Skip to main content
CVE-2024-34195 CRITICAL POC Act Now

TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption A3002r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-44761 CRITICAL POC Act Now

An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory traversal via crafted requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Eq Enterprise Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-34198 CRITICAL POC Act Now

TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3002ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-45059 HIGH POC PATCH This Week

i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP I Educar
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-8231 HIGH POC This Week

A vulnerability classified as critical has been found in Tenda O6 1.0.0.7(2054). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow O6 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2024-8230 HIGH POC This Week

A vulnerability was found in Tenda O6 1.0.0.7(2054). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow O6 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-8229 HIGH POC This Week

A vulnerability was found in Tenda O6 1.0.0.7(2054). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow O6 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-8228 HIGH POC This Week

A vulnerability was found in Tenda O5 1.0.0.8(5017). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow O5 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-8227 HIGH POC This Week

A vulnerability was found in Tenda O1 1.0.0.7(10648) and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow O1 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2024-8226 HIGH POC This Week

A vulnerability has been found in Tenda O1 1.0.0.7(10648) and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow O1 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.3%
CVE-2024-45058 HIGH POC PATCH This Week

i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Information Disclosure I Educar
NVD GitHub
CVSS 3.1
8.1
EPSS
1.4%
CVE-2024-42793 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Music Management System
NVD GitHub
CVSS 3.1
8.0
EPSS
0.2%
CVE-2024-6312 MEDIUM This Month

The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 3.7.3.2 via the 'af2DeleteFontFile' function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 25.7% and no vendor patch available.

RCE Path Traversal WordPress PHP Funnelforms Free
NVD
CVSS 3.1
6.5
EPSS
25.7%
CVE-2024-44760 HIGH POC This Week

Incorrect access control in the component /servlet/SnoopServlet of Shenzhou News Union Enterprise Management System v5.0 through v18.8 allows attackers to access sensitive information regarding the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Enterprise Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-41236 HIGH POC This Week

A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Responsive School Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-45048 MEDIUM POC PATCH This Month

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XXE Phpspreadsheet
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-45057 MEDIUM POC PATCH This Month

i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS I Educar
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-42900 MEDIUM POC This Month

Ruoyi v4.7.9 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the sql parameter of the createTable() function at /tool/gen/create. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ruoyi
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-42905 CRITICAL Act Now

Beijing Digital China Cloud Technology Co., Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
15.5%
CVE-2024-8030 CRITICAL PATCH Act Now

The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization WordPress Information Disclosure PHP Ultimate Store Kit
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-44915 MEDIUM POC This Month

An issue in the component EXR!ReadEXR+0x4eef0 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service Exr
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-44914 MEDIUM POC This Month

An issue in the component EXR!ReadEXR+0x3df50 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service Exr
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-44913 MEDIUM POC This Month

An issue in the component EXR!ReadEXR+0x40ef1 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service Exr
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-45046 MEDIUM POC PATCH This Month

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Phpspreadsheet
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-45043 MEDIUM POC PATCH This Month

The OpenTelemetry Collector module AWS firehose receiver is for ingesting AWS Kinesis Data Firehose delivery stream messages and parsing the records received based on the configured record type. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-8194 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-20286 HIGH This Week

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Python Nx Os
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-20285 HIGH This Week

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Python Nx Os
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-20284 HIGH This Week

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Python Nx Os
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-5546 HIGH This Week

Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Pam360 Manageengine Password Manager Pro
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2024-45346 HIGH This Week

The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Trend Micro
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-7269 HIGH This Week

Improper Neutralization of Input During Web Page Generation vulnerability in "Update of Personal Details" form in ConnX ESP HR Management allows Stored XSS attack. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Esp Hr Management
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-20446 HIGH This Week

A vulnerability in the DHCPv6 relay agent of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Cisco Denial Of Service
NVD
CVSS 3.1
8.6
EPSS
0.8%
CVE-2024-39584 HIGH This Week

Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Xps 8960 Firmware Xps 8950 Firmware Inspiron 3502 Firmware +17
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-7745 HIGH This Week

In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ws Ftp Server
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-4556 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information.0.4 and before 5.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Netiq Access Manager
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-4555 HIGH This Week

Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario.0.4.1 and before 5.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Netiq Access Manager
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-20478 HIGH This Week

A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE Cisco Application Policy Infrastructure Controller
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-6311 HIGH This Week

The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'af2_add_font' function in all versions up to, and including, 3.7.3.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload Funnelforms Free
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-39771 MEDIUM This Month

QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certificates, which may allow a network-adjacent unauthenticated attacker to obtain and/or alter. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Qbic Cloud Cc 2 2L Firmware Safie One Firmware
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-45054 MEDIUM PATCH This Month

Hwameistor is an HA local storage system for cloud-native stateful workloads. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Privilege Escalation Information Disclosure Hwameistor
NVD GitHub
CVSS 3.1
6.7
EPSS
0.3%
CVE-2024-20413 MEDIUM This Month

A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to elevate privileges to network-admin on an affected device. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20411 MEDIUM This Month

A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Cisco
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-7744 MEDIUM This Month

In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ws Ftp Server
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-43805 MEDIUM PATCH This Month

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jupyterlab Notebook
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-44943 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm: gup: stop abusing try_grab_folio A kernel warning was reported when pinning folio in CMA memory when launching SEV virtual. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-4554 MEDIUM This Month

Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack.0.4.1 and 5.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netiq Access Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41565 MEDIUM PATCH This Month

JustEnoughItems (JEI) 19.5.0.33 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Justenoughitems
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-41564 MEDIUM This Month

EMI v.1.1.10 and before, fixed in v.1.1.11, contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emi
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-42698 MEDIUM PATCH This Month

Roughly Enough Items (REI) v.16.0.729 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Roughlyenoughitems
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy