Skip to main content
CVE-2024-8353 CRITICAL POC PATCH THREAT Act Now

The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 91.9%.

Deserialization PHP RCE WordPress Givewp
NVD
CVSS 3.1
9.8
EPSS
91.9%
Threat
6.2
CVE-2024-9300 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Online Railway Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Railway Reservation System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-9296 MEDIUM POC This Month

A vulnerability was found in SourceCodester Advocate Office Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Microsoft Advocate Office Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-9295 MEDIUM POC This Month

A vulnerability was found in SourceCodester Advocate Office Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Microsoft Advocate Office Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-9318 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Advocate Office Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Microsoft Advocate Office Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-9317 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Eyewear Shop
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-9316 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Blood Bank Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Blood Bank System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-9315 MEDIUM POC This Month

A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Employee And Visitor Gate Pass Logging System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-9299 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Online Railway Reservation System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Railway Reservation System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-9298 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Railway Reservation System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-9297 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Railway Reservation System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-23958 HIGH This Week

Autel MaxiCharger AC Elite Business C50 BLE Hardcoded Credentials Authentication Bypass Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Maxicharger Ac Elite Business C50 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-23923 HIGH This Week

Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Ilx F509 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-23957 HIGH This Week

Autel MaxiCharger AC Elite Business C50 DLB_HostHeartBeat Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Maxicharger Ac Elite Business C50 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-23938 HIGH This Week

Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Gecko Os
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-23967 HIGH This Week

Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Maxicharger Ac Elite Business C50 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.9%
CVE-2024-23959 HIGH This Week

Autel MaxiCharger AC Elite Business C50 BLE AppChargingControl Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Maxicharger Ac Elite Business C50 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-23935 HIGH This Week

Alpine Halo9 DecodeUTF7 Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow RCE Ilx F509 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-23961 MEDIUM This Month

Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Ilx F509 Firmware
NVD
CVSS 3.1
6.8
EPSS
1.0%
CVE-2024-23924 MEDIUM This Month

Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Ilx F509 Firmware
NVD
CVSS 3.1
6.8
EPSS
1.0%
CVE-2024-9023 MEDIUM This Month

The WP-WebAuthn plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wwa_login_form shortcode in all versions up to, and including, 1.3.3 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wp Webauthn
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-8547 MEDIUM This Month

The Simple Popup Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [popup] shortcode in all versions up to, and including, 4.5 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Simple Popup Plugin
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-8712 MEDIUM PATCH This Month

The GTM Server Side plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Gtm Server Side
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-8715 MEDIUM PATCH This Month

The Simple LDAP Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Simple Ldap Login
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-8788 MEDIUM PATCH This Month

The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Eu Uk Vat Manager For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-9189 MEDIUM PATCH This Month

The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the alg_wc_eu_vat_exempt_vat_from_admin() function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Eu Uk Vat Manager For Woocommerce
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-8189 MEDIUM PATCH This Month

The WP MultiTasking - WP Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpmt_menu_name’ parameter in all versions up to, and including, 0.1.17 due to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wp Multitasking
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-23960 MEDIUM This Month

Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Jwt Attack Ilx F509 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy