Skip to main content
CVE-2024-39011 CRITICAL POC Act Now

Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the function mergeObjects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Denial Of Service Prototype Pollution Chargeover Redoc
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-38983 CRITICAL POC Act Now

Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the _assign() method at. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Mini Deep Assign
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-39012 CRITICAL POC Act Now

ais-ltd strategyen v0.4.0 was discovered to contain a prototype pollution via the function mergeObjects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Strategyen
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-39010 CRITICAL POC Act Now

chase-moskal snapstate v0.0.9 was discovered to contain a prototype pollution via the function attemptNestedProperty. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Snapstate
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-38986 CRITICAL POC PATCH Act Now

Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via merge methods of lodash to merge objects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Deep Merge
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-38984 CRITICAL POC Act Now

Prototype Pollution in lukebond json-override 0.2.0 allows attackers to to execute arbitrary code or cause a Denial of Service (DoS) via the __proto__ property. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Denial Of Service Json Override
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-36572 CRITICAL POC Act Now

Prototype pollution in allpro form-manager 0.7.4 allows attackers to run arbitrary code and cause other impacts via the functions setDefaults, mergeBranch, and Object.setObjectValue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution RCE Formmanager Data Handler
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-5765 CRITICAL POC THREAT Act Now

The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Wpstickybar
NVD WPScan
CVSS 3.1
9.8
EPSS
27.4%
CVE-2024-5975 CRITICAL POC Act Now

The CZ Loan Management WordPress plugin through 1.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Cz Loan Management
NVD WPScan
CVSS 3.1
9.1
EPSS
2.0%
CVE-2024-7297 HIGH POC THREAT This Week

Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Langflow
NVD
CVSS 3.1
8.8
EPSS
21.3%
CVE-2024-7213 HIGH POC This Week

A vulnerability, which was classified as critical, was found in TOTOLINK A7000R 9.1.0u.6268_B20220504. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A7000r Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.1%
CVE-2024-7212 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in TOTOLINK A7000R 9.1.0u.6268_B20220504.cgi. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A7000r Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.0%
CVE-2024-23091 HIGH POC This Week

Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Hoteldruid
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-5807 HIGH POC This Week

The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress PHP Business Card
NVD WPScan
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-7226 MEDIUM POC This Month

A vulnerability was found in SourceCodester Medicine Tracker System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Medicine Tracker System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-6021 MEDIUM POC This Month

The Donation Block For PayPal WordPress plugin through 2.1.0 does not sanitise and escape form submissions, leading to a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Donation Block For Paypal
NVD WPScan
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-3669 MEDIUM POC This Month

The Web Directory Free WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Web Directory Free
NVD WPScan
CVSS 3.1
6.8
EPSS
0.5%
CVE-2024-41109 MEDIUM POC PATCH This Month

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Information Disclosure Admin Classic Bundle
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-6230 MEDIUM POC This Month

The پلاگین پرداخت دلخواه WordPress plugin through 2.9.8 does not have CSRF check in place when resetting its form fields, which could allow attackers to make a logged in admin perform such action via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Pardakht Delkhah
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-1287 MEDIUM POC This Month

The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive information, including password hashes via an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Paid Memberships Pro
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-41440 MEDIUM POC This Month

A heap buffer overflow in the function png_quantize() of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service Hicolor
NVD GitHub
CVSS 3.1
6.2
EPSS
0.8%
CVE-2024-41438 MEDIUM POC This Month

A heap buffer overflow in the function cp_stored() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service Hicolor
NVD GitHub
CVSS 3.1
6.2
EPSS
0.8%
CVE-2024-6226 MEDIUM POC This Month

The WpStickyBar WordPress plugin through 2.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpstickybar
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-6223 MEDIUM POC This Month

The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Send Email Only On Reply To My Comment
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-5809 MEDIUM POC This Month

The WP Ajax Contact Form WordPress plugin through 2.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Ajax Contact Form
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-6224 MEDIUM POC This Month

The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Send Email Only On Reply To My Comment
NVD WPScan
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-4096 MEDIUM POC This Month

The Responsive Tabs WordPress plugin through 4.0.8 does not sanitise and escape some of its Tab settings, which could allow high privilege users such as Contributors and above to perform Stored. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Responsive Tabs
NVD WPScan
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-3113 MEDIUM POC This Month

The FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin before 2.12.2 does not sanitise and escape some of its settings, which could allow high privilege. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Form
NVD WPScan
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-38909 CRITICAL Act Now

Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Elfinder
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-41611 CRITICAL Act Now

In D-Link DIR-860L REVA FIRMWARE PATCH 1.10..B04, the Telnet service contains hardcoded credentials, enabling attackers to log in remotely to the Telnet service and perform arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 860L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-41610 CRITICAL Act Now

D-Link DIR-820LW REVB FIRMWARE PATCH 2.03.B01_TC contains hardcoded credentials in the Telnet service, enabling attackers to log in remotely to the Telnet service and perform arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 820Lw Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-3930 CRITICAL Act Now

In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Akana Api
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-41702 CRITICAL Act Now

SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Siberiancms
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-38432 CRITICAL Act Now

Matrix Tafnit v8 - CWE-646: Reliance on File Name or Extension of Externally-Supplied File. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tafnit
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-7219 MEDIUM POC This Month

A vulnerability has been found in SourceCodester/Campcodes School Log Management System 1.0. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Log Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2024-41443 MEDIUM POC This Month

A stack overflow in the function cp_dynamic() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Hicolor
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-41439 MEDIUM POC This Month

A heap buffer overflow in the function cp_block() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Hicolor
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-41437 MEDIUM POC This Month

A heap buffer overflow in the function cp_unfilter() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Hicolor
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-41304 MEDIUM POC This Month

An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE File Upload Wondercms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-6536 MEDIUM POC This Month

The Zephyr Project Manager WordPress plugin before 3.3.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors and admins to perform Stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Zephyr Project Manager
NVD WPScan
CVSS 3.1
5.4
EPSS
0.8%
CVE-2024-6699 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mikafon Electronic Inc. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ma7 Firmware
NVD VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2024-7273 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Alton Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Restaurant Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-7225 MEDIUM POC This Month

A vulnerability was found in SourceCodester Insurance Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Insurance Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7224 MEDIUM POC This Month

A vulnerability was found in SourceCodester Lot Reservation Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Lot Reservation Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7223 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Lot Reservation Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Lot Reservation Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7222 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Lot Reservation Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Lot Reservation Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7217 MEDIUM POC This Month

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ca300 Poe Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
6.8%
CVE-2024-7215 MEDIUM POC This Month

A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr1200 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
3.3%
CVE-2024-7214 MEDIUM POC This Month

A vulnerability has been found in TOTOLINK LR350 9.3.5u.6369_B20220309 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr350 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
3.2%
CVE-2024-7276 MEDIUM POC This Month

A vulnerability has been found in itsourcecode Alton Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Restaurant Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.6%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy