Skip to main content
CVE-2024-42815 CRITICAL POC Act Now

In the TP-Link RE365 V1_180213, there is a buffer overflow vulnerability due to the lack of length verification for the USER_AGENT field in /usr/bin/httpd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Memory Corruption Re365 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-42813 CRITICAL POC Act Now

In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tew 752Dru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-42812 CRITICAL POC THREAT Act Now

In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 860L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
15.5%
CVE-2024-43399 CRITICAL POC PATCH Act Now

Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Mobile Security Framework
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-6330 CRITICAL POC Act Now

The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Geo My Wordpress
NVD WPScan
CVSS 3.1
9.8
EPSS
2.1%
CVE-2024-42633 HIGH POC This Week

A Command Injection vulnerability exists in the do_upgrade_post function of the httpd binary in Linksys E1500 v1.0.06.001. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E1500 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2024-44083 HIGH POC This Week

ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that has many jumps linked, and the final jump corresponds to the payload from where the actual entry point will be invoked. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ida Pro
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2024-44069 HIGH POC This Week

Pi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= calls to change the temperature units of the web dashboard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Pi Hole
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-6451 HIGH POC This Week

AI Engine < 2.4.3 is susceptible to remote-code-execution (RCE) via Log Poisoning. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure PHP Ai Engine
NVD WPScan
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-7933 MEDIUM POC This Month

A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Project Expense Monitoring System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-7929 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Forum Website 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simple Forum Website
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-7927 MEDIUM POC This Month

A vulnerability classified as critical was found in ZZCMS 2023. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Zzcms
NVD VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-7926 MEDIUM POC This Month

A vulnerability classified as critical has been found in ZZCMS 2023. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Zzcms
NVD VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-7924 MEDIUM POC This Month

A vulnerability was found in ZZCMS 2023. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Zzcms
NVD VulDB
CVSS 4.0
6.9
EPSS
1.4%
CVE-2024-7919 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Jielink Jsotc2016
NVD VulDB
CVSS 4.0
6.9
EPSS
1.1%
CVE-2024-35539 MEDIUM POC This Month

Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Typecho
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
1.4%
CVE-2024-23729 MEDIUM POC This Month

The ColorOS Internet Browser com.heytap.browser application 45.10.3.4.1 for Android allows a remote attacker to execute arbitrary JavaScript code via the com.android.browser.RealBrowserActivity. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Google Internet Browser
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-6843 MEDIUM POC This Month

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not sanitise and escape user inputs, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Chatbot With Chatgpt
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-43354 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Saad Iqbal myCred mycred.7.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-43328 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPDeveloper EmbedPress allows PHP Local File Inclusion.0.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Embedpress
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-43311 CRITICAL Act Now

Improper Privilege Management vulnerability in Geek Code Lab Login As Users allows Privilege Escalation.4.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-43245 CRITICAL Act Now

Improper Privilege Management vulnerability in eyecix JobSearch allows Privilege Escalation.3.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-42658 CRITICAL Act Now

An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the cookie's parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ntpl Xpon1Gfevn Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-37099 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.14.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Givewp
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-44076 CRITICAL PATCH Act Now

In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microcks
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-43261 CRITICAL Act Now

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hamed Naderfar Compute Links allows PHP Remote File Inclusion.2.1. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI PHP Information Disclosure
NVD
CVSS 3.1
9.6
EPSS
0.5%
CVE-2024-43240 CRITICAL Act Now

Improper Authentication vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro.7. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
9.4
EPSS
0.2%
CVE-2024-7935 MEDIUM POC This Month

A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Project Expense Monitoring System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7934 MEDIUM POC This Month

A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Project Expense Monitoring System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7931 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Graduate Tracer System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7930 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Clinic S Patient Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7928 MEDIUM POC THREAT This Month

A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Fastadmin
NVD VulDB
CVSS 4.0
5.3
EPSS
16.9%
CVE-2024-35538 MEDIUM POC This Month

Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Typecho
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-7925 MEDIUM POC This Month

A vulnerability was found in ZZCMS 2023. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Zzcms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7922 MEDIUM POC THREAT This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 120 Firmware Dnr 202L Firmware Dns 315L Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
19.5%
CVE-2024-7921 MEDIUM POC This Month

A vulnerability has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Jielink Jsotc2016
NVD VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-7920 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Jielink Jsotc2016
NVD VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-43252 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Crew HRM Crew HRM hr-management.1.1. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD VulDB
CVSS 3.1
9.0
EPSS
0.7%
CVE-2024-43242 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro.7. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD VulDB
CVSS 3.1
9.0
EPSS
0.6%
CVE-2024-43248 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bit Apps Bit Form Pro allows File Manipulation.6.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Bit Form
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-43249 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form Pro allows Command Injection.6.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection File Upload Bit Form
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-43247 HIGH This Week

Missing Authorization vulnerability in creativeon WHMpress allows Accessing Functionality Not Properly Constrained by ACLs.2-revision-5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-43271 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themelocation Woo Products Widgets For Elementor allows PHP Local File Inclusion.0.0. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal PHP
NVD
CVSS 3.1
8.5
EPSS
0.6%
CVE-2024-43232 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP OnlineSupport, Essential Plugin Timeline and History slider allows PHP Local File Inclusion.3. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal PHP
NVD
CVSS 3.1
8.5
EPSS
0.5%
CVE-2024-43221 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetGridBuilder allows PHP Local File Inclusion.1.2. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal PHP
NVD
CVSS 3.1
8.5
EPSS
0.5%
CVE-2024-44067 HIGH This Week

The T-Head XuanTie C910 CPU in the TH1520 SoC and the T-Head XuanTie C920 CPU in the SOPHON SG2042 have instructions that allow unprivileged attackers to write to arbitrary physical memory locations,. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-43401 HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Xwiki
NVD GitHub
CVSS 3.1
8.0
EPSS
0.6%
CVE-2024-32927 HIGH This Week

In sendDeviceState_1_6 of RadioExt.cpp, there is a possible use after free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Use After Free Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-43345 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PluginOps Landing Page Builder allows PHP Local File Inclusion.5.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal PHP
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-42657 HIGH This Week

An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the lack of encryption during login process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ntpl Xpon1Gfevn Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy