Skip to main content
CVE-2024-45622 CRITICAL POC THREAT Act Now

ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SQLi PHP
NVD GitHub
CVSS 3.1
9.8
EPSS
36.3%
CVE-2024-45388 HIGH POC PATCH THREAT This Week

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Hoverfly
NVD GitHub
CVSS 3.1
7.5
EPSS
55.9%
CVE-2024-42471 HIGH POC PATCH This Week

actions/artifact is the GitHub ToolKit for developing GitHub Actions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Actions Artifact Actions Toolkit
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
3.0%
CVE-2024-45308 MEDIUM POC PATCH This Month

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Hedgedoc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-43792 MEDIUM POC This Month

Halo is an open source website building tool. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Halo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-7692 MEDIUM POC This Month

The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Flaming Forms
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-7691 MEDIUM POC This Month

The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Flaming Forms
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-7354 MEDIUM POC This Month

The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ninja Forms
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-45527 MEDIUM POC This Month

REDCap 14.7.0 allows HTML injection via the project title of a New Project action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Redcap
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-45623 CRITICAL Act Now

D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Buffer Overflow PHP Code Injection Apache +1
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-45522 CRITICAL PATCH Act Now

Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Linen
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-45528 MEDIUM POC This Month

CodeAstro MembershipM-PHP (aka Membership Management System in PHP) 1.0 allows add_members.php fullname stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Membership Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-6919 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Nacpremium
NVD VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2024-43773 CRITICAL Act Now

SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Easytest Online Test Platform
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-43772 CRITICAL Act Now

SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Easytest Online Test Platform
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-6921 HIGH This Week

Cleartext Storage of Sensitive Information vulnerability in NAC Telecommunication Systems Inc. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nacpremium
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-7871 HIGH This Week

SQL Injection in online dictionary function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the word parameter. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Easytest Online Test Platform
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-43776 HIGH This Week

SQL Injection in mock exam function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the qlevel parameter. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Easytest Online Test Platform
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-43775 HIGH This Week

SQL Injection in search course titles function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the search parameter. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Easytest Online Test Platform
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-43774 HIGH This Week

SQL Injection in download personal learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the uid. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Easytest Online Test Platform
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-33035 HIGH This Week

Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Qam8255p Firmware Qam8620p Firmware Qam8650p Firmware +86
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-23365 HIGH This Week

Memory corruption while releasing shared resources in MinkSocket listener thread. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption Qamsrv1m Firmware Qca6574 Firmware +45
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-1621 HIGH This Week

The registration process of uniFLOW Online (NT-ware product) apps, prior to and including version 2024.1.0, can be compromised when email login is enabled on the tenant. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Uniflow Online Uniflow Online Print Scan Uniflow Smartclient
NVD
CVSS 4.0
8.3
EPSS
0.4%
CVE-2024-43797 MEDIUM POC This Month

audiobookshelf is a self-hosted audiobook and podcast server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Audiobookshelf
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-7690 MEDIUM POC This Month

The DN Popup WordPress plugin through 1.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Dn Popup
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-23359 HIGH This Week

Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Qcn9024 Firmware Qcs4490 Firmware Qcs5430 Firmware +156
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-38402 HIGH PATCH This Week

Memory corruption while processing IOCTL call for getting group info. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Ar8035 Firmware Csra6620 Firmware +161
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-38401 HIGH PATCH This Week

Memory corruption while processing concurrent IOCTL calls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Ar8035 Firmware C V2x 9150 Firmware +38
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33060 HIGH PATCH This Week

Memory corruption when two threads try to map and unmap a single node simultaneously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption 315 5g Iot Firmware Aqt1000 Firmware +241
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-33054 HIGH PATCH This Week

Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Fastconnect 6700 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qcm5430 Firmware +28
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33052 HIGH PATCH This Week

Memory corruption when user provides data for FM HCI command control operations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Apq8017 Firmware Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +193
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33047 HIGH This Week

Memory corruption when the captureRead QDCM command is invoked from user-space. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6700 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qcm5430 Firmware +20
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33045 HIGH PATCH This Week

Memory corruption when BTFM client sends new messages over Slimbus to ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware Fastconnect 6200 Firmware +171
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33042 HIGH PATCH This Week

Memory corruption when Alternative Frequency offset value is set to 255. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Apq8017 Firmware Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +192
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-33038 HIGH PATCH This Week

Memory corruption while passing untrusted/corrupted pointers from DSP to EVA. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Fastconnect 6700 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qcm4490 Firmware +39
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-41160 HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-41157 HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-39816 HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-38386 HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-45311 HIGH PATCH This Week

Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Quinn
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-5148 HIGH This Week

A flaw was found in the gnome-remote-desktop package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-33057 HIGH PATCH This Week

Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware +166
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33051 HIGH This Week

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Firmware 9206 Lte Firmware Apq8017 Firmware Aqt1000 Firmware +278
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33050 HIGH PATCH This Week

Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ar8035 Firmware Ar9380 Firmware Csr8811 Firmware Csra6620 Firmware +248
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-33048 HIGH PATCH This Week

Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware +183
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-23364 HIGH This Week

Transient DOS when processing the non-transmitted BSSID profile sub-elements present within the MBSSID Information Element (IE) of a beacon frame that is received from over-the-air (OTA). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware +173
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-23358 HIGH This Week

Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apq8017 Firmware Apq8037 Firmware Ar8035 Firmware Fastconnect 7800 Firmware +49
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-39775 HIGH This Week

in OpenHarmony v4.1.0 and prior versions allow a remote attacker cause information leak through out-of-bounds Read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Openharmony
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-20089 HIGH This Week

In wlan, there is a possible denial of service due to incorrect error handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yocto Rdk B Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-23362 HIGH This Week

Cryptographic issue while parsing RSA keys in COBR format. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure 9205 Lte Modem Firmware Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +226
NVD
CVSS 3.1
7.1
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy