Skip to main content
CVE-2024-5932 CRITICAL POC PATCH THREAT Act Now

The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization WordPress PHP Givewp
NVD GitHub
CVSS 3.1
9.8
EPSS
74.3%
CVE-2024-42361 CRITICAL POC PATCH Act Now

Hertzbeat is an open source, real-time monitoring system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Hertzbeat
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-42919 CRITICAL POC Act Now

eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVReport. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Escan Management Console
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-42575 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42574 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42573 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at dtmarks.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42572 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42571 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42570 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at admininsert.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42569 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at paidclass.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42568 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the transport parameter at vehicle.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42567 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at /search.php?action=2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42566 CRITICAL POC Act Now

School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the password parameter at login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42565 CRITICAL POC Act Now

ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/contact/delete?action=delete. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Erp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42563 CRITICAL POC Act Now

An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Erp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-42562 CRITICAL POC Act Now

Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at preview.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pharmacy Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42558 CRITICAL POC Act Now

Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_modify_room.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hotel Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-42556 CRITICAL POC Act Now

Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_removed.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hotel Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-6847 CRITICAL POC Act Now

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Chatbot With Chatgpt
NVD WPScan
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-35540 CRITICAL POC Act Now

A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Typecho
NVD Exploit-DB
CVSS 3.1
9.0
EPSS
2.7%
CVE-2024-43404 CRITICAL PATCH Act Now

MEGABOT is a fully customized Discord bot for learning and fun. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Python RCE Megabot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-30949 CRITICAL PATCH Act Now

An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Newlib
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-33872 CRITICAL Act Now

Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in code execution and escalation of privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-42559 CRITICAL Act Now

An issue in the login component (process_login.php) of Hotel Management System commit 79d688 allows attackers to authenticate without providing a valid password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-42336 CRITICAL Act Now

Servision - CWE-287: Improper Authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ivg Webmax
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-43202 CRITICAL PATCH Act Now

Exposure of Remote Code Execution in Apache Dolphinscheduler.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Apache RCE Dolphinscheduler
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2024-6800 CRITICAL Act Now

An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Jwt Attack Enterprise Server
NVD GitHub
CVSS 4.0
9.5
EPSS
1.5%
CVE-2024-27185 CRITICAL Act Now

The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling Joomla
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-7777 CRITICAL PATCH Act Now

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read and deletion due. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Path Traversal PHP WordPress Contact Form Builder
NVD
CVSS 3.1
9.0
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy