Skip to main content
CVE-2024-38887 CRITICAL POC Act Now

An issue in Horizon Business Services Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Caterease
NVD VulDB
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-7314 CRITICAL POC THREAT Act Now

anji-plus AJ-Report is affected by an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Report
NVD GitHub
CVSS 3.1
9.8
EPSS
51.5%
CVE-2024-41127 CRITICAL POC PATCH Act Now

Monkeytype is a minimalistic and customizable typing test. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Monkeytype
NVD GitHub
CVSS 3.1
9.6
EPSS
0.9%
CVE-2024-28298 HIGH POC This Week

SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SEC_IDF, LIE_IDF, PLANF_IDF, CLI_IDF, DOS_IDF, and possibly other. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Bmplanning
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-33894 HIGH POC This Week

Insecure Permission vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are executing several processes with elevated privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ewon Cosy Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-7029 HIGH POC THREAT This Week

Commands can be injected over the network and executed without authentication. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Avm1203 Firmware
NVD
CVSS 4.0
8.7
EPSS
39.0%
CVE-2024-42348 HIGH POC This Week

FOG is a cloning/imaging/rescue suite/inventory management system. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Fogproject
NVD GitHub
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-33892 HIGH POC This Week

Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ewon Cosy Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-7389 HIGH POC PATCH This Week

The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hubspot-wp-api.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress Information Disclosure PHP Forminator
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-33896 HIGH POC This Week

Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to code injection due to improper parameter blacklisting. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ewon Cosy Firmware
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
4.0%
CVE-2024-33895 MEDIUM POC This Month

Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ewon Cosy Firmware
NVD
CVSS 3.1
6.6
EPSS
0.5%
CVE-2024-33893 MEDIUM POC This Month

Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to XSS when displaying the logs due to improper input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ewon Cosy Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-38882 CRITICAL Act Now

An issue in Horizon Business Services Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection SQLi Caterease
NVD VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-38889 CRITICAL Act Now

An issue in Horizon Business Services Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Caterease
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-38886 CRITICAL Act Now

An issue in Horizon Business Services Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Caterease
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-36268 CRITICAL PATCH Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.10.0 through 1.12.0, which could lead to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Apache RCE Inlong
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-5595 MEDIUM POC This Month

The Essential Blocks WordPress plugin before 4.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Essential Blocks
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-42349 MEDIUM POC This Month

FOG is a cloning/imaging/rescue suite/inventory management system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fogproject
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-42460 MEDIUM POC PATCH This Month

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Information Disclosure Elliptic
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-42459 MEDIUM POC PATCH This Month

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Jwt Attack Information Disclosure Elliptic
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-7378 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Realtime Quiz System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7377 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Simple Realtime Quiz System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Realtime Quiz System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7376 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Simple Realtime Quiz System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Realtime Quiz System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7375 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Realtime Quiz System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Realtime Quiz System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7374 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Simple Realtime Quiz System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Realtime Quiz System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7373 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Simple Realtime Quiz System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Realtime Quiz System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7372 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Realtime Quiz System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-38883 CRITICAL Act Now

An issue in Horizon Business Services Inc. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Caterease
NVD VulDB
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-42461 CRITICAL PATCH Act Now

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Jwt Attack Information Disclosure Elliptic
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-40721 HIGH This Week

The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Tcb Servisign
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-40720 HIGH This Week

The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Tcb Servisign
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-27181 HIGH PATCH This Week

In Apache Linkis <= 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Linkis
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-3238 HIGH This Week

The WordPress Menu Plugin - Superfly Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.29. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Path Traversal
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-38879 HIGH This Week

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Omnivise T3000 Application Server
NVD
CVSS 4.0
8.7
EPSS
0.8%
CVE-2024-38876 HIGH This Week

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Path Traversal Information Disclosure Omnivise T3000 Application Server Omnivise T3000 Domain Controller +4
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-38890 HIGH This Week

An issue in Horizon Business Services Inc. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Caterease
NVD VulDB
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-38877 HIGH This Week

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Network Intrusion Detection System. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Omnivise T3000 Application Server Omnivise T3000 Domain Controller Omnivise T3000 Network Intrusion Detection System Omnivise T3000 Product Data Management +3
NVD
CVSS 4.0
8.3
EPSS
0.2%
CVE-2024-38884 HIGH This Week

An issue in Horizon Business Services Inc. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Caterease
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-39392 HIGH This Week

InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Indesign
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-3056 HIGH This Week

A flaw was found in Podman. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Podman Openshift Container Platform Enterprise Linux Fedora
NVD
CVSS 3.1
7.7
EPSS
0.5%
CVE-2024-38885 HIGH This Week

An issue in Horizon Business Services Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Caterease
NVD VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-38891 HIGH This Week

An issue in Horizon Business Services Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Caterease
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-38881 HIGH This Week

An issue in Horizon Business Services Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Caterease
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-28297 HIGH This Week

SQL injection vulnerability in AzureSoft MyHorus 4.3.5 allows authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-41518 HIGH This Week

An Incorrect Access Control vulnerability in "/admin/programm/<program_id>/export/statistics" in Feripro <= v2.2.3 allows remote attackers to export an XLSX file with information about registrations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Feripro
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-41310 HIGH This Week

AndServer 2.1.12 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Andserver
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-38482 HIGH This Week

CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cloudlink
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-22169 HIGH This Week

WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment settings that could allow code execution by utilizing the 'ELECTRON_RUN_AS_NODE' environment variable. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Node.js
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-38776 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson WP GoToWebinar allows Cross-Site Scripting (XSS).7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-38878 MEDIUM This Month

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Omnivise T3000 Application Server
NVD
CVSS 4.0
6.9
EPSS
11.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy