Skip to main content
CVE-2024-5932 CRITICAL POC PATCH THREAT Act Now

The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization WordPress PHP Givewp
NVD GitHub
CVSS 3.1
9.8
EPSS
74.3%
CVE-2024-42361 CRITICAL POC PATCH Act Now

Hertzbeat is an open source, real-time monitoring system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Hertzbeat
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-42919 CRITICAL POC Act Now

eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVReport. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Escan Management Console
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-42575 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42574 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42573 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at dtmarks.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42572 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42571 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42570 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at admininsert.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42569 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at paidclass.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42568 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the transport parameter at vehicle.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42567 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at /search.php?action=2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42566 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the password parameter at login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42565 CRITICAL POC Act Now

ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/contact/delete?action=delete. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Erp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42563 CRITICAL POC Act Now

An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Erp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-42562 CRITICAL POC Act Now

Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at preview.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pharmacy Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42558 CRITICAL POC Act Now

Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_modify_room.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hotel Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-42556 CRITICAL POC Act Now

Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_removed.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hotel Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-6847 CRITICAL POC Act Now

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Chatbot With Chatgpt
NVD WPScan
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-35540 CRITICAL POC Act Now

A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Typecho
NVD Exploit-DB
CVSS 3.1
9.0
EPSS
2.7%
CVE-2024-42362 HIGH POC PATCH This Week

Hertzbeat is an open source, real-time monitoring system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Deserialization Hertzbeat
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-41657 HIGH POC This Week

Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cors Misconfiguration Casdoor
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-42619 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?id=0&list=whitelist&remove=pligg.com. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-42612 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?whitelist_add. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-43406 HIGH POC PATCH This Week

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Ekuiper
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-42621 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_editor.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42618 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /module.php?module=karma. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42617 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_config.php?action=save&var_id=32. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42616 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=remove&widget=Statistics. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42613 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=install&widget=akismet. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42611 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.php?link_id=1&mode=delete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42610 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42609 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=avatars. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-42607 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42606 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_log.php?clear=1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-42605 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/edit_page.php?link_id=1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-42604 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_group.php?mode=delete&group_id=3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42603 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=clearall. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-39690 HIGH POC PATCH This Week

Capsule is a multi-tenancy and policy-based framework for Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Kubernetes Capsule
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-42608 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/submit_page.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42586 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Warehouse Inventory System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42585 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component delete_media.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Warehouse Inventory System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42584 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component delete_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Warehouse Inventory System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42583 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component delete_user.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Warehouse Inventory System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42582 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component delete_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Warehouse Inventory System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42581 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component delete_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Warehouse Inventory System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42580 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component edit_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Warehouse Inventory System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-42579 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component add_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Warehouse Inventory System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42577 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component add_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Warehouse Inventory System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42576 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component edit_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Warehouse Inventory System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy