Skip to main content
CVE-2024-44411 CRITICAL POC Act Now

D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Command Injection RCE D-Link Di 8300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2024-44410 CRITICAL POC Act Now

D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2024-44849 CRITICAL POC THREAT Act Now

Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Qualitor
NVD GitHub
CVSS 3.1
9.8
EPSS
46.3%
CVE-2024-44721 CRITICAL POC Act Now

SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at /admin_reslib.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-40643 CRITICAL POC PATCH Act Now

Joplin is a free, open source note taking and to-do application. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Joplin
NVD GitHub
CVSS 3.1
9.6
EPSS
0.7%
CVE-2024-44720 HIGH POC This Week

SeaCMS v13.1 was discovered to an arbitrary file read vulnerability via the component admin_safe.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Seacms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-44375 HIGH POC This Week

D-Link DI-8100 v16.07.26A1 has a stack overflow vulnerability in the dbsrv_asp function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Di 8100 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-44725 HIGH POC This Week

AutoCMS v5.4 was discovered to contain a SQL injection vulnerability via the sidebar parameter at /admin/robot.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Autocms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-44724 HIGH POC This Week

AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsite_url parameter at /admin/site_add.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Autocms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-8605 MEDIUM POC This Month

A vulnerability classified as problematic was found in code-projects Inventory Management 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Inventory Management
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-44902 CRITICAL Act Now

A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Thinkphp
NVD GitHub
CVSS 3.1
9.8
EPSS
4.3%
CVE-2024-7688 MEDIUM POC This Month

The AZIndex WordPress plugin through 0.8.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin delete arbitrary indexes via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Azindex
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-42759 MEDIUM POC This Month

An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ellevo
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-44085 MEDIUM POC This Month

ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Onlyoffice
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-6795 CRITICAL Act Now

In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Connex Health Portal
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-8584 CRITICAL Act Now

Orca HCM from LEARNING DIGITAL has an Missing Authentication vulnerability, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Orca Hcm
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-8611 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tailoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-8610 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Best House Rental Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Best House Rental Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-42500 CRITICAL Act Now

HPE has identified a denial of service vulnerability in HPE HP-UX System's Network File System (NFSv4) services. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Denial Of Service
NVD
CVSS 3.1
9.3
EPSS
0.4%
CVE-2024-6796 CRITICAL Act Now

In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Connex Health Portal
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-44335 HIGH This Week

D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
12.4%
CVE-2024-44334 HIGH This Week

D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
31.8%
CVE-2024-45406 MEDIUM POC PATCH This Month

Craft is a content management system (CMS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Craft Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-44333 HIGH This Week

D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
12.4%
CVE-2024-45041 HIGH PATCH This Week

External Secrets Operator is a Kubernetes operator that integrates external secret management systems. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Kubernetes External Secrets Operator
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-37288 HIGH This Week

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Elastic Kibana
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-7918 MEDIUM POC This Month

The Pocket Widget WordPress plugin through 0.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pocket Widget
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-6910 MEDIUM POC This Month

The EventON WordPress plugin before 2.2.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Eventon
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-5561 MEDIUM POC This Month

The Popup Maker WordPress plugin before 1.19.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup Maker
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-8601 HIGH This Week

This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain API endpoints. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Back Office Software
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-45411 HIGH PATCH This Week

Twig is a template language for PHP. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Twig
NVD GitHub
CVSS 3.1
8.6
EPSS
0.8%
CVE-2024-8373 MEDIUM POC This Month

Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Angularjs Active Iq Unified Manager
NVD HeroDevs
CVSS 3.1
4.3
EPSS
0.6%
CVE-2024-8372 MEDIUM POC This Month

Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Angularjs Active Iq Unified Manager
NVD HeroDevs
CVSS 3.1
4.3
EPSS
0.6%
CVE-2024-7689 MEDIUM POC This Month

The Snapshot Backup WordPress plugin through 2.1.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Snapshot Backup
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-7687 MEDIUM POC This Month

The AZIndex WordPress plugin through 0.8.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Azindex
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-27387 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Exynos 1080 Firmware Exynos 1280 Firmware +7
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27383 HIGH This Week

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Exynos 980 Firmware Exynos 850 Firmware +7
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-45296 HIGH PATCH This Week

path-to-regexp turns path strings into a regular expressions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-7015 HIGH This Week

Missing Authentication for Critical Function vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Passbox
NVD VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2024-8604 MEDIUM This Month

A vulnerability classified as problematic has been found in SourceCodester Online Food Ordering System 2.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Online Food Ordering System
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-8585 MEDIUM This Month

Orca HCM from LEARNING DIGITA does not properly restrict a specific parameter of the file download functionality, allowing a remote attacker with regular privileges to download arbitrary system files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Orca Hcm
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-6572 MEDIUM This Month

Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Checkmk
NVD
CVSS 4.0
6.3
EPSS
0.3%
CVE-2024-7260 MEDIUM PATCH This Month

An open redirect vulnerability was found in Keycloak. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Build Of Keycloak Keycloak
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-24510 MEDIUM PATCH This Month

Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote attacker to execute arbitrary code via the import function to the mail component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Sogo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-45625 MEDIUM PATCH This Month

Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Forminator
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-8586 MEDIUM This Month

WebITR from Uniong has an Open Redirect vulnerability, which allows unauthorized remote attackers to exploit this vulnerability to forge URLs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Webitr
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-27365 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Exynos 980 Firmware Exynos 850 Firmware +7
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-27368 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos Mobile Processor, Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Samsung Exynos 980 Firmware Exynos 850 Firmware +7
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-27367 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor Exynos Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Samsung Exynos 980 Firmware Exynos 850 Firmware +7
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-27366 MEDIUM This Month

An issue was discovered in Samsung Mobile Processor, Wearable Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Samsung Exynos 980 Firmware Exynos 850 Firmware +7
NVD
CVSS 3.1
5.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy