Skip to main content
CVE-2024-9796 CRITICAL POC Act Now

The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Wp Advanced Search
NVD WPScan
CVSS 3.1
9.8
EPSS
3.0%
CVE-2024-9487 CRITICAL POC THREAT Act Now

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jwt Attack Denial Of Service Enterprise Server
NVD GitHub
CVSS 4.0
9.5
EPSS
22.4%
CVE-2024-9786 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 619l Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.6%
CVE-2024-9785 HIGH POC This Week

A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 619l Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.5%
CVE-2024-9784 HIGH POC This Week

A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 619l Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.9%
CVE-2024-9783 HIGH POC This Week

A vulnerability was found in D-Link DIR-619L B1 2.06. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 619l Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.9%
CVE-2024-9782 HIGH POC This Week

A vulnerability was found in D-Link DIR-619L B1 2.06. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 619l Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.1%
CVE-2024-9022 HIGH POC This Week

SQL injection in the TS Poll WordPress plugin (versions up to and including 2.4.0) allows authenticated attackers with Administrator-level access to append arbitrary SQL queries via the 'orderby' parameter, enabling extraction of sensitive database contents. Publicly available exploit code exists, though the high-privilege requirement (PR:H) limits practical impact, and EPSS sits at 2.11% (84th percentile) indicating modest but non-trivial exploitation interest. No public exploit identified as actively used in the wild - not listed in CISA KEV.

SQLi WordPress Ts Poll
NVD GitHub
CVSS 3.1
7.2
EPSS
2.1%
CVE-2024-9156 HIGH POC This Week

The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Ti Woocommerce Wishlist
NVD WPScan
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-9818 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Online Veterinary Appointment System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Veterinary Appointment System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-9814 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Codezips Pharmacy Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pharmacy Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-9813 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Codezips Pharmacy Management System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pharmacy Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-9812 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Crud Operation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Crud Operation System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-9811 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Restaurant Reservation System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-9797 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Blood Bank System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-9312 MEDIUM POC PATCH This Month

Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. Rated medium severity (CVSS 6.4). Public exploit code available and no vendor patch available.

Information Disclosure Authd
NVD GitHub
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-47868 MEDIUM POC PATCH This Month

Gradio is an open-source Python package designed for quick prototyping. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Gradio
NVD GitHub
CVSS 4.0
6.3
EPSS
0.8%
CVE-2024-47636 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch allows Object Injection.5.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-9201 CRITICAL Act Now

The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘id_order’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Seur
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-45115 CRITICAL Act Now

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Privilege Escalation Commerce Commerce B2b +1
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-9518 CRITICAL Act Now

The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Userplus
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-9780 MEDIUM POC This Month

ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-7049 MEDIUM POC This Month

In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Open Webui
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-7048 MEDIUM POC This Month

In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Open Webui
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-9817 MEDIUM POC This Month

A vulnerability was found in code-projects Blood Bank System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Blood Bank System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-9810 MEDIUM POC This Month

A vulnerability was found in SourceCodester Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Record Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-9809 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Eyewear Shop
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-9808 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Eyewear Shop
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-9806 MEDIUM POC This Month

A vulnerability has been found in Craig Rodway Classroombookings up to 2.8.6 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Classroombookings
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-9805 MEDIUM POC This Month

A vulnerability was found in code-projects Blood Bank System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Blood Bank System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-9803 MEDIUM POC This Month

A vulnerability was found in code-projects Blood Bank Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Blood Bank System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-9799 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Profile Registration without Reload Refresh 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Profile Registration Without Reload Refresh
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-9794 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Codezips Online Shopping Portal 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-9793 MEDIUM POC THREAT This Month

A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac1206 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
21.5%
CVE-2024-9816 MEDIUM POC This Month

A vulnerability was found in Codezips Tourist Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Tourist Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-9815 MEDIUM POC This Month

A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Tourist Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-9807 MEDIUM POC This Month

A vulnerability was found in Craig Rodway Classroombookings 2.8.7 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Classroombookings
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-9804 MEDIUM POC This Month

A vulnerability was found in code-projects Blood Bank System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Blood Bank System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-9790 MEDIUM POC This Month

A vulnerability was found in LyLme_spage 1.9.5. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Lylme Spage
NVD VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-9789 MEDIUM POC This Month

A vulnerability was found in LyLme_spage 1.9.5 and classified as critical.php. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Lylme Spage
NVD VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-9788 MEDIUM POC This Month

A vulnerability has been found in LyLme_spage 1.9.5 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Lylme Spage
NVD VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-48949 CRITICAL PATCH Act Now

The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Jwt Attack Information Disclosure Elliptic
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-45148 HIGH This Week

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Commerce Commerce B2b Magento
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-9522 HIGH This Week

The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wp Users Masquerade
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-47966 HIGH This Week

Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cncsoft G2
NVD
CVSS 4.0
8.4
EPSS
0.2%
CVE-2024-47965 HIGH This Week

Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Cncsoft G2
NVD
CVSS 4.0
8.4
EPSS
0.2%
CVE-2024-47964 HIGH This Week

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Cncsoft G2
NVD
CVSS 4.0
8.4
EPSS
0.3%
CVE-2024-47963 HIGH This Week

Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Cncsoft G2
NVD
CVSS 4.0
8.4
EPSS
0.3%
CVE-2024-47962 HIGH This Week

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Cncsoft G2
NVD
CVSS 4.0
8.4
EPSS
3.4%
CVE-2024-47871 HIGH PATCH This Week

Gradio is an open-source Python package designed for quick prototyping. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Gradio
NVD GitHub
CVSS 4.0
8.2
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy