Skip to main content
CVE-2024-46256 CRITICAL POC PATCH Act Now

A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Nginx Proxy Manager
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2024-6983 HIGH POC PATCH This Week

mudler/localai version 2.17.1 is vulnerable to remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection RCE Localai
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2024-46472 HIGH POC This Week

CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection via the parameter 'email' in the Login Page. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Membership Management System
NVD GitHub
CVSS 3.1
8.6
EPSS
0.4%
CVE-2024-46097 HIGH POC This Week

TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Testlink
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-46471 HIGH POC This Week

The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes the structure and contents of directories, potentially revealing sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Membership Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-44910 HIGH POC This Week

NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the AOS subsystem (crypto_aos.c). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Cryptolib
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-9029 HIGH POC This Week

A flaw was found in the freeimage library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Freeimage
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-7714 HIGH POC This Week

The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Chatgpt Assistant
NVD WPScan
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-40509 HIGH POC This Week

Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMFinDev.asmx function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openpetra
NVD GitHub
CVSS 3.1
7.3
EPSS
0.8%
CVE-2024-40512 HIGH POC This Week

Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMReporting.asmx function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openpetra
NVD GitHub
CVSS 3.1
7.3
EPSS
0.8%
CVE-2024-40511 HIGH POC This Week

Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMServerAdmin.asmx function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openpetra
NVD GitHub
CVSS 3.1
7.3
EPSS
0.8%
CVE-2024-46331 HIGH POC This Week

ModStartCMS v8.8.0 was discovered to contain an open redirect vulnerability in the redirect parameter at /admin/login. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Mostartcms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-9282 MEDIUM POC This Month

A vulnerability was found in bg5sbk MiniCMS 1.11. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Minicms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-9281 MEDIUM POC This Month

A vulnerability was found in bg5sbk MiniCMS up to 1.11 and classified as problematic.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Minicms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-46257 MEDIUM POC PATCH This Month

A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Command Injection RCE Nginx Nginx Proxy Manager
NVD GitHub
CVSS 3.1
6.3
EPSS
1.3%
CVE-2024-46453 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component /test/ of iq3xcite v2.31 to v3.05 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Iq3Xcite Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-25412 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flatpress
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2024-25411 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Flatpress
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2024-46470 MEDIUM POC This Month

Cross Site Scripting vulnerability in CodeAstro Membership Management System 1.0 allows attackers to run malicious JavaScript via the membership_type field in the edit-type.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Membership Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-8310 CRITICAL Act Now

OPW Fuel Management Systems SiteSentinel could allow an attacker to bypass authentication to the server and obtain full admin privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-46367 CRITICAL Act Now

A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation XSS Krayin Crm
NVD GitHub
CVSS 3.1
9.6
EPSS
0.5%
CVE-2024-8643 CRITICAL Act Now

Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking.0.0. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Valeapp
NVD VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2024-8644 CRITICAL Act Now

Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking).0.0. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Valeapp
NVD VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2024-9293 MEDIUM POC This Month

A vulnerability classified as critical was found in skyselang yylAdmin up to 3.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Yyladmin
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-9291 MEDIUM POC This Month

A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kvf Admin
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-8630 CRITICAL Act Now

Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete access to the database. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sibylla Firmware
NVD
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-6981 CRITICAL Act Now

OMNTEC Proteus Tank Monitoring OEL8000III Series could allow an attacker to perform administrative actions without proper authentication. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-3373 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RSM Design Website Template allows SQL Injection.2. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 4.0
9.2
EPSS
0.1%
CVE-2024-22170 CRITICAL Act Now

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Western Digital My Cloud ddns-start on Linux allows Overflow Buffers.29.102. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow
NVD
CVSS 4.0
9.2
EPSS
0.5%
CVE-2024-9279 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in funnyzpc Mee-Admin up to 1.6. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mee Admin
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-9277 MEDIUM POC This Month

A vulnerability classified as problematic was found in Langflow up to 1.0.18. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Langflow
NVD VulDB
CVSS 4.0
5.1
EPSS
1.0%
CVE-2024-47070 CRITICAL PATCH Act Now

authentik is an open-source identity provider. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Authentik
NVD GitHub
CVSS 3.1
9.0
EPSS
0.6%
CVE-2024-8609 HIGH This Week

Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows Query System for Information.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Valeapp
NVD VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2024-33369 HIGH This Week

Directory Traversal vulnerability in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the getFileNameFromConnection method in DownloadTask. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Rpshare
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-33368 HIGH This Week

An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the build method in DonwloadPromptScreen. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Rpshare
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-46366 HIGH This Week

A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ssti Krayin Crm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-46333 MEDIUM POC This Month

An authenticated cross-site scripting (XSS) vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Piwigo
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-7149 HIGH PATCH This Week

The Event Manager, Events Calendar, Tickets, Registrations - Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.8 via multiple style. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP WordPress RCE Information Disclosure +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-47184 MEDIUM POC PATCH This Month

Ampache is a web based audio/video streaming application and file manager. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Ampache
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-46441 HIGH This Week

An arbitrary file upload vulnerability in YPay 1.2.0 allows attackers to execute arbitrary code via a ZIP archive to themePutFile in app/common/util/Upload.php (called from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP File Upload
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-8922 HIGH PATCH This Week

The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.33.32 via deserialization of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization WordPress Information Disclosure PHP Product Enquiry For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-8607 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oceanic Software ValeApp allows SQL Injection.0.0. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Valeapp
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-6436 HIGH This Week

An input validation vulnerability exists in the Rockwell Automation Sequence Manager™ which could allow a malicious user to send malformed packets to the server and cause a denial-of-service. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Sequencemanager
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-9301 HIGH This Week

A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal E2Nest
NVD GitHub
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-38308 HIGH This Week

Advantech ADAM 5550's web application includes a "logs" page where all the HTTP requests received are displayed to the user. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Adam 5550 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2024-39275 HIGH This Week

Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adam 5630 Firmware
NVD
CVSS 4.0
8.5
EPSS
0.4%
CVE-2024-28948 HIGH This Week

Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

CSRF Adam 5630 Firmware
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-7400 HIGH This Week

The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Eset Information Disclosure Microsoft
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-40510 HIGH This Week

Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMCommon.asmx function. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Openpetra
NVD GitHub
CVSS 3.1
8.2
EPSS
0.7%
CVE-2024-46859 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses The panasonic laptop code in various places uses the SINF. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Debian Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy