Skip to main content
CVE-2024-6695 CRITICAL POC Act Now

it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Profile Builder
NVD WPScan
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-6255 CRITICAL POC THREAT Act Now

A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Chuanhuchatgpt
NVD
CVSS 3.1
9.1
EPSS
13.1%
CVE-2024-40645 HIGH POC PATCH This Week

FOG is a cloning/imaging/rescue suite/inventory management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP File Upload Fogproject
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-6978 HIGH POC This Week

Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users.10.28. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Cato Client
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-6975 HIGH POC This Week

Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file.10.34. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation OpenSSL Microsoft Cato Client
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-6973 HIGH POC This Week

Remote Code Execution in Cato Windows SDP client via crafted URLs.10.34. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Cato Client
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-7340 HIGH POC PATCH This Week

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
8.8
EPSS
5.0%
CVE-2024-7326 HIGH POC This Week

A vulnerability classified as critical has been found in IObit DualSafe Password Manager 1.4.0.3. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dualsafe Password Manager
NVD VulDB
CVSS 4.0
8.5
EPSS
0.3%
CVE-2024-41954 HIGH POC PATCH This Week

FOG is a cloning/imaging/rescue suite/inventory management system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Fogproject
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-6974 HIGH POC This Week

Cato Networks Windows SDP Client Local Privilege Escalation via self-upgrade10.34. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Cato Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-41630 HIGH POC This Week

Stack-based buffer overflow vulnerability in Tenda AC18 V15.03.3.10_EN allows a remote attacker to execute arbitrary code via the ssid parameter at ip/goform/fast_setting_wifi_set. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow RCE Ac18 Firmware
NVD
CVSS 3.1
7.6
EPSS
1.0%
CVE-2024-7328 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in YouDianCMS 7.php?action=phpinfo. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Youdiancms
NVD VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-7321 MEDIUM POC This Month

A vulnerability classified as problematic was found in itsourcecode Online Blood Bank Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Blood Bank Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-7320 MEDIUM POC This Month

A vulnerability classified as critical has been found in itsourcecode Online Blood Bank Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Blood Bank Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-7311 MEDIUM POC This Month

A vulnerability was found in code-projects Online Bus Reservation Site 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Bus Reservation Site
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-7286 MEDIUM POC This Month

A vulnerability was found in SourceCodester Establishment Billing Management System 1.0 and classified as critical.php?action=login of the component Login. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Establishment Billing Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-7279 MEDIUM POC This Month

A vulnerability was found in SourceCodester Lot Reservation Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Lot Reservation Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-6977 MEDIUM POC This Month

A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Cato Client
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-6412 MEDIUM POC This Month

The HTML Forms WordPress plugin before 1.3.34 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Html Forms
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-6272 MEDIUM POC This Month

The SpiderContacts WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Spidercontacts
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41108 MEDIUM POC This Month

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Fogproject
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2024-38182 CRITICAL Act Now

Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Dynamics 365
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-41660 CRITICAL Act Now

slpd-lite is a unicast SLP UDP server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-39950 CRITICAL Act Now

A vulnerability has been found in Dahua products. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Dahua Nvr4104 4Ks2 L Firmware Nvr4108 4Ks2 L Firmware +56
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-41955 MEDIUM POC PATCH This Month

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Apple Open Redirect Google Microsoft Mobile Security Framework
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2024-41947 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.7%
CVE-2024-7205 CRITICAL Act Now

When the device is shared, the homepage module are before 2.19.0 in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.4
EPSS
0.5%
CVE-2024-6408 MEDIUM POC This Month

The Slider by 10Web WordPress plugin before 1.2.57 does not sanitise and escape its Slider Title, which could allow high privilege users such as editors and above to perform Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Slider
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-7329 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in YouDianCMS 7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Youdiancms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-7327 MEDIUM POC This Month

A vulnerability classified as critical was found in Xinhu RockOA 2.6.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Xinhu
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7310 MEDIUM POC This Month

A vulnerability was found in SourceCodester Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7309 MEDIUM POC This Month

A vulnerability was found in SourceCodester Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7308 MEDIUM POC This Month

A vulnerability was found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Establishment Billing Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7307 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Establishment Billing Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7306 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Establishment Billing Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Establishment Billing Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7303 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Blood Bank Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7300 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Bolt CMS 3.7.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bolt
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7299 MEDIUM POC This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Bolt CMS 3.7.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bolt
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7290 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Establishment Billing Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Establishment Billing Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7289 MEDIUM POC This Month

A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Establishment Billing Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7288 MEDIUM POC This Month

A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Establishment Billing Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7287 MEDIUM POC This Month

A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Establishment Billing Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7285 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Establishment Billing Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7284 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Lot Reservation Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Lot Reservation Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7283 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Lot Reservation Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Lot Reservation Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7282 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Lot Reservation Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Lot Reservation Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7281 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Lot Reservation Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Lot Reservation Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7280 MEDIUM POC This Month

A vulnerability was found in SourceCodester Lot Reservation Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Lot Reservation Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-6980 CRITICAL Act Now

A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF Information Disclosure Gravityzone
NVD
CVSS 4.0
9.2
EPSS
0.6%
CVE-2024-7278 MEDIUM POC This Month

A vulnerability was found in itsourcecode Alton Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Restaurant Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy