Skip to main content
CVE-2024-44430 CRITICAL POC Act Now

SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Microsoft Best Free Law Office Management
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-46049 CRITICAL POC Act Now

Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the formexeCommand function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption O6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-46048 CRITICAL POC THREAT Act Now

Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Fh451 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
10.5%
CVE-2024-46046 CRITICAL POC Act Now

Tenda FH451 v1.0.0.9 has a stack overflow vulnerability located in the RouteStatic function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Fh451 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-46045 CRITICAL POC Act Now

Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Ch22 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-46044 CRITICAL POC Act Now

CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ch22 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-6862 HIGH POC PATCH This Week

A Cross-Site Request Forgery (CSRF) vulnerability exists in lunary-ai/lunary version 1.2.34 due to overly permissive CORS settings. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Lunary
NVD GitHub
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-6587 HIGH POC PATCH THREAT MAL This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Authentication Bypass Litellm
NVD GitHub
CVSS 3.1
7.5
EPSS
37.2%
CVE-2024-46047 HIGH POC This Week

Tenda FH451 v1.0.0.9 has a stack overflow vulnerability in the fromDhcpListClient function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Fh451 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-38816 HIGH POC PATCH THREAT This Week

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Path Traversal Java
NVD
CVSS 3.1
7.5
EPSS
14.7%
CVE-2024-7129 HIGH POC This Week

The Appointment Booking Calendar WordPress plugin before 1.6.7.43 does not escape template syntax provided via user input, leading to Twig Template Injection which further exploited can result to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Simply Schedule Appointments
NVD WPScan
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-7863 MEDIUM POC This Month

The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF PHP Favicon Generator
NVD WPScan
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-6259 MEDIUM POC This Month

BT: HCI: adv_ext_report Improper discarding in adv_ext_report. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-6137 MEDIUM POC This Month

BT: Classic: SDP OOB access in get_att_search_list. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-6135 MEDIUM POC This Month

BT:Classic: Multiple missing buf length checks. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-5931 MEDIUM POC This Month

BT: Unchecked user input in bap_broadcast_assistant. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-6258 MEDIUM POC This Month

BT: Missing length checks of net_buf in rfcomm_handle_data. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-5754 MEDIUM POC This Month

BT: Encryption procedure host vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-6867 MEDIUM POC PATCH This Month

{run_id}/related` endpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Lunary
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-6087 MEDIUM POC PATCH This Month

An improper access control vulnerability exists in lunary-ai/lunary at the latest commit (a761d83) on the main branch. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Lunary
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-7864 MEDIUM POC This Month

The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not have CSRF and path validation in the output_sub_admin_page_0() function, allowing attackers to make logged in admins delete. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Favicon Generator
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-41874 CRITICAL Act Now

ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Coldfusion
NVD
CVSS 3.1
9.8
EPSS
30.3%
CVE-2024-8783 MEDIUM POC PATCH This Month

A vulnerability classified as problematic has been found in OpenTibiaBR MyAAC up to 0.8.16. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Myaac
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-8782 MEDIUM POC This Month

A vulnerability was found in JFinalCMS up to 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Jfinalcms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-8762 MEDIUM POC This Month

A vulnerability was found in code-projects Crud Operation System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Crud Operation System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-6656 HIGH This Week

Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable.13. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cockpit
NVD VulDB
CVSS 4.0
8.8
EPSS
0.2%
CVE-2024-44798 MEDIUM POC This Month

phpgurukul Bus Pass Management System 1.0 is vulnerable to Cross-site scripting (XSS) in /admin/pass-bwdates-reports-details.php via fromdate and todate parameters. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bus Pass Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-8242 HIGH PATCH This Week

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_user_profile() function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Google WordPress PHP RCE Apple +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-7423 HIGH PATCH This Week

The Stream plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Privilege Escalation WordPress CSRF Stream
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-7133 MEDIUM POC This Month

The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.3 does not validate and escape some of its settings before outputting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS My Sticky Bar
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-6850 MEDIUM POC This Month

The Carousel Slider WordPress plugin before 2.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Carousel Slider
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-6617 MEDIUM POC This Month

The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Header Footer Custom Code
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-6493 MEDIUM POC This Month

The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Header Footer Custom Code
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-45368 HIGH This Week

The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2024-43099 HIGH This Week

The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2024-6723 MEDIUM POC This Month

The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when viewing. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Ai Engine
NVD WPScan
CVSS 3.1
4.7
EPSS
0.4%
CVE-2024-6582 MEDIUM POC PATCH This Month

A broken access control vulnerability exists in the latest version of lunary-ai/lunary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Lunary
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-31415 HIGH This Week

The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Foreseer Electrical Power Monitoring System
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-46683 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/xe: prevent UAF around preempt fence The fence lock is part of the queue, therefore in the current design anything locking the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Gitlab Use After Free Memory Corruption Information Disclosure Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-44095 HIGH This Week

In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible corrupt memory due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-44094 HIGH This Week

In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible memory corruption due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-44093 HIGH This Week

In ppmp_unprotect_buf of drm/code/drm_fw.c, there is a possible memory corruption due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-44092 HIGH This Week

There is a possible LCS signing enforcement missing due to test/debugging code left in a production build. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-29779 HIGH This Week

there is a possible escalation of privilege due to an unusual root cause. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-42025 HIGH This Week

A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Ubiquiti Unifi Network Application
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-46713 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event->mmap_mutex is strictly insufficient to serialize the AUX buffer,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-45109 HIGH This Week

Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-45108 HIGH This Week

Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-43760 HIGH This Week

Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-43756 HIGH This Week

Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy