Skip to main content
CVE-2024-37869 HIGH POC This Week

File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Discussion Forum
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-37868 HIGH POC This Week

File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Discussion Forum
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-41512 HIGH POC This Week

A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cadclick
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-9515 HIGH POC This Week

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 605l Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.4%
CVE-2024-9514 HIGH POC This Week

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 605l Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.5%
CVE-2024-9054 HIGH POC THREAT This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Timeprovider 4100 Firmware
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
15.0%
CVE-2024-46486 HIGH POC This Week

TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProcDataSrv function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection RCE Tl Wdr5620 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-43687 HIGH POC This Week

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).0. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

XSS Timeprovider 4100 Firmware
NVD Exploit-DB
CVSS 4.0
7.7
EPSS
0.8%
CVE-2024-47769 HIGH POC PATCH This Week

IDURAR is open source ERP CRM accounting invoicing software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Idurar
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-6443 MEDIUM POC This Month

In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-7801 MEDIUM POC This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.0 before 2.4.7. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Timeprovider 4100 Firmware
NVD Exploit-DB
CVSS 4.0
6.3
EPSS
0.8%
CVE-2024-9513 MEDIUM POC This Month

A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 and classified as problematic. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Netadmin Iam
NVD VulDB
CVSS 4.0
6.3
EPSS
1.7%
CVE-2024-41516 MEDIUM POC This Month

A Reflected cross-site scripting (XSS) vulnerability in "ccHandler.aspx" CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "bomid" parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cadclick
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-41515 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in "ccHandlerResource.ashx" in CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "res_url" parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cadclick
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-41514 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cadclick
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-41513 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in "Artikel.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "searchindex" parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cadclick
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-46409 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Seeddms
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-47913 MEDIUM POC PATCH This Month

An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Mediawiki
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-9410 MEDIUM POC This Month

Ada.cx's Sentry configuration allowed for blind server-side request forgeries (SSRF) through the use of a data scraping endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ada
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-47656 CRITICAL Act Now

This vulnerability exists in Shilpi Client Dashboard due to missing restrictions for incorrect login attempts on its API based login. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Client Dashboard
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-43685 HIGH This Week

Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.0 before 2.4.7. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Timeprovider 4100 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-43684 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).0. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS CSRF Timeprovider 4100 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2024-43683 HIGH This Week

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.0. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS Open Redirect Timeprovider 4100 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2024-47790 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera D8801 due to usage of insecure Real-Time Streaming Protocol (RTSP) version for live video streaming. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-47789 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera D8801 due to usage of weak authentication scheme of the HTTP header protocol where authorization tag contain a. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-47655 HIGH This Week

This vulnerability exists in the Shilpi Client Dashboard due to improper validation of files being uploaded other than the specified extension. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Client Dashboard
NVD
CVSS 4.0
8.6
EPSS
0.7%
CVE-2024-6400 HIGH This Week

Cleartext Storage of Sensitive Information, Exposure of Sensitive Information Through Data Queries vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data, Authentication Bypass,. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Command Injection Finrota
NVD VulDB
CVSS 4.0
8.2
EPSS
0.1%
CVE-2024-47183 HIGH PATCH This Week

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Node.js Parse Server
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-41511 LOW POC Monitor

A Path Traversal (Local File Inclusion) vulnerability in "BinaryFileRedirector.ashx" in CADClick v1.11.0 and before allows remote attackers to retrieve arbitrary local files via the "path" parameter. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cadclick
NVD
CVSS 3.1
3.9
EPSS
0.9%
CVE-2024-47652 HIGH This Week

This vulnerability exists in Shilpi Client Dashboard due to implementation of inadequate authentication mechanism in the login module wherein access to any users account is granted with just their. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Client Dashboard
NVD
CVSS 4.0
7.6
EPSS
0.4%
CVE-2024-46078 HIGH This Week

itsourcecode Sports Management System Project 1.0 is vulnerable to SQL Injection in the function delete_category of the file sports_scheduling/player.php via the argument id. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Sports Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-38040 HIGH This Week

There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Portal For Arcgis
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-47850 HIGH This Week

CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-47911 HIGH This Week

In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sonarqube
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-47910 HIGH This Week

An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-47657 HIGH This Week

This vulnerability exists in the Shilpi Net Back Office due to improper access controls on certain API endpoints. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Net Back Office
NVD
CVSS 4.0
7.1
EPSS
0.4%
CVE-2024-47654 HIGH This Week

This vulnerability exists in Shilpi Client Dashboard due to lack of rate limiting and Captcha protection for OTP requests in certain API endpoint. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Client Dashboard
NVD
CVSS 4.0
7.1
EPSS
0.5%
CVE-2024-47653 HIGH This Week

This vulnerability exists in Shilpi Client Dashboard due to lack of authorization for modification and cancellation requests through certain API endpoints. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Client Dashboard
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-47651 HIGH This Week

This vulnerability exists in Shilpi Client Dashboard due to improper handling of multiple parameters in the API endpoint. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Client Dashboard
NVD
CVSS 4.0
7.1
EPSS
0.4%
CVE-2024-47764 MEDIUM PATCH This Month

cookie is a basic HTTP cookie parser and serializer for HTTP servers. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-47768 MEDIUM PATCH This Month

Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Lif Authentication Server
NVD GitHub
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-47765 MEDIUM PATCH This Month

Minecraft MOTD Parser is a PHP library to parse minecraft server motd. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Minecraft Motd Parser
NVD GitHub
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-6444 MEDIUM This Month

No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-6442 MEDIUM This Month

In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-8802 MEDIUM This Month

The Clio Grow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Clio Grow
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2024-8148 MEDIUM This Month

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Portal For Arcgis
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-38038 MEDIUM This Month

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Portal For Arcgis
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-38037 MEDIUM This Month

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Portal For Arcgis
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-25691 MEDIUM This Month

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Portal For Arcgis
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-8499 MEDIUM PATCH This Month

The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘render_review_request_notice’ function in all versions up. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Checkout Field Editor For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy