Skip to main content
CVE-2024-7856 HIGH PATCH Act Now

The MP3 Audio Player - Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 77.0%.

Authentication Bypass RCE WordPress PHP Mp3 Audio Player For Music Radio Podcast
NVD
CVSS 3.1
8.1
EPSS
77.0%
CVE-2024-6671 CRITICAL POC THREAT Act Now

In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Whatsup Gold
NVD
CVSS 3.1
9.8
EPSS
14.9%
CVE-2024-6670 CRITICAL POC KEV THREAT Act Now

In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Whatsup Gold
NVD GitHub
CVSS 3.1
9.8
EPSS
94.7%
CVE-2024-41372 CRITICAL POC Act Now

Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/settyping.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Organizr
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-41370 CRITICAL POC Act Now

Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Organizr
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-41369 CRITICAL POC Act Now

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWifi.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Phoniebox
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-41368 CRITICAL POC Act Now

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWlanIpMail.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Phoniebox
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-41367 CRITICAL POC Act Now

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\api\playlist\appendFileToPlaylist.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Phoniebox
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-41366 CRITICAL POC Act Now

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\userScripts.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Phoniebox
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-41364 CRITICAL POC Act Now

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\trackEdit.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Phoniebox
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-41361 CRITICAL POC Act Now

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\manageFilesFolders.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Phoniebox
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-43965 CRITICAL POC Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress Sendgrid
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-43917 CRITICAL POC THREAT Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.8.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Ti Woocommerce Wishlist
NVD GitHub
CVSS 3.1
9.8
EPSS
21.8%
CVE-2024-43144 CRITICAL POC Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.2.15. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cost Calculator Builder
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2024-5057 CRITICAL POC Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.2.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Easy Digital Downloads
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2024-45435 CRITICAL POC Act Now

Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Chartist
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-43804 HIGH POC This Week

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Apache Command Injection Nginx Roxy Wi
NVD GitHub
CVSS 3.1
8.8
EPSS
2.6%
CVE-2024-35133 HIGH POC This Week

IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

IBM Open Redirect Security Verify Access Security Verify Access Docker
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
1.6%
CVE-2024-45302 HIGH POC PATCH This Week

RestSharp is a Simple REST and HTTP API Client for .NET. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

SSRF Restsharp
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-8301 MEDIUM POC This Month

A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Dingfanzu
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-43955 CRITICAL Act Now

Unauthenticated path traversal in Themeum's Droip WordPress plugin (versions prior to 2.5.2) lets remote attackers read sensitive files outside the intended directory and trigger availability impact with scope change to the underlying WordPress host. CVSS rates this 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H), and while no public exploit is identified at time of analysis, the EPSS of 1.13% (78th percentile) signals meaningfully elevated exploitation interest relative to the broader CVE population.

Path Traversal
NVD
CVSS 3.1
10.0
EPSS
1.1%
CVE-2024-41349 MEDIUM POC This Month

unmark 1.9.2 is vulnerable to Cross Site Scripting (XSS) via application/views/marks/add_by_url.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Unmark
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41371 MEDIUM POC This Month

Organizr v1.90 is vulnerable to Cross Site Scripting (XSS) via api.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Organizr
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41358 MEDIUM POC This Month

phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\import-export\import-load-data.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phpipam
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
1.5%
CVE-2024-41351 MEDIUM POC This Month

bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/getContent.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bjyadmin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41350 MEDIUM POC This Month

bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/imageUp.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bjyadmin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-41348 MEDIUM POC This Month

openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/alsearch.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Openflights
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-41347 MEDIUM POC This Month

openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/settings.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Openflights
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-43941 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Propovoice Propovoice Pro allows SQL Injection.7.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Propovoice
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-43931 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.5.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Jobsearch Wp Job Board
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-43922 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in NitroPack Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Nitropack
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-43918 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WBW Product Table PRO allows SQL Injection.9.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Product Table
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-43132 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPWeb Elite Docket (WooCommerce Collections / Wishlist / Watchlist) allows SQL Injection.7.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress Docket
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-39653 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E4J s.R.L. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Vikrentcar
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-29731 CRITICAL Act Now

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sportsnet
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-29730 CRITICAL Act Now

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sportsnet
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-29729 CRITICAL Act Now

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sportsnet
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-29728 CRITICAL Act Now

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sportsnet
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-29727 CRITICAL Act Now

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sportsnet
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-29726 CRITICAL Act Now

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sportsnet
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-29725 CRITICAL Act Now

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sportsnet
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-29724 CRITICAL Act Now

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sportsnet
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-29723 CRITICAL Act Now

SQL injection vulnerabilities in SportsNET affecting version 4.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sportsnet
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-45233 CRITICAL PATCH Act Now

An issue was discovered in powermail extension through 12.3.5 for TYPO3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Powermail
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-44779 CRITICAL Act Now

A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Vtiger Crm
NVD
CVSS 3.1
9.6
EPSS
0.7%
CVE-2024-44778 CRITICAL Act Now

A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Vtiger Crm
NVD
CVSS 3.1
9.6
EPSS
0.7%
CVE-2024-44777 CRITICAL Act Now

A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Vtiger Crm
NVD
CVSS 3.1
9.6
EPSS
0.7%
CVE-2024-8250 MEDIUM POC This Month

NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-38795 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro-plugin allows SQL Injection.9.4. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.3
EPSS
0.6%
CVE-2024-41346 MEDIUM POC This Month

openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/submit.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Openflights
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy