Skip to main content
CVE-2024-44727 CRITICAL POC Act Now

Sourcecodehero Event Management System1.0 is vulnerable to SQL Injection via the parameter 'username' in /event/admin/login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Event Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-8395 CRITICAL POC Act Now

FlyCASS CASS and KCM systems did not correctly filter SQL queries, which made them vulnerable to attack by outside attackers with no authentication. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Flycass
NVD
CVSS 4.0
9.3
EPSS
0.7%
CVE-2024-24759 CRITICAL POC PATCH Act Now

MindsDB is a platform for building artificial intelligence from enterprise data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Denial Of Service Mindsdb
NVD GitHub
CVSS 3.1
9.1
EPSS
4.9%
CVE-2024-42885 CRITICAL POC Act Now

SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary code via the id parameter of the data.jsp page. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE Cdg
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-45175 HIGH POC This Week

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal C Mor Video Surveillance
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-45171 HIGH POC This Week

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload C Mor Video Surveillance
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-45173 HIGH POC This Week

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation C Mor Video Surveillance
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-44587 HIGH POC This Week

itsourcecode Alton Management System 1.0 is vulnerable to SQL Injection in /noncombo_save.php via the "menu" parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Restaurant Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-7591 HIGH POC PATCH THREAT This Week

Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Command Injection Loadmaster Multi Tenant Hypervisor Firmware
NVD
CVSS 3.1
7.2
EPSS
44.1%
CVE-2024-45178 HIGH POC This Week

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal C Mor Video Surveillance
NVD
CVSS 3.1
7.1
EPSS
1.3%
CVE-2024-8461 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in D-Link DNS-320 2.02b01. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dns 320 Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.9%
CVE-2024-8460 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in D-Link DNS-320 2.02b01. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dns 320 Firmware
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
2.1%
CVE-2024-44728 MEDIUM POC This Month

Sourcecodehero Event Management System 1.0 allows Stored Cross-Site Scripting via parameters Full Name, Address, Email, and contact# in /clientdetails/admin/regester.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Event Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-45176 MEDIUM POC This Month

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS C Mor Video Surveillance
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-43102 CRITICAL Act Now

Concurrent removals of certain anonymous shared memory mappings by using the UMTX_SHM_DESTROY sub-request of UMTX_OP_SHM can lead to decreasing the reference count of the object representing the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Freebsd
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2024-45589 MEDIUM POC This Month

RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 improperly restricts excessive authentication attempts and allows a remote attacker to cause a denial of service via the username. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Rapididentity
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2024-6846 MEDIUM POC This Month

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Chatbot With Chatgpt
NVD WPScan
CVSS 3.1
5.3
EPSS
1.3%
CVE-2024-8463 HIGH This Week

File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Job Portal
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-8178 HIGH This Week

The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Freebsd
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-45063 HIGH This Week

The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Freebsd
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-43110 HIGH This Week

The ctl_request_sense function could expose up to three bytes of the kernel heap to userspace. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Freebsd
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-42416 HIGH This Week

The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Freebsd
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-45288 HIGH This Week

A missing null-termination character in the last element of an nvlist array string can lead to writing outside the allocated buffer. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2024-41928 HIGH This Week

Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-32668 HIGH This Week

An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow Freebsd
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-45098 HIGH This Week

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Aspera Faspex
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-7627 HIGH PATCH This Week

The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection WordPress RCE File Manager
NVD
CVSS 3.1
8.1
EPSS
2.8%
CVE-2024-8470 HIGH This Week

SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/vacancy/controller.php, and retrieve all the information stored. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Job Portal
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-8469 HIGH This Week

SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/employee/index.php, and retrieve all the information stored in it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Job Portal
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-8468 HIGH This Week

SQL injection vulnerability, by which an attacker could send a specially designed query through search parameter in /jobportal/index.php, and retrieve all the information stored in it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Job Portal
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-8467 HIGH This Week

SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/category/index.php, and retrieve all the information stored in it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Job Portal
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-8466 HIGH This Week

SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/category/controller.php, and retrieve all the information stored. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Job Portal
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-8465 HIGH This Week

SQL injection vulnerability, by which an attacker could send a specially designed query through user_id parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Job Portal
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-8464 HIGH This Week

SQL injection vulnerability, by which an attacker could send a specially designed query through JOBREGID parameter in /jobportal/admin/applicants/controller.php, and retrieve all the information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Job Portal
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-7884 HIGH PATCH This Week

When a canister method is called via ic_cdk::call* , a new Future CallFuture is created and can be awaited by the caller to get the execution result. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Canister Developer Kit For The Internet Computer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-5957 HIGH This Week

This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Intrusion Prevention System Manager
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-45287 HIGH This Week

A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Freebsd
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-42495 HIGH This Week

Credentials to access device configuration were transmitted using an unencrypted protocol. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fusion
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-45401 HIGH PATCH This Week

stripe-cli is a command-line tool for the payment processor Stripe. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Stripe Cli
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-45097 HIGH This Week

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Aspera Faspex
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-6332 MEDIUM This Month

The Booking for Appointments and Events Calendar - Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google WordPress Authentication Bypass Amelia
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-45096 MEDIUM This Month

IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Aspera Faspex
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-6894 MEDIUM This Month

The RD Station plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.3.2 due to insufficient input sanitization and output escaping of post. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Rd Station
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-8462 MEDIUM This Month

A vulnerability was found in Windmill 1.380.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.5%
CVE-2024-8473 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Job Portal
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-8472 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Job Portal
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-8471 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Job Portal
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-8445 MEDIUM This Month

The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2024-45107 MEDIUM This Month

Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, 24.002.20991 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Adobe Denial Of Service Memory Corruption Acrobat +3
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-5309 MEDIUM PATCH This Month

The Form Vibes - Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fv_export_csv,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Form Vibes
NVD
CVSS 3.1
5.4
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy