Skip to main content
CVE-2024-7332 CRITICAL POC THREAT Act Now

A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cp450 Firmware
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
20.7%
CVE-2024-7256 HIGH POC This Week

Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-6040 HIGH POC This Week

In parisneo/lollms-webui version v9.8, the lollms_binding_infos is missing the client_id parameter, which leads to multiple security vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Lollms Web Ui
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-7338 HIGH POC This Week

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ex1200L Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2024-7337 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ex1200L Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2024-7336 HIGH POC This Week

A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B20201211. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ex200 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-7335 HIGH POC This Week

A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646_B20201211. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ex200 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2024-7334 HIGH POC This Week

A vulnerability was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ex1200L Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2024-7333 HIGH POC This Week

A vulnerability was found in TOTOLINK N350RT 9.3.5u.6139_B20201216. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow N350Rt Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2024-7331 HIGH POC This Week

A vulnerability was found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3300R Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2024-39646 HIGH POC This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kunal Custom 404 Pro custom-404-pro.11.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS
NVD VulDB
CVSS 3.1
7.1
EPSS
6.7%
CVE-2024-3983 HIGH POC This Week

The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Woocommerce Customers Manager
NVD WPScan
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-6529 HIGH POC This Week

The Ultimate Classified Listings WordPress plugin before 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ultimate Classified Listings
NVD WPScan
CVSS 3.1
7.1
EPSS
1.0%
CVE-2024-7369 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0 and classified as critical.php?action=login of the component Login. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Realtime Quiz System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-7367 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Realtime Quiz System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Simple Realtime Quiz System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-7366 MEDIUM POC This Month

A vulnerability was found in SourceCodester Tracking Monitoring Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tracking Monitoring Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-7360 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Tracking Monitoring Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Tracking Monitoring Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-7339 MEDIUM POC THREAT This Month

A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

HP Information Disclosure Sh 4050A5 5L Mm Firmware Avision Av108T Firmware Td 2104ts Cl Firmware +1
NVD VulDB
CVSS 4.0
6.9
EPSS
32.0%
CVE-2024-6496 MEDIUM POC This Month

The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks when deleting polls, which could allow attackers to make logged in users perform such action via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Light Poll
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-2843 MEDIUM POC This Month

The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin users delete users via CSRF attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Woocommerce Customers Manager
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-1747 MEDIUM POC This Month

The WooCommerce Customers Manager WordPress plugin before 30.2 does not have authorisation and CSRF in various AJAX actions, allowing any authenticated users, such as subscriber, to call them and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Woocommerce Customers Manager
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-38770 CRITICAL Act Now

Improper Privilege Management vulnerability in Revmakx Backup and Staging by WP Time Capsule allows Privilege Escalation, Authentication Bypass.22.20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-41961 CRITICAL Act Now

Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
9.6
EPSS
0.6%
CVE-2024-39777 CRITICAL PATCH Act Now

Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow unsolicited invites to expose access to local channels, when shared channels are enabled, which. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost
NVD
CVSS 3.1
9.6
EPSS
0.4%
CVE-2024-7093 CRITICAL Act Now

Dispatch's notification service uses Jinja templates to generate messages to users. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 4.0
9.4
EPSS
0.5%
CVE-2024-39619 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro-plugin allows PHP Local File Inclusion.9.4. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal PHP
NVD VulDB
CVSS 3.1
9.0
EPSS
1.7%
CVE-2024-7371 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Realtime Quiz System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7370 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Realtime Quiz System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7368 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Simple Realtime Quiz System 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simple Realtime Quiz System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7365 MEDIUM POC This Month

A vulnerability was found in SourceCodester Tracking Monitoring Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tracking Monitoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7364 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Tracking Monitoring Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tracking Monitoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7363 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Tracking Monitoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tracking Monitoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7362 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Tracking Monitoring Management System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tracking Monitoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7361 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Tracking Monitoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tracking Monitoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7359 MEDIUM POC This Month

A vulnerability was found in SourceCodester Tracking Monitoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Tracking Monitoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7357 MEDIUM POC This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 600 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
5.7%
CVE-2024-7343 MEDIUM POC This Month

A vulnerability was found in Baidu UEditor 1.4.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ueditor
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7342 MEDIUM POC This Month

A vulnerability was found in Baidu UEditor 1.4.3.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Ueditor
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7330 MEDIUM POC This Month

A vulnerability has been found in YouDianCMS 7 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Youdiancms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-41259 CRITICAL Act Now

Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Navidrome
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-32758 CRITICAL Act Now

Under certain circumstances the communication between exacqVision Client and exacqVision Server will use insufficient key length and exchange. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Microsoft Exacqvision Client Exacqvision Server
NVD
CVSS 4.0
9.0
EPSS
0.4%
CVE-2024-39624 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CridioStudio ListingPro listingpro allows PHP Local File Inclusion.9.4. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal PHP
NVD VulDB
CVSS 3.1
8.5
EPSS
1.7%
CVE-2024-39634 HIGH This Week

Improper Privilege Management vulnerability in IdeaBox PowerPack Pro for Elementor allows Privilege Escalation.10.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-39633 HIGH This Week

Improper Privilege Management vulnerability in IdeaBox PowerPack for Beaver Builder allows Privilege Escalation.33.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-38768 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Webangon The Pack Elementor addons allows PHP Local File Inclusion, Path Traversal.0.8.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP The Pack Elementor Addons
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-32863 HIGH This Week

Under certain circumstances the exacqVision Web Services may be susceptible to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Exacqvision Web Service
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-7255 HIGH This Week

Out of bounds read in WebTransport in Google Chrome prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-6990 HIGH This Week

Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-4090 MEDIUM POC This Month

The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.2 does not sanitise and escape some of its settings, which could allow. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS My Sticky Bar
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-2872 MEDIUM POC This Month

The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Swift Framework
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy