Skip to main content
CVE-2024-7954 CRITICAL POC THREAT Emergency

The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection PHP RCE
NVD
CVSS 3.1
9.8
EPSS
89.9%
CVE-2024-44382 CRITICAL POC Act Now

D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8004W Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-44381 CRITICAL POC Act Now

D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8004W Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-42765 CRITICAL POC Act Now

A SQL injection vulnerability in "/login.php" of the Kashipara Bus Ticket Reservation System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the "email" or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bus Ticket Reservation System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-42764 CRITICAL POC Act Now

Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via /deleteTicket.php. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Bus Ticket Reservation System
NVD GitHub
CVSS 3.1
9.4
EPSS
0.3%
CVE-2024-42914 CRITICAL POC Act Now

A host header injection vulnerability exists in the forgot password functionality of ArrowCMS version 1.0.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Arrowcms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-44390 HIGH POC This Week

Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function formWrlsafeset. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Fh1206 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-44386 HIGH POC This Week

Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function fromSetIpBind. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1206 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-42523 HIGH POC This Week

publiccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/saveMetaData. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Publiccms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-8112 MEDIUM POC This Month

A vulnerability was found in thinkgem JeeSite 5.3. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jeesite
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-45190 MEDIUM POC This Month

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mage Ai
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-45189 MEDIUM POC This Month

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mage Ai
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-45188 MEDIUM POC This Month

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "File Content" request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mage Ai
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-44387 MEDIUM POC This Month

Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the functino formWrlExtraGet. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Fh1206 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-42852 MEDIUM POC This Month

Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b allows a remote attacker to execute arbitrary code via the index.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-6715 MEDIUM POC This Month

The Ditty WordPress plugin before 3.1.46 re-introduced a previously fixed security issue (https://wpscan.com/vulnerability/80a9eb3a-2cb1-4844-9004-ba2554b2d46c/) in v3.1.39. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Ditty
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-42531 CRITICAL Act Now

Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that can be used to redirect. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-32501 CRITICAL Act Now

A SQL Injection vulnerability exists in the updateServiceHost functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD
CVSS 3.1
9.8
EPSS
19.2%
CVE-2024-43782 CRITICAL PATCH Act Now

This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Openedx
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-40766 CRITICAL KEV THREAT Act Now

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sonicwall Sonicos
NVD
CVSS 3.1
9.8
EPSS
15.6%
CVE-2024-42918 MEDIUM POC This Month

itsourcecode Online Accreditation Management System contains a Cross Site Scripting vulnerability, which allows an attacker to execute arbitrary code via a crafted payload to the SCHOOLNAME,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Online Accreditation Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-8089 MEDIUM POC This Month

A vulnerability was found in SourceCodester E-Commerce System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload E Commerce System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-33854 CRITICAL Act Now

A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-33853 CRITICAL Act Now

A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-33852 CRITICAL Act Now

A SQL Injection vulnerability exists in the Downtime component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-40111 MEDIUM POC This Month

A persistent (stored) cross-site scripting (XSS) vulnerability has been identified in Automad 2.0.0-alpha.4. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Automad
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2024-45187 HIGH This Week

Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Mage Ai
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-39841 HIGH This Week

A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-42756 HIGH This Week

An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to execute arbitrary code via the Diagnostics page. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Netgear Dgn1000Ww Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
13.5%
CVE-2024-5586 HIGH This Week

Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in extranet lockouts report option. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Adaudit Plus
NVD
CVSS 3.1
8.8
EPSS
5.2%
CVE-2024-5556 HIGH This Week

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in reports module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Adaudit Plus
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2024-5490 HIGH This Week

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in aggregate reports option. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Adaudit Plus
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2024-5467 HIGH This Week

Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Adaudit Plus
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2024-5466 HIGH This Week

Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Zoho Manageengine Opmanager Manageengine Opmanager Msp +2
NVD
CVSS 3.1
8.8
EPSS
7.0%
CVE-2024-36517 HIGH This Week

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Adaudit Plus
NVD
CVSS 3.1
8.8
EPSS
5.3%
CVE-2024-36516 HIGH This Week

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Adaudit Plus
NVD
CVSS 3.1
8.8
EPSS
4.4%
CVE-2024-36515 HIGH This Week

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Adaudit Plus
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2024-36514 HIGH This Week

Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Adaudit Plus
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2024-3282 MEDIUM POC This Month

The WP Table Builder WordPress plugin through 1.5.0 does not sanitise and escape some of its Table data, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Table Builder
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-7258 HIGH PATCH This Week

The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfm_removeFeedFile' function in all versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google WordPress PHP Authentication Bypass RCE +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-7559 HIGH This Week

The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mk_file_folder_manager AJAX action in all versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection WordPress RCE File Manager Pro
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-37311 HIGH This Week

Collabora Online is a collaborative online office suite based on LibreOffice. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD GitHub
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-42040 HIGH This Week

Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow U Boot
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-42845 HIGH This Week

An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
8.0
EPSS
2.7%
CVE-2024-42915 HIGH This Week

A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection
NVD GitHub
CVSS 3.1
8.0
EPSS
0.4%
CVE-2024-43791 HIGH PATCH This Week

RequestStore provides per-request global storage for Rack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Request Store
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-43477 HIGH This Week

Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Entra Id
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-42636 HIGH This Week

DedeCMS V5.7.115 has a command execution vulnerability via file_manage_view.php?fmdo=newfile&activepath. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Dedecms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-8113 HIGH PATCH This Week

Stored XSS in organizer and event settings of pretix up to 2024.7.0 allows malicious event organizers to inject HTML tags into e-mail previews on settings page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable. No vendor patch available.

XSS Pretix
NVD
CVSS 4.0
7.2
EPSS
0.3%
CVE-2024-43883 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the driver carries stale pointers to. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.0
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy