Skip to main content
CVE-2024-6782 CRITICAL POC THREAT Emergency

Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
83.4%
CVE-2024-6886 CRITICAL POC PATCH THREAT Act Now

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gitea Gitea Open Source Git Server allows Stored XSS.22.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gitea
NVD GitHub
CVSS 4.0
10.0
EPSS
40.3%
CVE-2024-39227 CRITICAL POC Act Now

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Mt6000 Firmware A1300 Firmware X300B Firmware +25
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-41616 CRITICAL POC Act Now

D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-39228 CRITICAL POC Act Now

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mt6000 Firmware A1300 Firmware X300B Firmware Ax1800 Firmware +24
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-39226 CRITICAL POC THREAT Act Now

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mt6000 Firmware A1300 Firmware X300B Firmware Ax1800 Firmware +24
NVD GitHub
CVSS 3.1
9.8
EPSS
20.6%
CVE-2024-39225 CRITICAL POC THREAT Act Now

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Mt6000 Firmware A1300 Firmware X300B Firmware Ax1800 Firmware +24
NVD GitHub
CVSS 3.1
9.8
EPSS
14.5%
CVE-2024-28740 CRITICAL POC Act Now

Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Koha
NVD
CVSS 3.1
9.6
EPSS
0.7%
CVE-2024-33897 CRITICAL POC Act Now

A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ewon Cosy Firmware
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-30170 CRITICAL POC Act Now

PrivX before 34.0 allows data exfiltration and denial of service via the REST API. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Privx
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-41226 HIGH POC This Week

A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Automation 360
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-6781 HIGH POC PATCH THREAT This Week

Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve arbitrary file read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Calibre
NVD GitHub
CVSS 3.1
7.5
EPSS
62.7%
CVE-2024-28739 HIGH POC THREAT This Week

An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Koha
NVD
CVSS 3.1
7.2
EPSS
17.7%
CVE-2024-7009 HIGH POC PATCH THREAT This Week

Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Calibre
NVD GitHub
CVSS 3.1
7.1
EPSS
13.9%
CVE-2024-7505 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in itsourcecode Bike Delivery System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bike Delivery System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-7498 MEDIUM POC This Month

A vulnerability was found in itsourcecode Airline Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Airline Reservation System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-7246 MEDIUM POC This Month

It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Grpc
NVD GitHub
CVSS 4.0
6.3
EPSS
0.2%
CVE-2024-41677 MEDIUM POC PATCH This Month

Qwik is a performance focused javascript framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Qwik
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-41333 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in Phpgurukul Tourism Management System v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Tourism Management System
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-7082 MEDIUM POC This Month

The Easy Table of Contents WordPress plugin before 2.0.68 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Easy Table Of Contents
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-6651 MEDIUM POC THREAT This Month

The WordPress File Upload WordPress plugin before 4.24.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS File Upload Wordpress File Upload
NVD WPScan
CVSS 3.1
6.1
EPSS
14.1%
CVE-2024-7008 MEDIUM POC PATCH THREAT This Month

Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Calibre
NVD GitHub
CVSS 3.1
6.1
EPSS
24.1%
CVE-2024-42395 CRITICAL Act Now

There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthenticated RCE attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-42394 CRITICAL Act Now

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42393 CRITICAL Act Now

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-23483 CRITICAL Act Now

An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Command Injection Client Connector
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-6359 CRITICAL Act Now

Privilege escalation vulnerability identified in OpenText ArcSight Intelligence. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Arcsight Intelligence
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-33974 CRITICAL Act Now

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP School Attendence Monitoring System School Event Management System
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-33960 CRITICAL Act Now

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Credit Card Debit Card Payment Paypal
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-6202 CRITICAL Act Now

HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Haloitsm
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-5828 CRITICAL Act Now

Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.8.7-00. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Microsoft Tuning Manager
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-7519 CRITICAL Act Now

Insufficient checks when processing graphics shared memory could have led to memory corruption. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Memory Corruption Firefox Firefox Esr +1
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2024-42358 MEDIUM POC PATCH This Month

PDFio is a simple C library for reading and writing PDF files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Pdfio
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-36424 MEDIUM POC This Month

K7RKScan.sys in K7 Ultimate Security before 17.0.2019 allows local users to cause a denial of service (BSOD) because of a NULL pointer dereference. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service K7 Ultimate Security
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
1.0%
CVE-2024-6766 MEDIUM POC This Month

The shortcodes-ultimate-pro WordPress plugin before 7.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Shortcodes Ultimate
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-39229 MEDIUM POC This Month

An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Mt6000 Firmware A1300 Firmware X300B Firmware Ax1800 Firmware +24
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-7552 MEDIUM POC This Month

A vulnerability was found in DataGear up to 5.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Datagear
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7506 MEDIUM POC This Month

A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Tailoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-7500 MEDIUM POC This Month

A vulnerability was found in itsourcecode Airline Reservation System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Airline Reservation System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-7499 MEDIUM POC This Month

A vulnerability was found in itsourcecode Airline Reservation System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Airline Reservation System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7497 MEDIUM POC This Month

A vulnerability was found in itsourcecode Airline Reservation System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Airline Reservation System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-7496 MEDIUM POC This Month

A vulnerability has been found in itsourcecode Airline Reservation System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Airline Reservation System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-7495 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in itsourcecode Laravel Accounting System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Laravel Accounting System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-41270 CRITICAL PATCH Act Now

An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gorush
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-7551 MEDIUM POC This Month

A vulnerability was found in juzaweb CMS up to 3.4.2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cms
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.9%
CVE-2024-7534 HIGH This Week

Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-7533 HIGH This Week

Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Memory Corruption Denial Of Service Apple +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-6998 HIGH This Week

Use after free in User Education in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-6997 HIGH This Week

Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-6994 HIGH This Week

Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy