Skip to main content
CVE-2024-8517 CRITICAL POC THREAT Emergency

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection File Upload Spip
NVD
CVSS 3.1
9.8
EPSS
94.6%
CVE-2024-45771 CRITICAL POC Act Now

RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the password parameter at /resource/runlogin.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Rapidcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-44839 CRITICAL POC Act Now

RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the articleid parameter at /default/article.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Rapidcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-44838 CRITICAL POC Act Now

RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the username parameter at /resource/runlogin.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Rapidcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-44402 CRITICAL POC Act Now

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8100G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2024-44401 CRITICAL POC Act Now

D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8100G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2024-45758 CRITICAL POC Act Now

H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization H2O
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2024-44845 HIGH POC This Week

DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-44844 HIGH POC This Week

DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-44739 HIGH POC This Week

Sourcecodester Simple Forum Website v1.0 has a SQL injection vulnerability in /php-sqlite-forum/?page=manage_user&id=. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Forum Website
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-44408 HIGH POC This Week

D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Information Disclosure Dir 823G Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-45299 MEDIUM POC PATCH This Month

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Alf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-6445 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal.0.0 before v3.1.7. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Datadiodex
NVD VulDB
CVSS 4.0
10.0
EPSS
0.2%
CVE-2024-7493 CRITICAL Act Now

The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Wpcom Member
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-45300 MEDIUM POC PATCH This Month

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Race Condition Alf
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-8292 CRITICAL PATCH Act Now

The WP-Recall - Registration, Profile, Commerce & More plugin for WordPress is vulnerable to privilege escalation/account takeover in all versions up to, and including, 16.26.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Privilege Escalation Wp Recall
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-44837 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component \bean\Manager.java of Drug v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Drug
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-1744 CRITICAL Act Now

Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Ariva Computer Accord ORS allows Retrieve Embedded Sensitive Data.3.2.1. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Accord Ors
NVD VulDB
CVSS 4.0
9.2
EPSS
0.1%
CVE-2024-8428 HIGH This Week

The ForumWP - Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Authentication Bypass Forumwp
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-21898 HIGH This Week

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Qnap Qts Quts Hero
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-38486 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-8480 HIGH PATCH This Week

The Image Optimizer, Resizer and CDN - Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass RCE WordPress Sirv
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-8247 HIGH PATCH This Week

The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation WordPress Newsletters
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-45294 HIGH PATCH This Week

The HL7 FHIR Core Artifacts repository provides the java core object handling code, with utilities (including validator), for the Fast Healthcare Interoperability Resources (FHIR) specification. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XXE
NVD GitHub
CVSS 3.1
8.6
EPSS
1.0%
CVE-2024-39585 HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Dell Smartfabric Os10
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-7652 HIGH This Week

An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Buffer Overflow Denial Of Service Mozilla Firefox +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-8509 HIGH This Week

A vulnerability was found in Forklift Controller. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-6792 LOW POC Monitor

The WP ULike WordPress plugin before 4.7.2.1 does not properly sanitize user display names when rendering on a public page. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Ulike
NVD WPScan
CVSS 3.1
3.5
EPSS
0.4%
CVE-2024-38641 HIGH This Week

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.3), this vulnerability is no authentication required. No vendor patch available.

Command Injection Qnap Qts Quts Hero
NVD
CVSS 4.0
7.3
EPSS
0.5%
CVE-2024-7349 HIGH PATCH This Week

The LifterLMS - WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to blind SQL Injection via the 'order' parameter in all versions up to, and including, 7.7.5 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Lifterlms
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-38640 HIGH This Week

A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Download Station
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2024-8394 MEDIUM This Month

When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Denial Of Service Memory Corruption Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-21904 MEDIUM This Month

A path traversal vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Qnap Qts Quts Hero
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-7611 MEDIUM This Month

The Enter Addons - Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute of the Events Card widget in all versions up to,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Enter Addons
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-45039 MEDIUM PATCH This Month

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gnark Crypto
NVD GitHub
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-32762 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Qulog Center
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-45400 MEDIUM PATCH This Month

ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text editor that extends the context menu with a possibility to open a link in a new tab. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Open Link
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-45405 MEDIUM PATCH This Month

`gix-path` is a crate of the `gitoxide` project (an implementation of `git` written in Rust) dealing paths and their conversions. Rated medium severity (CVSS 6.0). No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
6.0
EPSS
0.3%
CVE-2024-45040 MEDIUM PATCH This Month

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Gnark Crypto
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2024-45751 MEDIUM This Month

tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-27126 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Notes Station 3
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-27122 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Notes Station 3
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-21897 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Qnap Qts Quts Hero
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7599 MEDIUM PATCH This Month

The Advanced Sermons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sermon_video_embed’ parameter in all versions up to, and including, 3.3 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Advanced Sermons
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8317 MEDIUM PATCH This Month

The WP AdCenter - Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ad_alignment’ attribute in all versions up to, and including, 2.5.6 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wp Adcenter
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-32763 MEDIUM This Month

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Qnap Qts Quts Hero
NVD
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-25584 MEDIUM This Month

Dovecot accepts dot LF DOT LF symbol as end of DATA command. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-7415 MEDIUM PATCH This Month

The Remember Me Controls plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure PHP Remember Me Controls
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-40865 MEDIUM This Month

The issue was addressed by suspending Persona when the virtual keyboard is active. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Visionos
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-27125 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Helpdesk
NVD
CVSS 3.1
4.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy