Skip to main content
CVE-2024-41237 CRITICAL POC Act Now

A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Responsive School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-34480 CRITICAL POC Act Now

SourceCodester Computer Laboratory Management System 1.0 allows admin/category/view_category.php id SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Computer Laboratory Management System
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-34479 CRITICAL POC Act Now

SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Computer Laboratory Management System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-6890 HIGH POC This Week

Password reset tokens are generated using an insecure source of randomness. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Journyx
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-6707 HIGH POC This Week

Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Open Webui
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-7585 HIGH POC This Week

A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda I22 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-7584 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Tenda i22 1.0.0.3(4687). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda I22 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-7583 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Tenda i22 1.0.0.3(4687). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda I22 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.4%
CVE-2024-7582 HIGH POC This Week

A vulnerability classified as critical was found in Tenda i22 1.0.0.3(4687). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda I22 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.4%
CVE-2024-7581 HIGH POC This Week

A vulnerability classified as critical has been found in Tenda A301 15.13.08.12. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow A301 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.4%
CVE-2024-41309 HIGH POC This Week

An issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Enjay Crm
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-41308 HIGH POC This Week

An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Enjay Crm
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-5290 HIGH POC This Week

An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ubuntu Wpa Supplicant
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-7578 MEDIUM POC This Month

A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Alr F800 Firmware
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-41252 MEDIUM POC This Month

An Incorrect Access Control vulnerability was found in /smsa/admin_student_register_approval.php and /smsa/admin_student_register_approval_submit.php in Kashipara Responsive School Management System. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Responsive School Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-41251 MEDIUM POC This Month

An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Responsive School Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-6706 MEDIUM POC This Month

Attackers can craft a malicious prompt that coerces the language model into executing arbitrary JavaScript in the context of the web page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Webui
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-41242 MEDIUM POC This Month

A Reflected Cross Site Scripting (XSS) vulnerability was found in /smsa/student_login.php in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Responsive School Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-41241 MEDIUM POC This Month

A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/admin_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Responsive School Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-41240 MEDIUM POC This Month

A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/teacher_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Responsive School Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-6494 MEDIUM POC This Month

The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could allow unauthenticated users to execute stored cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS File Upload Wordpress File Upload
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41912 CRITICAL Act Now

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Poly Clariti Manager
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-20454 CRITICAL Act Now

Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Spa 301 Firmware Spa 303 Firmware Spa 501G Firmware +8
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2024-20450 CRITICAL Act Now

Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Spa 301 Firmware Spa 303 Firmware Spa 501G Firmware +8
NVD
CVSS 3.1
9.8
EPSS
7.2%
CVE-2024-36130 CRITICAL Act Now

An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Endpoint Manager Mobile
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2024-6522 CRITICAL Act Now

The Modern Events Calendar plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.12.1 via the 'mec_fes_form' AJAX function. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress Modern Events Calendar Modern Events Calendar Lite
NVD
CVSS 3.1
9.6
EPSS
0.4%
CVE-2024-41250 MEDIUM POC This Month

An Incorrect Access Control vulnerability was found in /smsa/view_students.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view STUDENT. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Responsive School Management System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-41245 MEDIUM POC This Month

An Incorrect Access Control vulnerability was found in /smsa/view_teachers.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view TEACHER. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Responsive School Management System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-41244 MEDIUM POC This Month

An Incorrect Access Control vulnerability was found in /smsa/view_class.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view CLASS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Responsive School Management System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-41243 MEDIUM POC This Month

An Incorrect Access Control vulnerability was found in /smsa/view_marks.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view MARKS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Responsive School Management System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-41432 MEDIUM POC This Month

An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Likeshop
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-41249 MEDIUM POC This Month

An Incorrect Access Control vulnerability was found in /smsa/view_subject.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view SUBJECT. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Responsive School Management System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-41248 MEDIUM POC This Month

An Incorrect Access Control vulnerability was found in /smsa/add_subject.php and /smsa/add_subject_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Responsive School Management System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-41247 MEDIUM POC This Month

An Incorrect Access Control vulnerability was found in /smsa/add_class.php and /smsa/add_class_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Responsive School Management System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-41246 MEDIUM POC This Month

An Incorrect Access Control vulnerability was found in /smsa/admin_dashboard.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Responsive School Management System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-7580 MEDIUM POC This Month

A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Alr F800 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
8.9%
CVE-2024-7579 MEDIUM POC This Month

A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Alr F800 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
8.4%
CVE-2024-41239 MEDIUM POC This Month

A Stored Cross Site Scripting (XSS) vulnerability was found in "/smsa/add_class_submit.php" in Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Responsive School Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-43044 HIGH PATCH This Week

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins
NVD
CVSS 3.1
8.8
EPSS
28.8%
CVE-2024-3973 MEDIUM POC This Month

The House Manager WordPress plugin through 1.0.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS House Manager
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-36131 HIGH This Week

An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Endpoint Manager Mobile
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2024-34619 HIGH This Week

Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Android
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-7265 HIGH This Week

Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user,. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Ezd Rp
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-7143 HIGH This Week

A flaw was found in the Pulp package. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pulp
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2024-42222 MEDIUM POC This Month

In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache Information Disclosure Cloudstack
NVD GitHub
CVSS 3.1
4.3
EPSS
1.0%
CVE-2024-7061 HIGH This Week

Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Microsoft Verify
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-43199 HIGH PATCH This Week

Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executable files are owned by the nagios user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Privilege Escalation Ndoutils
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2024-7553 HIGH This Week

Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass PHP Privilege Escalation Microsoft MongoDB +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-34623 HIGH This Week

Out-of-bounds write in applying connected information in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Samsung Memory Corruption Notes
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-34622 HIGH This Week

Out-of-bounds write in appending paragraph in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Samsung Memory Corruption Notes
NVD
CVSS 3.1
7.8
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy