Skip to main content
CVE-2024-41120 CRITICAL POC PATCH Act Now

streamlit-geospatial is a streamlit multipage app for geospatial applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Streamlit Geospatial
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-41119 CRITICAL POC PATCH Act Now

streamlit-geospatial is a streamlit multipage app for geospatial applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Streamlit Geospatial
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-41118 CRITICAL POC PATCH Act Now

streamlit-geospatial is a streamlit multipage app for geospatial applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Streamlit Geospatial
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-41117 CRITICAL POC PATCH Act Now

streamlit-geospatial is a streamlit multipage app for geospatial applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Streamlit Geospatial
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-41116 CRITICAL POC PATCH Act Now

streamlit-geospatial is a streamlit multipage app for geospatial applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Streamlit Geospatial
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-41115 CRITICAL POC PATCH Act Now

streamlit-geospatial is a streamlit multipage app for geospatial applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Streamlit Geospatial
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-41114 CRITICAL POC PATCH Act Now

streamlit-geospatial is a streamlit multipage app for geospatial applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Streamlit Geospatial
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-41113 CRITICAL POC PATCH Act Now

streamlit-geospatial is a streamlit multipage app for geospatial applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Streamlit Geospatial
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-41112 CRITICAL POC PATCH Act Now

streamlit-geospatial is a streamlit multipage app for geospatial applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Streamlit Geospatial
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-40117 CRITICAL POC Act Now

Incorrect access control in Solar-Log 1000 before v2.8.2 and build 52- 23.04.2013 allows attackers to obtain Administrative privileges via connecting to the web administration server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-40433 HIGH POC This Week

Insecure Permissions vulnerability in Tencent wechat v.8.0.37 allows an attacker to escalate privileges via the web-view component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Wechat
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-39304 HIGH POC PATCH This Week

ChurchCRM is an open-source church management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Churchcrm
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
3.0%
CVE-2024-41628 HIGH POC This Week

Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
6.5%
CVE-2024-40116 HIGH POC This Week

An issue in Solar-Log 1000 before v2.8.2 and build 52-23.04.2013 was discovered to store plaintext passwords in the export.html, email.html, and sms.html files -- fixed with 3.0.0-60 11.10.2013 for. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-7062 HIGH POC This Week

Nimble Commander suffers from a privilege escalation vulnerability due to the server (info.filesmanager.Files.PrivilegedIOHelperV2) performing improper/insufficient validation of a client’s. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Privilege Escalation Nimble Commander
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-41813 HIGH POC PATCH This Week

txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Txtdot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-41812 HIGH POC PATCH This Week

txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Txtdot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-41354 HIGH POC This Week

phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/widgets/edit.php. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phpipam
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-41353 HIGH POC This Week

phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\groups\edit-group.php. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phpipam
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-41357 HIGH POC This Week

phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/powerDNS/record-edit.php. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phpipam
NVD GitHub Exploit-DB
CVSS 3.1
7.1
EPSS
1.1%
CVE-2024-41815 HIGH POC PATCH This Week

Starship is a cross-shell prompt. Rated high severity (CVSS 7.0). Public exploit code available.

Command Injection Starship
NVD GitHub
CVSS 3.1
7.0
EPSS
0.5%
CVE-2024-6922 MEDIUM POC THREAT This Month

Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 4.0
6.9
EPSS
30.2%
CVE-2024-41355 MEDIUM POC This Month

phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools/request-ip/index.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phpipam
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-6490 MEDIUM POC This Month

During testing of the Master Slider WordPress plugin through 3.9.10, a CSRF vulnerability was found, which allows an unauthorized user to manipulate requests on behalf of the victim and thereby. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Master Slider
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-41373 MEDIUM POC This Month

ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-versions-preview-loader.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Icecoder
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-41375 MEDIUM POC This Month

ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/terminal-xhr.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Icecoder
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41374 MEDIUM POC This Month

ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/settings-screen.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Icecoder
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-4447 CRITICAL Act Now

In the System → Maintenance tool, the Logged Users tab surfaces sessionId data for all users via the Direct Web Remoting API (UserSessionAjax.getSessionList.dwr) calls. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Privilege Escalation
NVD
CVSS 3.1
9.9
EPSS
0.5%
CVE-2024-26520 CRITICAL Act Now

An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-40689 CRITICAL Act Now

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM SQLi Infosphere Information Server Infosphere Information Server On Cloud
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-7120 MEDIUM POC THREAT This Month

A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Msg2300 Firmware Msg2100E Firmware Msg2200 Firmware +1
NVD VulDB
CVSS 4.0
5.3
EPSS
93.4%
CVE-2024-7119 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Payroll Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7118 MEDIUM POC This Month

A vulnerability classified as critical was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Payroll Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7117 MEDIUM POC This Month

A vulnerability classified as critical has been found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Payroll Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7116 MEDIUM POC This Month

A vulnerability was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Payroll Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7115 MEDIUM POC This Month

A vulnerability was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Payroll Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7114 MEDIUM POC This Month

A vulnerability was found in Tianchoy Blog up to 1.8.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Blog
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-38872 HIGH This Week

Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Microsoft Manageengine Exchange Reporter Plus
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2024-38871 HIGH This Week

Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Microsoft Manageengine Exchange Reporter Plus
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2024-41356 MEDIUM POC This Month

phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\firewall-zones\zones-edit-network.php. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phpipam
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-41692 HIGH This Week

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to presence of root terminal access on a serial interface without proper access control. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.6
EPSS
0.3%
CVE-2024-41687 HIGH This Week

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to transmission of password in plain text. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sy Gpon 1110 Wdont Firmware
NVD
CVSS 4.0
8.6
EPSS
0.3%
CVE-2024-7050 HIGH This Week

Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi-factor Authentication Bypass in particular scenarios.2. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.3
EPSS
0.6%
CVE-2024-35296 HIGH This Week

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server
NVD
CVSS 3.1
8.2
EPSS
1.1%
CVE-2024-24257 HIGH This Week

An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an attacker to obtain sensitive information via a crafted script to the csl/user component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-41670 HIGH This Week

In the module "PayPal Official" for PrestaShop 7+ releases prior to version 6.4.2 and for PrestaShop 1.6 releases prior to version 3.18.1, a malicious customer can confirm an order even if payment is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-35161 HIGH This Week

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Request Smuggling Information Disclosure Traffic Server
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-41686 HIGH This Week

This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password policies. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sy Gpon 1110 Wdont Firmware
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2024-38512 HIGH This Week

A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-38511 HIGH This Week

A privilege escalation vulnerability was discovered in an upload processing functionality of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy