Skip to main content
CVE-2024-39962 CRITICAL POC Act Now

D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a remote code execution (RCE) vulnerability in the ntp_zone_val parameter at /goform/set_ntp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE D-Link Dir 823x Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2024-6205 CRITICAL POC Act Now

The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Payplus Payment Gateway
NVD WPScan
CVSS 3.1
9.8
EPSS
4.2%
CVE-2024-40400 HIGH POC PATCH This Week

An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Automad
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-37066 HIGH POC This Week

A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cam V4 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-41107 HIGH POC THREAT This Week

The CloudStack SAML authentication (disabled by default) does not enforce signature check. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Cloudstack
NVD GitHub
CVSS 3.1
8.1
EPSS
17.8%
CVE-2024-39963 HIGH POC This Week

AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution (RCE). Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ax9 Firmware Ax12 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.5%
CVE-2024-21527 HIGH POC PATCH This Week

Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenberg before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/chromium before 8.1.0; versions of the. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google SSRF
NVD GitHub VulDB
CVSS 4.0
7.8
EPSS
0.6%
CVE-2024-41492 HIGH POC This Week

A stack overflow in Tenda AX1806 v1.0.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Denial Of Service Ax1806 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-6898 MEDIUM POC This Month

A vulnerability was found in SourceCodester Record Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Record Management System
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-41599 MEDIUM POC This Month

Cross Site Scripting vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the file upload method. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS File Upload Ruoyi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-5604 MEDIUM POC This Month

The Bug Library WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bug Library
NVD WPScan
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-35198 CRITICAL PATCH Act Now

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Torchserve
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-41603 CRITICAL Act Now

Spina CMS v2.18.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the URI /admin/layout. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Spina
NVD GitHub
CVSS 3.1
9.6
EPSS
0.2%
CVE-2024-39123 MEDIUM POC THREAT This Month

In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Calibre Web
NVD GitHub
CVSS 3.1
5.4
EPSS
22.9%
CVE-2024-6907 MEDIUM POC This Month

A vulnerability was found in SourceCodester Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-6906 MEDIUM POC This Month

A vulnerability was found in SourceCodester Record Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6905 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Record Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-6904 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6903 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6902 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6901 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6900 MEDIUM POC This Month

A vulnerability was found in SourceCodester Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6899 MEDIUM POC This Month

A vulnerability was found in SourceCodester Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-29736 CRITICAL PATCH Act Now

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Cxf
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2024-41122 HIGH PATCH This Week

Woodpecker is a simple yet powerful CI/CD engine with great extensibility. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Woodpecker
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-41121 HIGH PATCH This Week

Woodpecker is a simple yet powerful CI/CD engine with great extensibility. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Woodpecker
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-41602 HIGH This Week

Cross Site Request Forgery vulnerability in Spina CMS v.2.18.0 and before allows a remote attacker to escalate privileges via a crafted URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Spina
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-41281 HIGH This Week

Linksys WRT54G v4.21.5 has a stack overflow vulnerability in get_merge_mac function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Linksys Wrt54G Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-6338 HIGH PATCH This Week

The FV Flowplayer Video Player plugin for WordPress is vulnerable to time-based SQL Injection via the ‘exclude’ parameter in all versions up to, and including, 7.5.46.7212 due to insufficient. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Fv Flowplayer Video Player
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-39906 HIGH This Week

A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Command Injection
NVD GitHub
CVSS 3.1
8.3
EPSS
1.0%
CVE-2024-41597 MEDIUM POC This Month

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to insert a comment. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

CSRF Processwire
NVD GitHub VulDB
CVSS 3.1
4.2
EPSS
0.3%
CVE-2024-35199 HIGH PATCH This Week

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Torchserve
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2024-41600 HIGH This Week

Insecure Permissions vulnerability in lin-CMS Springboot v.0.2.1 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Java Lin Cms Spring Boot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-41601 HIGH This Week

Insecure Permissions vulnerability in lin-CMS v.0.2.0 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-27489 HIGH This Week

An issue in the DelFile() function of WMCMS v4.4 allows attackers to delete arbitrary files via a crafted POST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-41172 HIGH PATCH This Week

In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Cxf
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-32007 HIGH PATCH This Week

An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Cxf
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-30130 HIGH This Week

HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nomad Server On Domino
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-29080 MEDIUM This Month

Potential vulnerabilities have been identified in the HP Display Control software component within the HP Application Enabling Software Driver which might allow escalation of privilege. Rated medium severity (CVSS 6.5). No vendor patch available.

Privilege Escalation HP
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-24970 MEDIUM This Month

Potential vulnerabilities have been identified in the HP Display Control software component within the HP Application Enabling Software Driver which might allow escalation of privilege. Rated medium severity (CVSS 6.5). No vendor patch available.

Privilege Escalation HP
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-41124 MEDIUM PATCH This Month

Puncia is the Official CLI utility for Subdomain Center & Exploit Observer. Rated medium severity (CVSS 6.3). No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-6895 MEDIUM This Month

Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without. Rated medium severity (CVSS 6.1). No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
6.1
EPSS
0.2%
CVE-2024-38156 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Google Microsoft Edge
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-6908 MEDIUM This Month

Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass
NVD GitHub
CVSS 4.0
6.0
EPSS
0.3%
CVE-2024-6916 MEDIUM This Month

A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the '--show-inputs-only' flag. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Zowe Cli
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-0006 MEDIUM This Month

Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in log files, potentially leading to. Rated medium severity (CVSS 5.4). No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
5.4
EPSS
0.3%
CVE-2024-5977 MEDIUM PATCH This Month

The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.13.0 via the 'handleRequest'. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Givewp
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-39457 MEDIUM This Month

Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-6799 MEDIUM PATCH This Month

The YITH Essential Kit for WooCommerce #1 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activate_module', 'deactivate_module', and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Yith Essential Kit For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-21583 MEDIUM This Month

Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
4.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy