Skip to main content
CVE-2024-39717 HIGH KEV THREAT Act Now

Versa Director GUI contains a file upload vulnerability in the 'Change Favicon' functionality that allows provider-level administrators to upload malicious files, exploited by Volt Typhoon (Chinese APT) against ISPs.

NVD
CVSS 3.1
7.2
EPSS
4.6%
CVE-2024-45169 CRITICAL POC Act Now

An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Idol2
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-45167 CRITICAL POC Act Now

An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Idol2
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-45166 CRITICAL POC Act Now

An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Denial Of Service Idol2
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-42773 CRITICAL POC Act Now

An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Hotel Management System
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-42775 CRITICAL POC Act Now

An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Hotel Management System
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-45168 CRITICAL POC Act Now

An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Idol2
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-42599 HIGH POC This Week

SeaCMS 13.0 has a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Seacms
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-43033 HIGH POC This Week

JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Microsoft Jpress
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-8079 HIGH POC This Week

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow T8 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.1%
CVE-2024-8078 HIGH POC This Week

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow T8 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.0%
CVE-2024-42774 HIGH POC This Week

An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Hotel Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-42772 HIGH POC This Week

An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Hotel Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-42767 HIGH POC This Week

Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Hotel Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-42776 HIGH POC This Week

Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Hotel Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-8086 MEDIUM POC This Month

A vulnerability has been found in SourceCodester E-Commerce System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Commerce System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-8081 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Payroll Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Payroll Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-42768 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Hotel Management System
NVD GitHub
CVSS 3.1
6.8
EPSS
0.2%
CVE-2024-42761 MEDIUM POC This Month

A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin_schedule.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Bus Ticket Reservation System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-42769 MEDIUM POC This Month

A Reflected Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php " of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Hotel Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-36445 CRITICAL Act Now

Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-43331 CRITICAL Act Now

Missing Authorization vulnerability in VeronaLabs WP SMS.9.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp Sms
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-42763 MEDIUM POC This Month

A Reflected Cross Site Scripting (XSS) vulnerability was found in the "/schedule.php" page of the Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Bus Ticket Reservation System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-42762 MEDIUM POC This Month

A Stored Cross Site Scripting (XSS) vulnerability was found in "/history.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the Name,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Bus Ticket Reservation System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-36439 CRITICAL Act Now

Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative web interface via the device password's hash value, without knowing the actual device password. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.4
EPSS
0.9%
CVE-2024-8087 MEDIUM POC This Month

A vulnerability was found in SourceCodester E-Commerce System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Commerce System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8083 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Computer And Laptop Store
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8080 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Online Health Care System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Health Care System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8077 MEDIUM POC This Month

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection T8 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
2.9%
CVE-2024-45192 MEDIUM POC PATCH This Month

An issue was discovered in Matrix libolm through 3.2.16. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Olm
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-45191 MEDIUM POC PATCH This Month

An issue was discovered in Matrix libolm through 3.2.16. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Olm
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-8072 MEDIUM POC This Month

Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mage Ai
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-45163 CRITICAL Act Now

The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC (command and control) server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-8084 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Online Computer and Laptop Store 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Computer And Laptop Store
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-43787 MEDIUM POC PATCH This Month

Hono is a Web application framework that provides support for any JavaScript runtime. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

CSRF Hono
NVD GitHub
CVSS 3.1
5.0
EPSS
0.2%
CVE-2024-45201 HIGH PATCH This Week

An issue was discovered in llama_index before 0.10.38. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Llamaindex
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-42771 MEDIUM POC This Month

A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Hotel Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-36442 HIGH This Week

cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an authenticated attacker to gain access to arbitrary files on the device's file system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-40886 HIGH PATCH This Week

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Mattermost CSRF
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-7384 HIGH PATCH This Week

The AcyMailing - An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress File Upload Acymailing
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-39576 HIGH This Week

Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Power Manager
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-8076 HIGH This Week

A vulnerability was found in TOTOLINK AC1200 T8 4.1.5cu.862_B20230228 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow T8 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.8%
CVE-2024-42418 HIGH This Week

Avtec Outpost uses a default cryptographic key that can be used to decrypt sensitive information. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Outpost Uploader Utility Outpost 0810 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-39776 HIGH This Week

Avtec Outpost stores sensitive information in an insecure location without proper access controls in place. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Outpost Uploader Utility Outpost 0810 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-42770 MEDIUM POC This Month

A Stored Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php" of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via the. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Hotel Management System
NVD GitHub
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-45193 MEDIUM POC PATCH This Month

An issue was discovered in Matrix libolm through 3.2.16. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Olm
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-3127 MEDIUM POC This Month

An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-36444 HIGH This Week

cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an unauthenticated attacker to gain access to device logs. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-38210 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Buffer Overflow Microsoft RCE Information Disclosure +1
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-38209 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

RCE Microsoft Google Memory Corruption Edge Chromium
NVD
CVSS 3.1
7.8
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy