Skip to main content
CVE-2024-40502 CRITICAL POC Act Now

SQL injection vulnerability in Hospital Management System Project in ASP.Net MVC 1 allows aremote attacker to execute arbitrary code via the btn_login_b_Click function of the Loginpage.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE Hospital Management System
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-39250 CRITICAL POC Act Now

EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via the q parameter in the search web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Timetrax
NVD GitHub
CVSS 3.1
9.8
EPSS
4.9%
CVE-2024-38944 CRITICAL POC Act Now

An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generateForm.cgi?formID=142 component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2024-39686 CRITICAL POC Act Now

Bert-VITS2 is the VITS2 Backbone with multilingual bert. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Bert Vits2
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-39685 CRITICAL POC Act Now

Bert-VITS2 is the VITS2 Backbone with multilingual bert. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Bert Vits2
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-41318 CRITICAL POC Act Now

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2024-41316 CRITICAL POC Act Now

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2024-38773 CRITICAL POC Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.5.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Formlift For Infusionsoft Web Forms
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2024-6913 CRITICAL POC Act Now

Execution with unnecessary privileges in PerkinElmer ProcessPlus allows an attacker to spawn a remote shell on the windows system.11.6507.0. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Processplus
NVD
CVSS 4.0
9.3
EPSS
1.4%
CVE-2024-6912 CRITICAL POC Act Now

Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to login remove on all prone installations.11.6507.0. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft Processplus
NVD
CVSS 4.0
9.3
EPSS
1.1%
CVE-2024-26020 HIGH POC PATCH THREAT This Week

An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Anki
NVD
CVSS 3.1
8.8
EPSS
15.1%
CVE-2024-41320 HIGH POC This Week

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2024-6244 HIGH POC This Week

The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Pz Frontend Manager
NVD WPScan Exploit-DB
CVSS 3.1
8.8
EPSS
2.8%
CVE-2024-5973 HIGH POC This Week

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Masterstudy Lms
NVD WPScan
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-6911 HIGH POC This Week

Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.11.6507.0. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Microsoft Processplus
NVD
CVSS 4.0
8.7
EPSS
4.9%
CVE-2024-6965 HIGH POC This Week

A vulnerability has been found in Tenda O3 1.0.0.10 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow O3 Firmware1 0 0 10 2478
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-6964 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Tenda O3 1.0.0.10. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow O3 Firmware1 0 0 10 2478
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2024-6963 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Tenda O3 1.0.0.10. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow O3 Firmware1 0 0 10 2478
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-6962 HIGH POC This Week

A vulnerability classified as critical was found in Tenda O3 1.0.0.10. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow O3 Firmware1 0 0 10 2478
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2024-37261 HIGH POC This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for Amazon wp-lister-for-amazon.6.16. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
6.6%
CVE-2024-32484 HIGH POC THREAT This Week

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Python Anki
NVD
CVSS 3.1
8.2
EPSS
25.9%
CVE-2024-41317 HIGH POC This Week

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
2.3%
CVE-2024-37259 HIGH POC This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit - WP Extended wpextended.4.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
4.5%
CVE-2024-40634 HIGH POC PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Kubernetes Denial Of Service Argo Cd
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2024-40051 HIGH POC This Week

IP Guard v4.81.0307.0 was discovered to contain an arbitrary file read vulnerability via the file name parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ip Guard
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-6966 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Blood Bank Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-41315 MEDIUM POC This Month

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
2.1%
CVE-2024-41314 MEDIUM POC This Month

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A6000R Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
2.1%
CVE-2024-39688 MEDIUM POC This Month

Bert-VITS2 is the VITS2 Backbone with multilingual bert. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Bert Vits2
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-29073 MEDIUM POC PATCH THREAT This Month

An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Anki
NVD
CVSS 3.1
6.5
EPSS
11.5%
CVE-2024-24507 MEDIUM POC This Month

Cross Site Scripting vulnerability in Act-On 2023 allows a remote attacker to execute arbitrary code via the newUser parameter in the login.jsp component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Act On
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-6806 CRITICAL Act Now

The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project resources. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Veristand
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-6805 CRITICAL Act Now

The NI VeriStand Gateway is missing authorization checks when an actor attempts to access File Transfer resources. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Information Disclosure Veristand
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-6794 CRITICAL Act Now

A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming Server that may result in remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Veristand
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-6793 CRITICAL Act Now

A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Veristand
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-28698 CRITICAL PATCH Act Now

Directory Traversal vulnerability in Marimer LLC CSLA .Net before 8.0 allows a remote attacker to execute arbitrary code via a crafted script to the MobileFormatter component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-41827 CRITICAL Act Now

In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-21552 CRITICAL Act Now

All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ‘eval’ function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-38759 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search & Replace search-and-replace.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Search Replace
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-41704 CRITICAL PATCH Act Now

LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Librechat
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-41703 CRITICAL PATCH Act Now

LibreChat through 0.7.4-rc1 has incorrect access control for message updates. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Librechat
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-6271 MEDIUM POC This Month

The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Community Events
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-37998 CRITICAL Act Now

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-6969 MEDIUM POC This Month

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Clinic S Patient Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-6968 MEDIUM POC This Month

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Clinic S Patient Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-6967 MEDIUM POC This Month

A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Employee And Visitor Gate Pass Logging System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-25638 HIGH PATCH This Week

dnsjava is an implementation of DNS in Java. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.9
EPSS
0.4%
CVE-2024-38755 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Designinvento DirectoryPress allows SQL Injection.6.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Directorypress
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-38701 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Academy Lms
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-23321 HIGH PATCH This Week

For RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Rocketmq
NVD
CVSS 3.1
8.8
EPSS
0.9%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy