Skip to main content
CVE-2024-37869 HIGH POC This Week

File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Discussion Forum
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-37868 HIGH POC This Week

File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Discussion Forum
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-41512 HIGH POC This Week

A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cadclick
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-9515 HIGH POC This Week

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 605l Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.4%
CVE-2024-9514 HIGH POC This Week

A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 605l Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.5%
CVE-2024-9054 HIGH POC THREAT This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Timeprovider 4100 Firmware
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
15.0%
CVE-2024-46486 HIGH POC This Week

TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProcDataSrv function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection RCE Tl Wdr5620 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-43687 HIGH POC This Week

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).0. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

XSS Timeprovider 4100 Firmware
NVD Exploit-DB
CVSS 4.0
7.7
EPSS
0.8%
CVE-2024-47769 HIGH POC PATCH This Week

IDURAR is open source ERP CRM accounting invoicing software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Idurar
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-43685 HIGH This Week

Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.0 before 2.4.7. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Timeprovider 4100 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-43684 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).0. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS CSRF Timeprovider 4100 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2024-43683 HIGH This Week

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.0. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS Open Redirect Timeprovider 4100 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2024-47790 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera D8801 due to usage of insecure Real-Time Streaming Protocol (RTSP) version for live video streaming. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-47789 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera D8801 due to usage of weak authentication scheme of the HTTP header protocol where authorization tag contain a. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-47655 HIGH This Week

This vulnerability exists in the Shilpi Client Dashboard due to improper validation of files being uploaded other than the specified extension. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Client Dashboard
NVD
CVSS 4.0
8.6
EPSS
0.7%
CVE-2024-6400 HIGH This Week

Cleartext Storage of Sensitive Information, Exposure of Sensitive Information Through Data Queries vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data, Authentication Bypass,. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Command Injection Finrota
NVD VulDB
CVSS 4.0
8.2
EPSS
0.1%
CVE-2024-47183 HIGH PATCH This Week

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Node.js Parse Server
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-47652 HIGH This Week

This vulnerability exists in Shilpi Client Dashboard due to implementation of inadequate authentication mechanism in the login module wherein access to any users account is granted with just their. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Client Dashboard
NVD
CVSS 4.0
7.6
EPSS
0.4%
CVE-2024-46078 HIGH This Week

itsourcecode Sports Management System Project 1.0 is vulnerable to SQL Injection in the function delete_category of the file sports_scheduling/player.php via the argument id. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Sports Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-38040 HIGH This Week

There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Portal For Arcgis
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-47850 HIGH This Week

CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-47911 HIGH This Week

In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sonarqube
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-47910 HIGH This Week

An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-47657 HIGH This Week

This vulnerability exists in the Shilpi Net Back Office due to improper access controls on certain API endpoints. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Net Back Office
NVD
CVSS 4.0
7.1
EPSS
0.4%
CVE-2024-47654 HIGH This Week

This vulnerability exists in Shilpi Client Dashboard due to lack of rate limiting and Captcha protection for OTP requests in certain API endpoint. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Client Dashboard
NVD
CVSS 4.0
7.1
EPSS
0.5%
CVE-2024-47653 HIGH This Week

This vulnerability exists in Shilpi Client Dashboard due to lack of authorization for modification and cancellation requests through certain API endpoints. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Client Dashboard
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-47651 HIGH This Week

This vulnerability exists in Shilpi Client Dashboard due to improper handling of multiple parameters in the API endpoint. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Client Dashboard
NVD
CVSS 4.0
7.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy