MEDIUM POC This Month

A vulnerability was found in itsourcecode Tailoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tailoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-6737 HIGH This Week

The access control in the Electronic Official Document Management System from 2100 TECHNOLOGY is not properly implemented, allowing remote attackers with regular privileges to access the account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Electronic Official Document Management System
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-38494 HIGH This Week

This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling
NVD
CVSS 4.0
8.6
EPSS
0.6%
CVE-2024-21513 HIGH PATCH This Week

Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval'. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Python RCE Langchain Experimental
NVD GitHub
CVSS 3.1
8.5
EPSS
1.9%
CVE-2024-38491 HIGH This Week

The vulnerability allows an unauthenticated attacker to read arbitrary information from the database. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.4
EPSS
0.3%
CVE-2024-40631 HIGH PATCH This Week

Plate media is an open source, rich-text editor for React. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-27240 HIGH This Week

Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a privilege escalation via local access. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Rooms Workplace Desktop Workplace Virtual Desktop Infrastructure
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-6689 HIGH This Week

Local Privilege Escalation in MSI-Installer in baramundi Management Agent v23.1.172.0 on Windows allows a local unprivileged user to escalate privileges to SYSTEM. Rated high severity (CVSS 7.8). No vendor patch available.

Privilege Escalation Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-36434 HIGH This Week

An SMM callout vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-36433 HIGH This Week

An arbitrary memory write vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-36432 HIGH This Week

An arbitrary memory write vulnerability was discovered in Supermicro X11DPG-HGX2, X11PDG-QT, X11PDG-OT, and X11PDG-SN motherboards with BIOS firmware before 4.4. Rated high severity (CVSS 7.5). No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-27241 HIGH This Week

Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Meeting Software Development Kit Rooms Workplace Workplace Desktop +1
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-40554 HIGH This Week

An access control issue in Tmall_demo v2024.07.03 allows attackers to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tmall Demo
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-23794 HIGH This Week

An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Otrs
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-39731 HIGH This Week

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Datacap
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-36438 HIGH This Week

eLinkSmart Hidden Smart Cabinet Lock 2024-05-22 has Incorrect Access Control and fails to perform an authorization check which can lead to card duplication and other attacks. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-39819 HIGH This Week

Integrity check in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct a privilege escalation via local access. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Meeting Software Development Kit Rooms Workplace Desktop
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-40560 HIGH This Week

Tmall_demo before v2024.07.03 was discovered to contain a SQL injection vulnerability. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Tmall Demo
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-39826 MEDIUM This Month

Race condition in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct information disclosure via network access. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Meeting Software Development Kit Workplace Desktop Workplace Virtual Desktop Infrastructure
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-37016 MEDIUM This Month

Mengshen Wireless Door Alarm M70 2024-05-24 allows Authentication Bypass via a Capture-Replay approach. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-38493 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Symantec Privileged Access Management
NVD
CVSS 4.0
6.8
EPSS
0.3%
CVE-2024-39767 MEDIUM This Month

Mattermost Mobile Apps versions <=2.16.0 fail to validate that the push notifications received for a server actually came from this serve that which allows a malicious server to send push. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Mattermost Mobile
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-27238 MEDIUM This Month

Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a privilege escalation via local access. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Microsoft Meeting Software Development Kit Rooms Workplace Desktop
NVD
CVSS 3.1
6.3
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy