Skip to main content
CVE-2024-37858 CRITICAL POC Act Now

SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Lost And Found Information System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-6366 CRITICAL POC THREAT Act Now

The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Profile Builder
NVD WPScan
CVSS 3.1
9.1
EPSS
29.0%
CVE-2024-37857 HIGH POC This Week

SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via id parameter to php-lfis/admin/categories/view_category.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Lost And Found Information System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-38529 HIGH POC PATCH This Week

Admidio is a free, open source user management system for websites of organizations and groups. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP File Upload Admidio
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-37906 HIGH POC PATCH This Week

Admidio is a free, open source user management system for websites of organizations and groups. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Admidio
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-7187 HIGH POC This Week

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3600r Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2024-7186 HIGH POC This Week

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3600r Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.1%
CVE-2024-7185 HIGH POC This Week

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3600r Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.1%
CVE-2024-7184 HIGH POC This Week

A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3600r Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.1%
CVE-2024-7183 HIGH POC This Week

A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3600r Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.1%
CVE-2024-7182 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102.cgi. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3600r Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.1%
CVE-2024-7180 HIGH POC This Week

A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3600r Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.1%
CVE-2024-7179 HIGH POC This Week

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3600r Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.1%
CVE-2024-7178 HIGH POC This Week

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3600r Firmware
NVD VulDB GitHub
CVSS 4.0
8.7
EPSS
1.1%
CVE-2024-7177 HIGH POC This Week

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3600r Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2024-7176 HIGH POC This Week

A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical.cgi. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3600r Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.1%
CVE-2024-7174 HIGH POC This Week

A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3600r Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2024-7173 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3600r Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.1%
CVE-2024-41817 HIGH POC PATCH This Week

ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

RCE Imagemagick
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2024-33365 HIGH POC This Week

Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.20_cn allows a remote attacker to execute arbitrary code via the Virtual_Data_Check function in the bin/httpd component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda RCE Ac10 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-41818 HIGH POC PATCH This Week

fast-xml-parser is an open source, pure javascript xml parser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Fast Xml Parser
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-5882 HIGH POC This Week

The Ultimate Classified Listings WordPress plugin before 1.3 does not validate the `ucl_page` and `layout` parameters allowing unauthenticated users to access PHP files on the server from the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP WordPress Ultimate Classified Listings
NVD WPScan
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-28804 HIGH POC This Week

An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS I Mcs Nfv
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-7196 MEDIUM POC This Month

A vulnerability was found in SourceCodester Complaints Report Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complaints Report Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-7188 MEDIUM POC This Month

A vulnerability was found in Bylancer Quicklancer 2.4. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Quicklancer
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
7.0%
CVE-2024-37859 MEDIUM POC This Month

Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Lost And Found Information System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-41810 MEDIUM POC PATCH This Month

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Python Twisted
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2024-41799 CRITICAL PATCH Act Now

tgstation-server is a production scale tool for BYOND server management. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Path Traversal Tgstation Server
NVD GitHub
CVSS 3.1
9.9
EPSS
1.2%
CVE-2024-6487 MEDIUM POC This Month

The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Inline Related Posts
NVD WPScan
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-6576 CRITICAL Act Now

Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Privilege Escalation.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Moveit Transfer
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-7202 CRITICAL Act Now

The query functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Winmatrix3
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-7201 CRITICAL Act Now

The login functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Winmatrix3
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-5670 CRITICAL Act Now

The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary OS commands and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Sn Os
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-5285 MEDIUM POC This Month

The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp Affiliate Platform
NVD WPScan
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-6578 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in aimhubio/aim version 3.19.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Aim
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41819 MEDIUM POC PATCH This Month

Note Mark is a web-based Markdown notes app. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Note Mark
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2024-4483 MEDIUM POC This Month

The Email Encoder WordPress plugin before 2.2.2 does not escape the WP_Email_Encoder_Bundle_options[protection_text] parameter before outputting it back in an attribute in an admin page, leading to a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Email Encoder
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-7200 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Complaints Report Management System 1.0.php?action=save_settings. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complaints Report Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7199 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Complaints Report Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complaints Report Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7198 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Complaints Report Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complaints Report Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7197 MEDIUM POC This Month

A vulnerability was found in SourceCodester Complaints Report Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Complaints Report Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7195 MEDIUM POC This Month

A vulnerability was found in itsourcecode Society Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Society Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7194 MEDIUM POC This Month

A vulnerability was found in itsourcecode Society Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Society Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7192 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in itsourcecode Society Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Society Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7191 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in itsourcecode Society Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Society Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7190 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Society Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Society Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7189 MEDIUM POC This Month

A vulnerability classified as critical has been found in itsourcecode Online Food Ordering System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Food Ordering System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7181 MEDIUM POC This Month

A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3600r Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
3.1%
CVE-2024-7175 MEDIUM POC This Month

A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3600r Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
3.1%
CVE-2024-28805 CRITICAL Act Now

An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass I Mcs Nfv
NVD
CVSS 3.1
9.1
EPSS
0.4%
Page 1 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy