Skip to main content
CVE-2024-46640 CRITICAL POC Act Now

SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Seacms
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-46103 CRITICAL POC Act Now

SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE SQLi Semcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-46652 CRITICAL POC Act Now

Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability in the fromAdvSetMacMtuWan function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Memory Corruption Ac8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-47062 CRITICAL POC PATCH Act Now

Navidrome is an open source web-based music collection server and streamer. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Navidrome
NVD GitHub
CVSS 4.0
9.4
EPSS
4.5%
CVE-2024-46649 HIGH POC This Week

eNMS up to 4.7.1 is vulnerable to Directory Traversal via download/folder. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Enms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-46648 HIGH POC This Week

eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via scan_folder. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Enms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-46645 HIGH POC This Week

eNMS 4.0.0 is vulnerable to Directory Traversal via get_tree_files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Enms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-45810 HIGH POC This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-9039 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Best House Rental Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-9037 MEDIUM POC This Month

A vulnerability classified as critical has been found in Codezips Internal Marks Calculation 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Internal Marks Calculation
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-9035 MEDIUM POC This Month

A vulnerability was found in code-projects Blood Bank Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Blood Bank Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-9034 MEDIUM POC This Month

A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Patient Record Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-46647 MEDIUM POC This Month

eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via upload_files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Enms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-46646 MEDIUM POC This Month

eNMS up to 4.7.1 is vulnerable to Directory Traversal via /download/file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Enms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-46644 MEDIUM POC This Month

eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via edit_file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Enms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-42697 MEDIUM POC This Month

Cross Site Scripting vulnerability in Leotheme Leo Product Search Module v.2.1.6 and earlier allows a remote attacker to execute arbitrary code via the q parameter of the product search function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-46101 CRITICAL Act Now

GDidees CMS <= v3.9.1 has a file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Gdidees Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-45489 CRITICAL Act Now

Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-9043 CRITICAL Act Now

Secure Email Gateway from Cellopoint has Buffer Overflow Vulnerability in authentication process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Secure Email Gateway
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-8853 CRITICAL PATCH Act Now

The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.40 due to insufficient restriction on the 'doSsoAuthentification' function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation WordPress Webo Facto
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-9041 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Best House Rental Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-9038 MEDIUM POC This Month

A vulnerability classified as problematic was found in Codezips Online Shopping Portal 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-9036 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Bookstore 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Book Store Project
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-9033 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Best House Rental Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-9032 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Simple Forum-Discussion System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Simple Forum Discussion System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-9030 MEDIUM POC This Month

A vulnerability classified as problematic was found in CodeCanyon CRMGo SaaS 7.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Crmgo Saas
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-9011 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Crud Operation System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Crud Operation System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-9009 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Online Quiz Site 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Quiz Site
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-42351 CRITICAL PATCH Act Now

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Galaxy
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-46654 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Add Scheduled Task module of Maccms10 v2024.1000.4040 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Maccms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-47061 HIGH PATCH This Week

Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Information Disclosure
NVD GitHub
CVSS 3.1
8.3
EPSS
0.5%
CVE-2024-41721 HIGH This Week

An insufficient boundary validation in the USB code could lead to an out-of-bounds read on the heap, which could potentially lead to an arbitrary write and remote code execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Information Disclosure RCE
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2024-47000 HIGH PATCH This Week

Zitadel is an open source identity management platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Authentication Bypass Zitadel
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-45809 HIGH This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-45807 HIGH This Week

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-45229 MEDIUM This Month

The Versa Director offers REST APIs for orchestration and management. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.0
6.6
EPSS
0.5%
CVE-2024-47060 MEDIUM PATCH This Month

Zitadel is an open source identity management platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Authentication Bypass Information Disclosure Zitadel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-46999 MEDIUM PATCH This Month

Zitadel is an open source identity management platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Authentication Bypass Zitadel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-45808 MEDIUM This Month

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Envoy
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-45806 MEDIUM This Month

Envoy is a cloud-native high-performance edge/middle/service proxy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Envoy
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-42346 MEDIUM PATCH This Month

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Galaxy
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-9031 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in CodeCanyon CRMGo SaaS up to 7.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Crmgo Saas
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-45793 MEDIUM PATCH This Month

Confidant is a open source secret management service that provides user-friendly storage and access to secrets. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-37879 MEDIUM This Month

Improper input validation in /admin/config/save in User-friendly SVN (USVN) before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-9040 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1.0. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Blood Bank Management System
NVD VulDB
CVSS 4.0
4.6
EPSS
0.2%
CVE-2024-8612 LOW Monitor

A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
3.8
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy