Skip to main content
CVE-2024-42362 HIGH POC PATCH This Week

Hertzbeat is an open source, real-time monitoring system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Deserialization Hertzbeat
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-41657 HIGH POC This Week

Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cors Misconfiguration Casdoor
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-42619 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?id=0&list=whitelist&remove=pligg.com. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-42612 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?whitelist_add. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-43406 HIGH POC PATCH This Week

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Ekuiper
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-42621 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_editor.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42618 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /module.php?module=karma. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42617 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_config.php?action=save&var_id=32. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42616 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=remove&widget=Statistics. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42613 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=install&widget=akismet. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42611 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.php?link_id=1&mode=delete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42610 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42609 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=avatars. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-42607 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42606 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_log.php?clear=1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-42605 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/edit_page.php?link_id=1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-42604 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_group.php?mode=delete&group_id=3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42603 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=clearall. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-39690 HIGH POC PATCH This Week

Capsule is a multi-tenancy and policy-based framework for Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Kubernetes Capsule
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-42608 HIGH POC This Week

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/submit_page.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Pligg Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42586 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Warehouse Inventory System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42585 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component delete_media.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Warehouse Inventory System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42584 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component delete_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Warehouse Inventory System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42583 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component delete_user.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Warehouse Inventory System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42582 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component delete_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Warehouse Inventory System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42581 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component delete_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Warehouse Inventory System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42580 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component edit_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Warehouse Inventory System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-42579 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component add_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Warehouse Inventory System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42577 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component add_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Warehouse Inventory System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42576 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component edit_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Warehouse Inventory System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42561 HIGH POC This Week

Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at sales_report.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pharmacy Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
9.0%
CVE-2024-42557 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component admin_modify_room.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Hotel Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42555 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component admin_room_removed.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Hotel Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42554 HIGH POC This Week

Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_added.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hotel Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-42553 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component admin_room_added.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Hotel Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-42552 HIGH POC This Week

Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_room_history.php. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hotel Management System
NVD GitHub
CVSS 3.1
8.6
EPSS
0.5%
CVE-2024-41659 HIGH POC PATCH This Week

memos is a privacy-first, lightweight note-taking service. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Cors Misconfiguration Memos
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-42578 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in the component edit_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Warehouse Inventory System
NVD GitHub
CVSS 3.1
8.0
EPSS
0.3%
CVE-2024-42564 HIGH POC This Week

ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/inventory/delete?action=delete. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Erp
NVD GitHub
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-43403 HIGH This Week

Kanister is a data protection workflow management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-42363 HIGH This Week

Prior to 3385, the user-controlled role parameter enters the application in the Kubernetes::RoleVerificationsController. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Kubernetes
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-31842 HIGH This Week

An issue was discovered in Italtel Embrace 1.6.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Embrace
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-38175 HIGH This Week

An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Microsoft Azure Managed Instance For Apache Cassandra
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-7827 HIGH This Week

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to boolean-based SQL Injection via the ‘model_number’ parameter in all versions up to, and including, 5.7.2 due to insufficient. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-1206 HIGH This Week

The AdRotate Banner Manager - The only ad manager you'll need plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotate_insert_media(). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload RCE
NVD
CVSS 3.1
7.2
EPSS
7.6%
CVE-2024-21689 HIGH This Week

This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Atlassian Bamboo
NVD
CVSS 3.1
8.0
EPSS
2.5%
CVE-2024-7305 HIGH This Week

A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Advance Steel Autocad +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-22281 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** The Apache Helix Front (UI) component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Helix
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-27187 HIGH This Week

Improper Access Controls allows backend users to overwrite their username when disallowed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Joomla
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-42662 HIGH This Week

An issue in apollocongif apollo v.2.2.0 allows a remote attacker to obtain sensitive information via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apollo
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy