Skip to main content
CVE-2024-42561 HIGH POC This Week

Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at sales_report.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pharmacy Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
9.0%
CVE-2024-42557 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component admin_modify_room.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Hotel Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42555 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component admin_room_removed.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Hotel Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42554 HIGH POC This Week

Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_added.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hotel Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-42553 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component admin_room_added.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Hotel Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42552 HIGH POC This Week

Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_room_history.php. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hotel Management System
NVD GitHub
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-41659 HIGH POC PATCH This Week

memos is a privacy-first, lightweight note-taking service. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Cors Misconfiguration Memos
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-42578 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component edit_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Warehouse Inventory System
NVD GitHub
CVSS 3.1
8.0
EPSS
0.3%
CVE-2024-42564 HIGH POC This Week

ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/inventory/delete?action=delete. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Erp
NVD GitHub
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-7947 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Point of Sales and Inventory Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Point Of Sales And Inventory Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-7946 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Blood Bank Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-42598 MEDIUM POC This Month

SeaCMS 13.0 has a remote code execution vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Seacms
NVD
CVSS 3.1
6.7
EPSS
1.2%
CVE-2024-41658 MEDIUM POC This Month

Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Casdoor
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-42560 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component update_page_details.php of Blood Bank And Donation Management System commit dc9e039 allows attackers to execute arbitrary web scripts or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Blood Bank And Donation Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-43404 CRITICAL PATCH Act Now

MEGABOT is a fully customized Discord bot for learning and fun. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Python RCE Megabot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-30949 CRITICAL PATCH Act Now

An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Newlib
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-33872 CRITICAL Act Now

Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in code execution and escalation of privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-42559 CRITICAL Act Now

An issue in the login component (process_login.php) of Hotel Management System commit 79d688 allows attackers to authenticate without providing a valid password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42336 CRITICAL Act Now

Servision - CWE-287: Improper Authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ivg Webmax
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-43202 CRITICAL PATCH Act Now

Exposure of Remote Code Execution in Apache Dolphinscheduler.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Apache RCE Dolphinscheduler
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2024-6800 CRITICAL Act Now

An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Jwt Attack Enterprise Server
NVD GitHub
CVSS 4.0
9.5
EPSS
1.5%
CVE-2024-43396 MEDIUM POC PATCH This Month

Khoj is an application that creates personal AI agents. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Khoj
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-39094 MEDIUM POC This Month

Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the homepage, xmpp, and matrix parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Friendica
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7949 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Online Graduate Tracer System up to 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Graduate Tracer System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7948 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Accounts Manager App 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Accounts Manager App
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7945 MEDIUM POC This Month

A vulnerability was found in itsourcecode Laravel Property Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Laravel Property Management System
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-7943 MEDIUM POC This Month

A vulnerability was found in itsourcecode Laravel Property Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Laravel Property Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-7942 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Leads Manager Tool 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Leads Manager Tool
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7937 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Project Expense Monitoring System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Project Expense Monitoring System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-7936 MEDIUM POC This Month

A vulnerability classified as critical has been found in itsourcecode Project Expense Monitoring System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Project Expense Monitoring System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-27185 CRITICAL Act Now

The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling Joomla
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-8003 MEDIUM POC PATCH This Month

A vulnerability was found in Go-Tribe gotribe-admin 1.0 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available.

Deserialization Gotribe Admin
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.8%
CVE-2024-7777 CRITICAL PATCH Act Now

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read and deletion due. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Path Traversal PHP WordPress Contact Form Builder
NVD
CVSS 3.1
9.0
EPSS
1.0%
CVE-2024-43403 HIGH This Week

Kanister is a data protection workflow management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-42363 HIGH This Week

Prior to 3385, the user-controlled role parameter enters the application in the Kubernetes::RoleVerificationsController. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Kubernetes
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-31842 HIGH This Week

An issue was discovered in Italtel Embrace 1.6.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Embrace
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-38175 HIGH This Week

An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Microsoft Azure Managed Instance For Apache Cassandra
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-7827 HIGH This Week

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to boolean-based SQL Injection via the ‘model_number’ parameter in all versions up to, and including, 5.7.2 due to insufficient. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-1206 HIGH This Week

The AdRotate Banner Manager - The only ad manager you'll need plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotate_insert_media(). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload RCE
NVD
CVSS 3.1
7.2
EPSS
7.6%
CVE-2024-21689 HIGH This Week

This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian Bamboo
NVD
CVSS 3.1
8.0
EPSS
2.5%
CVE-2024-7305 HIGH This Week

A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Advance Steel Autocad +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-22281 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** The Apache Helix Front (UI) component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Helix
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-27187 HIGH This Week

Improper Access Controls allows backend users to overwrite their username when disallowed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Joomla
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-42662 HIGH This Week

An issue in apollocongif apollo v.2.2.0 allows a remote attacker to obtain sensitive information via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apollo
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-42006 HIGH This Week

Keyfactor AWS Orchestrator through 2.0 allows Information Disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aws Orchestrator
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-34458 HIGH This Week

Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Information Disclosure Command
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-6918 HIGH This Week

exists that could cause a crash of the Accutech Manager when receiving a specially crafted request over port 2536/TCP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-41700 HIGH This Week

Barix - CWE-200 Exposure of Sensitive Information to an Unauthorized Actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sip Client Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-41699 HIGH This Week

Priority - CWE-552: Files or Directories Accessible to External Parties. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Priority
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-41698 HIGH This Week

Priority - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Priority
NVD
CVSS 3.1
7.5
EPSS
0.3%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy