Skip to main content
CVE-2024-20439 CRITICAL POC KEV THREAT Act Now

A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Smart License Utility
NVD
CVSS 3.1
9.8
EPSS
91.9%
CVE-2024-44400 CRITICAL POC THREAT Act Now

A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical.asp file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Di 8400 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
14.1%
CVE-2024-45507 CRITICAL POC PATCH THREAT Act Now

Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.12.16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Code Injection Apache RCE Ofbiz
NVD
CVSS 3.1
9.8
EPSS
93.2%
CVE-2024-6926 CRITICAL POC Act Now

The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Viral Signup
NVD WPScan
CVSS 3.1
9.8
EPSS
3.3%
CVE-2024-44817 HIGH POC This Week

SQL Injection vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via the id parameter in the adv2.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zzcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-45174 HIGH POC This Week

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi C Mor Video Surveillance
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2024-45170 HIGH POC This Week

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass C Mor Video Surveillance
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-44859 HIGH POC This Week

Tenda FH1201 v1.2.0.14 has a stack buffer overflow vulnerability in `formWrlExtraGet`. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Fh1201 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.6%
CVE-2024-20440 HIGH POC THREAT This Week

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Smart License Utility
NVD
CVSS 3.1
7.5
EPSS
51.5%
CVE-2024-45195 HIGH POC KEV THREAT This Week

Direct Request ('Forced Browsing') vulnerability in Apache OFBiz.12.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Ofbiz
NVD
CVSS 3.1
7.5
EPSS
100.0%
CVE-2024-45053 HIGH POC PATCH This Week

Fides is an open-source privacy engineering platform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Ssti Fides
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-8414 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Insurance Management System 1.0 and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Insurance Management System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-42642 MEDIUM POC This Month

Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mx500 Firmware
NVD GitHub
CVSS 3.1
6.7
EPSS
0.5%
CVE-2024-45172 MEDIUM POC This Month

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF C Mor Video Surveillance
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-44383 MEDIUM POC This Month

WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Fbm 291W Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.5%
CVE-2024-44820 MEDIUM POC This Month

A sensitive information disclosure vulnerability exists in ZZCMS v.2023 and before within the eginfo.php file located at /3/E_bak5.1/upload/. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Information Disclosure Zzcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-44819 MEDIUM POC This Month

Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via a crafted script to the pagename parameter of the admin/del.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Zzcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-6020 MEDIUM POC This Month

The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $_SERVER['REQUEST_URI'] parameter before outputting them back in attributes, which could lead to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Sign Up Sheets
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-45076 CRITICAL Act Now

IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM File Upload Webmethods Integration
NVD
CVSS 3.1
9.9
EPSS
0.5%
CVE-2024-44808 CRITICAL Act Now

An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via the user GET parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-7923 CRITICAL Act Now

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Satellite
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-7012 CRITICAL Act Now

An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Satellite
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-8289 CRITICAL Act Now

The MultiVendorX - The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation Multivendorx
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-34657 CRITICAL Act Now

Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Samsung Memory Corruption Notes
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-7950 CRITICAL PATCH Act Now

The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP WordPress RCE Information Disclosure +1
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-45177 MEDIUM POC This Month

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS C Mor Video Surveillance
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2024-44818 MEDIUM POC This Month

Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via the HTTP_Referer header of the caina.php component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Zzcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-7076 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Semtek Sempos
NVD VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2024-8416 MEDIUM POC This Month

A vulnerability was found in SourceCodester Food Ordering Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Food Ordering Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8415 MEDIUM POC This Month

A vulnerability was found in SourceCodester Food Ordering Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Food Ordering Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-8412 MEDIUM POC PATCH This Month

A vulnerability, which was classified as problematic, was found in LinuxOSsk Shakal-NG up to 1.3.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Open Redirect Shakal Ng
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-45052 MEDIUM POC PATCH This Month

Fides is an open-source privacy engineering platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Fides
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-44821 MEDIUM POC This Month

ZZCMS 2023 contains a vulnerability in the captcha reuse logic located in /inc/function.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Zzcms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-8408 MEDIUM POC This Month

A vulnerability was found in Linksys WRT54G 4.21.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Linksys Wrt54G Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-8407 MEDIUM POC This Month

A vulnerability was found in alwindoss akademy up to 35caccea888ed63d5489e211c99edff1f62efdba. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Akademy
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-7786 MEDIUM POC This Month

The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Sensei Lms
NVD WPScan
CVSS 3.1
5.3
EPSS
1.6%
CVE-2024-7078 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Semtek Sempos
NVD VulDB
CVSS 4.0
9.2
EPSS
0.2%
CVE-2024-45443 CRITICAL Act Now

Directory traversal vulnerability in the cust module Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Emui Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-45075 HIGH This Week

IBM webMethods Integration 10.15 could allow an authenticated user to create scheduler tasks that would allow them to escalate their privileges to administrator due to missing authentication. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Webmethods Integration
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-43402 HIGH PATCH This Week

Rust is a programming language. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Microsoft Rust
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-8102 HIGH PATCH This Week

The The Ultimate WordPress Toolkit - WP Extended plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Privilege Escalation Wp Extended
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-6889 MEDIUM POC This Month

The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Secure Copy Content Protection And Content Locking
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-6888 MEDIUM POC This Month

The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Secure Copy Content Protection And Content Locking
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-6722 MEDIUM POC This Month

The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Chatbot Support Ai
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-41716 HIGH This Week

Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Windldr Windo I Nv4
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-44987 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent UAF in ip6_send_skb() syzbot reported an UAF in ip6_send_skb() [1] After ip6_local_out() has returned, we no longer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Google Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-44986 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in ip6_finish_output2() If skb_expand_head() returns NULL, skb has been freed and associated dst/idev could. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Memory Corruption Linux Use After Free Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-44977 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Validate TA binary size Add TA binary size validation to avoid OOB write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Linux Debian Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-44974 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: avoid possible UaF when selecting endp select_local_address() and select_signal_address() both select an endpoint entry. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Memory Corruption Linux Use After Free Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-44998 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: atm: idt77252: prevent use after free in dequeue_rx() We can't dereference "skb" after calling vcc->push() because the skb is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Linux Denial Of Service Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy