Skip to main content
CVE-2024-41237 CRITICAL POC Act Now

A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Responsive School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-34480 CRITICAL POC Act Now

SourceCodester Computer Laboratory Management System 1.0 allows admin/category/view_category.php id SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Computer Laboratory Management System
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-34479 CRITICAL POC Act Now

SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Computer Laboratory Management System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-41912 CRITICAL Act Now

A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Poly Clariti Manager
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-20454 CRITICAL Act Now

Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Spa 301 Firmware Spa 303 Firmware Spa 501G Firmware +8
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2024-20450 CRITICAL Act Now

Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Spa 301 Firmware Spa 303 Firmware Spa 501G Firmware +8
NVD
CVSS 3.1
9.8
EPSS
7.2%
CVE-2024-36130 CRITICAL Act Now

An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Endpoint Manager Mobile
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2024-6522 CRITICAL Act Now

The Modern Events Calendar plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.12.1 via the 'mec_fes_form' AJAX function. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress Modern Events Calendar Modern Events Calendar Lite
NVD
CVSS 3.1
9.6
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy