Skip to main content
CVE-2024-44342 CRITICAL POC Act Now

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the wl(0).(0)_ssid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 846W Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2024-44341 CRITICAL POC Act Now

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 846W Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2024-41622 CRITICAL POC Act Now

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in /HNAP1/ interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 846W Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2024-44340 HIGH POC This Week

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via keys smartqos_express_devices and smartqos_normal_devices in SetSmartQoSSettings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 846W Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-8225 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.20. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow G3 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2024-8224 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.20. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow G3 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2024-8181 HIGH POC THREAT This Week

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Flowise
NVD
CVSS 3.1
8.1
EPSS
42.8%
CVE-2024-45321 HIGH POC PATCH This Week

The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-42851 HIGH POC This Week

Buffer Overflow vulnerability in open source exiftags v.1.01 allows a local attacker to execute arbitrary code via the paresetag function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Exiftags
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-43783 HIGH POC PATCH This Week

The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Apollo Router Apollo Helms Charts Router
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-43414 HIGH POC PATCH This Week

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apollo Router Apollo Gateway Apollo Helms Charts Router Apollo Query Planner
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-8219 MEDIUM POC This Month

A vulnerability was found in code-projects Responsive Hotel Site 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Responsive Hotel Site
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-8218 MEDIUM POC This Month

A vulnerability was found in code-projects Online Quiz Site 1.0 and classified as critical.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Quiz Site
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-8217 MEDIUM POC This Month

A vulnerability has been found in SourceCodester E-Commerce Website 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Commerce Website
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-43788 MEDIUM POC PATCH This Month

Webpack is a module bundler. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Webpack
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-7720 CRITICAL Act Now

HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection HP RCE Security Manager
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-36068 CRITICAL Act Now

An incorrect access control vulnerability in Rubrik CDM versions prior to 9.1.2-p1, 9.0.3-p6 and 8.1.3-p12, allows an attacker with network access to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Cloud Data Management
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-6633 CRITICAL Act Now

The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Filecatalyst Workflow
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-7940 CRITICAL Act Now

The product exposes a service that is intended for local only to all network interfaces without any authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microscada X Sys600
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-7071 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Brain Low Code
NVD VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2024-8223 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Music Gallery Site
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8222 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Music Gallery Site
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8221 MEDIUM POC This Month

A vulnerability was found in SourceCodester Music Gallery Site 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Music Gallery Site
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8220 MEDIUM POC This Month

A vulnerability was found in itsourcecode Tailoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tailoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8214 MEDIUM POC This Month

A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 315L Firmware Dns 320Lw Firmware Dns 1550 04 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
5.2%
CVE-2024-8213 MEDIUM POC This Month

A vulnerability classified as critical has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 315L Firmware Dns 320Lw Firmware Dns 1550 04 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
7.2%
CVE-2024-8212 MEDIUM POC This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 315L Firmware Dns 320Lw Firmware Dns 1550 04 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
7.5%
CVE-2024-8211 MEDIUM POC This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 315L Firmware Dns 320Lw Firmware Dns 1550 04 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
5.4%
CVE-2024-8210 MEDIUM POC This Month

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dns 315L Firmware Dns 320Lw Firmware Dns 1550 04 Firmware +17
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
7.5%
CVE-2024-45264 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in the admin panel in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to add a new administrator, leading to escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Arfa Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-4872 HIGH This Week

A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Nosql Injection Microscada Pro Sys600 Microscada X Sys600
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-3980 HIGH This Week

The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Microscada Pro Sys600 Microscada X Sys600
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-6789 HIGH This Week

A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 and LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6 allows authenticated user to read files. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal M Files Server
NVD
CVSS 4.0
8.4
EPSS
0.6%
CVE-2024-3982 HIGH This Week

An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microscada X Sys600
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-41173 HIGH This Week

The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ipc Diagnostics Package Twincat Bsd
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-7125 HIGH This Week

Authentication Bypass vulnerability in Hitachi Ops Center Common Services.9.3-00 before 11.0.2-01. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ops Center Common Services
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-45049 HIGH PATCH This Week

Hydra is a Continuous Integration service for Nix based projects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Hydra
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-45038 HIGH This Week

Meshtastic device firmware is a firmware for meshtastic devices to run an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Meshtastic Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-8182 HIGH This Week

An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Flowise
NVD
CVSS 3.1
7.5
EPSS
13.9%
CVE-2024-41176 HIGH This Week

The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local attacker to induce a Denial-of-Service (DoS) condition on the daemon and execute code in the context of user. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Mdp Package Twincat Bsd
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-41174 HIGH This Week

The IPC-Diagnostics package in TwinCAT/BSD is susceptible to improper input neutralization by a low-privileged local attacker. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

XSS Ipc Diagnostics Package Twincat Bsd
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-6632 HIGH This Week

A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Filecatalyst Workflow
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-8207 MEDIUM This Month

In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure MongoDB
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-40395 MEDIUM This Month

An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Thingworx
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-45037 MEDIUM PATCH This Month

The AWS Cloud Development Kit (CDK) is an open-source framework for defining cloud infrastructure using code. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Aws Cloud Development Kit
NVD GitHub
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-8046 MEDIUM This Month

The Logo Showcase Ultimate - Logo Carousel, Logo Slider & Logo Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.1. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-5288 MEDIUM This Month

An issue was discovered in wolfSSL before 5.7.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Wolfssl
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-7608 MEDIUM This Month

An authenticated user can access the restricted files from NX, EX, FX, AX, IVX and CMS using path traversal. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-41175 MEDIUM This Month

The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local denial-of-service attack by a low privileged attacker. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Ipc Diagnostics Package Twincat Bsd
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-7791 MEDIUM PATCH This Month

The 140+ Widgets | Xpro Addons For Elementor - FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘arrow’ parameter within the Post Grid widget in all versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Xpro Addons For Elementor
NVD
CVSS 3.1
5.4
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy