Skip to main content
CVE-2024-47532 HIGH POC PATCH This Week

RestrictedPython is a restricted execution environment for Python to run untrusted code. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Restrictedpython
NVD GitHub
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-47178 HIGH POC PATCH This Week

basic-auth-connect is Connect's Basic Auth middleware in its own module. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Basic Auth Connect
NVD GitHub
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-46510 HIGH POC This Week

ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in the NavigationAjax interface. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-6394 HIGH POC This Week

A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Path Traversal Lollms Web Ui
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2024-8379 HIGH POC This Week

The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Cost Calculator Builder
NVD WPScan
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-9329 MEDIUM POC PATCH This Month

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Glassfish
NVD GitHub
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-46540 MEDIUM POC This Month

A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Emlog
NVD GitHub
CVSS 3.1
6.3
EPSS
0.7%
CVE-2024-47530 MEDIUM POC PATCH This Month

Scout is a web-based visualizer for VCF-files. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Scout
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-42017 CRITICAL Act Now

An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
10.0
EPSS
0.5%
CVE-2024-46293 CRITICAL Act Now

Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Online Medicine Ordering System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-8456 CRITICAL Act Now

Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gs 4210 24P2S Firmware Gs 4210 24Pl4C Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-8450 CRITICAL Act Now

Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1 service, allowing unauthorized remote attackers to use this community string to access the SNMPv1 service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gs 4210 24P2S Firmware Gs 4210 24Pl4C Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-45920 MEDIUM POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability in Solvait 24.4.2 allows remote attackers to inject malicious scripts into the application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Solvait
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8536 MEDIUM POC This Month

The Ultimate Blocks WordPress plugin before 3.2.2 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ultimate Blocks
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-8239 MEDIUM POC This Month

The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Starbox
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-47067 MEDIUM POC PATCH This Month

AList is a file list program that supports multiple storages. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Alist
NVD GitHub
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-28812 HIGH This Week

An issue was discovered in Infinera hiT 7300 5.60.50. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hit 7300 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-28809 HIGH This Week

An issue was discovered in Infinera hiT 7300 5.60.50. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hit 7300 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-47536 MEDIUM POC PATCH This Month

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Citizen
NVD GitHub
CVSS 4.0
4.8
EPSS
0.4%
CVE-2024-46280 HIGH This Week

PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access Control. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-8458 HIGH This Week

Certain switch models from PLANET Technology have a web application that is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Gs 4210 24P2S Firmware Gs 4210 24Pl4C Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-8448 HIGH This Week

Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interface, allowing remote attackers with regular privilege to log in with this credential and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gs 4210 24P2S Firmware Gs 4210 24Pl4C Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-8283 MEDIUM POC This Month

The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Slider
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-3635 MEDIUM POC This Month

The Post Grid WordPress plugin before 7.5.0 does not sanitise and escape some of its Grid settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS The Post Grid
NVD WPScan
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-9194 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.1.0 before. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Microsoft Octopus Server
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-28813 HIGH This Week

An issue was discovered in Infinera hiT 7300 5.60.50. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Hit 7300 Firmware
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-46313 HIGH This Week

TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid parameter in /userRpm/popupSiteSurveyRpm.htm. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow TP-Link Wr941Nd Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
2.3%
CVE-2024-45772 HIGH PATCH This Week

Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.4.0 before 9.12.0. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Apache Java Lucene Replicator
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2024-7675 HIGH This Week

A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-7674 HIGH This Week

A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-7673 HIGH This Week

A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-7672 HIGH This Week

A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-7671 HIGH This Week

A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-7670 HIGH This Week

A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force an Out-of-Bounds Read. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-46549 HIGH This Week

An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation TP-Link
NVD GitHub
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-46511 HIGH This Week

LoadZilla LLC LoadLogic v1.4.3 was discovered to contain insecure permissions vulnerability which allows a remote attacker to execute arbitrary code via the LogicLoadEc2DeployLambda and. Rated high severity (CVSS 7.5). No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-47531 LOW POC PATCH Monitor

Scout is a web-based visualizer for VCF-files. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Scout
NVD GitHub
CVSS 3.1
3.5
EPSS
0.3%
CVE-2024-8454 HIGH This Week

The swctrl service is used to detect and remotely manage PLANET Technology devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gs 4210 24P2S Firmware Gs 4210 24Pl4C Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-8452 HIGH This Week

Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowing attackers to obtain plaintext SNMPv3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gs 4210 24P2S Firmware Gs 4210 24Pl4C Firmware
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-8451 HIGH This Week

Certain switch models from PLANET Technology have an SSH service that improperly handles insufficiently authenticated connection requests, allowing unauthorized remote attackers to exploit this. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gs 4210 24P2S Firmware Gs 4210 24Pl4C Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-41999 MEDIUM This Month

Smart-tab Android app installed April 2023 or earlier contains an active debug code vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-8449 MEDIUM This Month

Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gs 4210 24P2S Firmware Gs 4210 24Pl4C Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-28810 MEDIUM This Month

An issue was discovered in Infinera hiT 7300 5.60.50. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Hit 7300 Firmware
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2024-45993 MEDIUM This Month

Giflib Project v5.2.2 is vulnerable to a heap buffer overflow via gif2rgb. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Giflib
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-47641 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Muhammad Shakeel Confetti Fall Animation confetti-fall-animation allows Stored XSS.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-28807 MEDIUM This Month

An issue was discovered in Infinera hiT 7300 5.60.50. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hit 7300 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-46548 MEDIUM This Month

TP-Link Tapo P125M and Kasa KP125M v1.0.3 was discovered to improperly validate certificates, allowing attackers to eavesdrop on communications and access sensitive information via a. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Information Disclosure
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-47064 MEDIUM PATCH This Month

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Computer Vision Annotation Tool
NVD GitHub
CVSS 4.0
6.3
EPSS
0.3%
CVE-2024-45200 MEDIUM This Month

In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows a remote attacker to exploit a stack-based buffer overflow upon deserialization of session. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Code Injection RCE Buffer Overflow
NVD GitHub
CVSS 3.1
6.3
EPSS
1.4%
CVE-2024-47063 MEDIUM PATCH This Month

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Computer Vision Annotation Tool
NVD GitHub
CVSS 4.0
6.2
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy