Skip to main content
CVE-2024-28298 HIGH POC This Week

SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SEC_IDF, LIE_IDF, PLANF_IDF, CLI_IDF, DOS_IDF, and possibly other. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Bmplanning
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-33894 HIGH POC This Week

Insecure Permission vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are executing several processes with elevated privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ewon Cosy Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-7029 HIGH POC THREAT This Week

Commands can be injected over the network and executed without authentication. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Avm1203 Firmware
NVD
CVSS 4.0
8.7
EPSS
39.0%
CVE-2024-42348 HIGH POC This Week

FOG is a cloning/imaging/rescue suite/inventory management system. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Fogproject
NVD GitHub
CVSS 3.1
8.6
EPSS
0.6%
CVE-2024-33892 HIGH POC This Week

Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ewon Cosy Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-7389 HIGH POC PATCH This Week

The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hubspot-wp-api.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress Information Disclosure PHP Forminator
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-33896 HIGH POC This Week

Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to code injection due to improper parameter blacklisting. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ewon Cosy Firmware
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
4.0%
CVE-2024-40721 HIGH This Week

The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Tcb Servisign
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-40720 HIGH This Week

The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Tcb Servisign
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-27181 HIGH PATCH This Week

In Apache Linkis <= 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Linkis
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-3238 HIGH This Week

The WordPress Menu Plugin - Superfly Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.29. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Path Traversal
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-38879 HIGH This Week

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Omnivise T3000 Application Server
NVD
CVSS 4.0
8.7
EPSS
0.8%
CVE-2024-38876 HIGH This Week

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Path Traversal Information Disclosure Omnivise T3000 Application Server Omnivise T3000 Domain Controller +4
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-38890 HIGH This Week

An issue in Horizon Business Services Inc. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Caterease
NVD VulDB
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-38877 HIGH This Week

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Network Intrusion Detection System. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Omnivise T3000 Application Server Omnivise T3000 Domain Controller Omnivise T3000 Network Intrusion Detection System Omnivise T3000 Product Data Management +3
NVD
CVSS 4.0
8.3
EPSS
0.2%
CVE-2024-38884 HIGH This Week

An issue in Horizon Business Services Inc. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Caterease
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-39392 HIGH This Week

InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Indesign
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-3056 HIGH This Week

A flaw was found in Podman. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Podman Openshift Container Platform Enterprise Linux Fedora
NVD
CVSS 3.1
7.7
EPSS
0.5%
CVE-2024-38885 HIGH This Week

An issue in Horizon Business Services Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Caterease
NVD VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-38891 HIGH This Week

An issue in Horizon Business Services Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Caterease
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-38881 HIGH This Week

An issue in Horizon Business Services Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Caterease
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-28297 HIGH This Week

SQL injection vulnerability in AzureSoft MyHorus 4.3.5 allows authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-41518 HIGH This Week

An Incorrect Access Control vulnerability in "/admin/programm/<program_id>/export/statistics" in Feripro <= v2.2.3 allows remote attackers to export an XLSX file with information about registrations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Feripro
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-41310 HIGH This Week

AndServer 2.1.12 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Andserver
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-38482 HIGH This Week

CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Cluster Component. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cloudlink
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-22169 HIGH This Week

WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment settings that could allow code execution by utilizing the 'ELECTRON_RUN_AS_NODE' environment variable. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Node.js
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-38776 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson WP GoToWebinar allows Cross-Site Scripting (XSS).7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF
NVD
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy