Skip to main content
CVE-2024-45256 CRITICAL POC Emergency

An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
9.8
EPSS
5.6%
CVE-2024-44557 CRITICAL POC Act Now

Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function setIptvInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Ax1806 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-44555 CRITICAL POC Act Now

Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Ax1806 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-44553 CRITICAL POC Act Now

Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Ax1806 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-44552 CRITICAL POC Act Now

Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Ax1806 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-44551 CRITICAL POC Act Now

Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Ax1806 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-44550 CRITICAL POC Act Now

Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formGetIptv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Ax1806 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-44549 CRITICAL POC Act Now

Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Ax1806 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-41285 CRITICAL POC Act Now

A stack overflow in FAST FW300R v1.3.13 Build 141023 Rel.61347n allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted file path. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Memory Corruption Fw300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-44558 CRITICAL POC Act Now

Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Ax1806 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-44556 CRITICAL POC Act Now

Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Ax1806 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-44565 CRITICAL POC Act Now

Tenda AX1806 v1.0.0.1 contains a stack overflow via the serverName parameter in the function form_fast_setting_internet_set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Ax1806 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-44563 CRITICAL POC Act Now

Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Ax1806 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-8162 CRITICAL POC Act Now

A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass T10 Firmware
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
1.7%
CVE-2024-42791 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_genre. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS CSRF Music Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-43798 HIGH POC PATCH This Week

Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.6
EPSS
0.4%
CVE-2024-43283 MEDIUM POC THREAT This Month

Insertion of Sensitive Information Into Sent Data vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.4%.

Information Disclosure
NVD VulDB
CVSS 3.1
5.3
EPSS
13.4%
CVE-2024-45241 HIGH POC THREAT This Week

A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
7.5
EPSS
13.6%
CVE-2024-8174 MEDIUM POC This Month

A vulnerability has been found in code-projects Blood Bank System 1.0 and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Blood Bank System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-8173 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Blood Bank System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-8169 MEDIUM POC This Month

A vulnerability was found in code-projects Online Quiz Site 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Quiz Site
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-8168 MEDIUM POC This Month

A vulnerability was found in code-projects Online Bus Reservation Site 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Bus Reservation Site
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-8167 MEDIUM POC This Month

A vulnerability was found in code-projects Job Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Job Portal
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-42789 MEDIUM POC This Month

A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/controller.php?page=test" in Kashipara Music Management System v1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Music Management System
NVD GitHub
CVSS 3.1
6.3
EPSS
0.6%
CVE-2024-44796 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component /auth/AzureRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Picuploader
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-44797 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component /managers/enable_requests.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Gazelle
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-44795 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component /login/disabled.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Gazelle
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-44794 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component /master/auth/OnedriveRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Picuploader
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-44793 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component /managers/multiple_freeleech.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Gazelle
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-42906 MEDIUM POC This Month

TestLink before v.1.9.20 is vulnerable to Cross Site Scripting (XSS) via the pop-up on upload file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Testlink
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-42788 MEDIUM POC This Month

A Stored Cross Site Scripting (XSS) vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Music Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-42787 MEDIUM POC This Month

A Stored Cross Site Scripting (XSS) vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Music Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-39097 MEDIUM POC This Month

There is an Open Redirect vulnerability in Gnuboard v6.0.4 and below via the `url` parameter in login path. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Gnuboard
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-7313 MEDIUM POC This Month

The Shield Security WordPress plugin before 20.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Shield Security
NVD WPScan
CVSS 3.1
6.1
EPSS
1.4%
CVE-2024-45265 CRITICAL Act Now

A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Arfa Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-42913 CRITICAL Act Now

RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ruoyi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-41444 CRITICAL Act Now

SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-34087 CRITICAL Act Now

An SEH-based buffer overflow in the BPQ32 HTTP Server in BPQ32 6.0.24.1 allows remote attackers with access to the Web Terminal to achieve remote code execution via an HTTP POST /TermInput request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-8161 CRITICAL Act Now

SQL injection vulnerability in ATISolutions CIGES affecting versions lower than 2.15.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-8073 CRITICAL Act Now

Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.5R6-2.6.7 through 5.5R6-2.8.13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Web Application Firewall
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-42790 MEDIUM POC This Month

A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/index.php?page=test" in Kashipara Music Management System v1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Music Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-8172 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Attendance System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Qr Code Attendance System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-8171 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tailoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-8170 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Zipped Folder Manager App 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Zipped Folder Manager App
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-7988 CRITICAL Act Now

A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Rockwell Thinmanager Thinserver
NVD
CVSS 4.0
9.3
EPSS
1.5%
CVE-2024-8166 MEDIUM POC This Month

A vulnerability has been found in Ruijie EG2000K 11.1(6)B2 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Eg2000K Firmware
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.7%
CVE-2024-43325 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Naiche Dark Mode for WP Dashboard.2.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Dark Mode For Wp Dashboard
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-43287 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue.1.82. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Newsletter Smtp Email Marketing And Subscribe
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-43116 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in 10up Simple Local Avatars.7.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Simple Local Avatars
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-39657 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Sender Sender - Newsletter, SMS and Email Marketing Automation for WooCommerce.6.18. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Sender
NVD
CVSS 3.1
8.8
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy