Skip to main content
CVE-2024-42640 CRITICAL POC PATCH THREAT Act Now

angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
43.7%
CVE-2024-9707 CRITICAL POC PATCH Act Now

The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass RCE WordPress Hunk Companion
NVD GitHub
CVSS 3.1
9.8
EPSS
9.1%
CVE-2024-9234 CRITICAL POC THREAT Act Now

The GutenKit - Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD GitHub
CVSS 3.1
9.8
EPSS
10.4%
CVE-2024-48827 HIGH POC This Week

An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Watcharr
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
2.7%
CVE-2024-46468 HIGH POC This Week

A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be exploited by an attacker to obtain sensitive information, resulting in an information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Information Disclosure Jpress
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-35522 HIGH POC This Week

Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Netgear Ex3700 Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
1.8%
CVE-2024-48987 MEDIUM POC PATCH This Month

Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Snipe It
NVD GitHub
CVSS 3.1
6.6
EPSS
1.0%
CVE-2024-47875 MEDIUM POC PATCH This Month

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Dompurify
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2024-46532 CRITICAL Act Now

SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-46088 CRITICAL Act Now

An arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 allows attackers to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-48784 CRITICAL Act Now

An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker to obtain sensitive information via the firmware update process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-48033 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in baptiste.gourdin Talkback talkback-secure-linkback-protocol allows Object Injection.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-8755 CRITICAL Act Now

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Loadmaster
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-47830 MEDIUM POC PATCH This Month

Plane is an open-source project management tool. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Plane
NVD GitHub
CVSS 3.1
5.8
EPSS
0.6%
CVE-2024-45402 CRITICAL PATCH Act Now

Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Picotls
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-21534 CRITICAL PATCH Act Now

All versions of the package jsonpath-plus are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
9.1%
CVE-2024-9822 CRITICAL Act Now

The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Pedalo Connector
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-47331 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ninja Team Multi Step for Contact Form cf7-multi-step allows SQL Injection.7.7. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.3
EPSS
0.2%
CVE-2024-47074 CRITICAL PATCH Act Now

DataEase is an open source data visualization analysis tool. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Java PostgreSQL Dataease
NVD GitHub
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-48772 CRITICAL Act Now

An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive information via the firmware update process. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-48778 CRITICAL Act Now

An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) 2.0.7 allows a remote attacker to obtain sensitive information via the firmware update process. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-48769 CRITICAL Act Now

An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-48787 CRITICAL Act Now

An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain sensitive information via the firmware update process. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-48786 CRITICAL Act Now

An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker to obtain sensitive information via the firmware update process. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-44730 CRITICAL Act Now

Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-9856 MEDIUM POC This Month

A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS 07flycms Customer Relationship Management
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-9855 MEDIUM POC This Month

A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload 07flycms Customer Relationship Management
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-8912 HIGH This Week

An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture HTTP responses destined for legitimate users. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Request Smuggling Google Cloud Looker
NVD
CVSS 4.0
8.9
EPSS
0.2%
CVE-2024-9859 HIGH This Week

Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Google Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-44414 HIGH This Week

A vulnerability was discovered in FBM_292W-21.03.10V, which has been classified as critical.htm file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Command Injection RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-44413 HIGH This Week

A vulnerability was discovered in DI_8200-16.07.26A1, which has been classified as critical.asp file. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
3.0%
CVE-2024-48813 HIGH This Week

SQL injection vulnerability in employee-management-system-php-and-mysql-free-download.html taskmatic 1.0 allows a remote attacker to execute arbitrary code via the admin_id parameter of the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP RCE
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-9164 HIGH This Week

An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-8970 HIGH This Week

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows an attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-47504 HIGH This Week

An Improper Validation of Specified Type of Input vulnerability in the packet forwarding engine (pfe) Juniper Networks Junos OS on SRX5000 Series allows an unauthenticated, network based attacker to. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-47502 HIGH This Week

An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-47499 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-47497 HIGH This Week

An Uncontrolled Resource Consumption vulnerability in the http daemon (httpd) of Juniper Networks Junos OS on SRX Series, QFX Series, MX Series and EX Series allows an unauthenticated, network-based. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-39547 HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in the rpd-server of Juniper Networks Junos OS and Junos OS Evolved within cRPD allows an unauthenticated network-based attacker sending. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Containerized Routing Protocol Daemon
NVD
CVSS 4.0
8.7
EPSS
0.9%
CVE-2024-48040 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tainacan Tainacan tainacan allows SQL Injection.21.8. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
8.5
EPSS
0.4%
CVE-2024-48020 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows SQL Injection.22.21. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
8.5
EPSS
0.2%
CVE-2024-6985 MEDIUM POC PATCH This Month

A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Path Traversal Lollms
NVD GitHub
CVSS 3.1
4.4
EPSS
0.4%
CVE-2024-47495 HIGH This Week

An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated attacker with shell access to gain full control of the device when Dual Routing Engines (REs) are in. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Juniper Junos Os Evolved
NVD
CVSS 4.0
8.4
EPSS
0.2%
CVE-2024-6971 MEDIUM POC This Month

A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the `lollms_file_system.py` file. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Lollms Webui
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2024-48770 HIGH This Week

An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain sensitive information via the firmware update process. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-25622 MEDIUM POC PATCH This Month

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure H2O
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-5005 MEDIUM POC This Month

An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-47506 HIGH This Week

A Deadlock vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 4.0
8.2
EPSS
0.3%
CVE-2024-47494 HIGH This Week

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the AgentD process of Juniper Networks Junos OS allows an attacker who is already causing impact to established sessions which. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Juniper Denial Of Service Junos
NVD
CVSS 4.0
8.2
EPSS
0.4%
CVE-2024-47491 HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.2
EPSS
0.6%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy