Skip to main content
CVE-2024-35584 HIGH POC This Week

SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community Edition 9.1 to 8.0, and possibly earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Opensis
NVD GitHub
CVSS 3.1
8.8
EPSS
6.5%
CVE-2024-48411 CRITICAL POC Act Now

itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to SQL Injection (SQLI) via a crafted payload to the val-email parameter in forget_password.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Tours Travels Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-48283 CRITICAL POC Act Now

Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection in /admin//search-result.php via the searchkey parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP User Registration Login And User Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-47945 CRITICAL POC Act Now

The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Iot Interface Firmware Cmc Iii Processing Units Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-48914 CRITICAL POC PATCH THREAT Act Now

Vendure is an open-source headless commerce platform. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.1
EPSS
59.8%
CVE-2024-9961 HIGH POC This Week

Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Memory Corruption Denial Of Service Apple +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-9957 HIGH POC This Week

Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Memory Corruption Denial Of Service Apple +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-41311 HIGH POC PATCH This Week

In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libheif Debian Linux
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2024-48282 HIGH POC This Week

A SQL Injection vulnerability was found in /password-recovery.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP User Registration Login And User Management System
NVD GitHub
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-48280 HIGH POC This Week

A SQL Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers to execute arbitrary SQL command. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP User Registration Login And User Management System
NVD GitHub
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-48279 HIGH POC This Week

A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE User Registration Login And User Management System
NVD GitHub
CVSS 3.1
7.6
EPSS
0.6%
CVE-2024-9960 HIGH POC This Week

Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-41344 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in Codeigniter 3.1.13 allows attackers to arbitrarily change the Administrator password and escalate privileges. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Codeigniter
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-9986 MEDIUM POC This Month

A vulnerability was found in code-projects Blood Bank Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Blood Bank Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-48622 MEDIUM POC This Month

A cross-site scripting (XSS) issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Domainmod
NVD GitHub
CVSS 3.1
6.6
EPSS
0.3%
CVE-2024-48714 MEDIUM POC This Month

In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Tl Wdr7660 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-48713 MEDIUM POC This Month

In TP-Link TL-WDR7660 1.0, the wacWhitelistJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Tl Wdr7660 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-48712 MEDIUM POC This Month

In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Tl Wdr7660 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-48710 MEDIUM POC This Month

In TP-Link TL-WDR7660 1.0, the wlanTimerRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Tl Wdr7660 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-48913 MEDIUM POC PATCH This Month

Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery (CSRF) middleware by a request without Content-Type header. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

CSRF Hono
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-9486 CRITICAL PATCH Act Now

A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Kubernetes Image Builder
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2024-48782 CRITICAL Act Now

File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to execute arbitrary code via the application only detecting the extension of image files in the front-end. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-48781 CRITICAL Act Now

An issue in Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 allows a remote attacker to execute arbitrary code via a specially constructed so file/opt/EdrawProj-2/plugins/imageformat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-48779 CRITICAL Act Now

An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker to execute arbitrary code via the platformpluginpath parameter to specify that the qt plugin loads the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-21216 CRITICAL Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Weblogic Server
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-45275 CRITICAL Act Now

The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mbnet Mini Firmware Rex 100 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-45274 CRITICAL Act Now

An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mbnet Mini Firmware Rex 100 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-9985 CRITICAL Act Now

Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Enterprise Cloud Database
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-9984 CRITICAL Act Now

Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Cloud Database
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-9925 CRITICAL Act Now

SQL injection vulnerability in TAI Smart Factory's QPLANT SF version 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Qplant Sf
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-47943 CRITICAL Act Now

The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III Processing Unit devices checks if the patch files are signed before executing the containing run.sh. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Jwt Attack
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-9982 CRITICAL Act Now

AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-9972 CRITICAL Act Now

Property Management System from ChanGate has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-48278 MEDIUM POC This Month

Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to Cross Site Request Forgery (CSRF) via /edit-profile.php. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF User Registration Login And User Management System
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-48624 MEDIUM POC This Month

In segments\edit.php of DomainMOD below v4.12.0, the segid parameter in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Domainmod
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-48623 MEDIUM POC This Month

In queue\index.php of DomainMOD below v4.12.0, the list_id and domain_id parameters in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS). Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Domainmod
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-9976 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pharmacy Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-9975 MEDIUM POC This Month

A vulnerability was found in SourceCodester Drag and Drop Image Upload 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Drag And Drop Image Upload
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-9974 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Eyewear Shop
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-9973 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Eyewear Shop
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10004 CRITICAL Act Now

Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Mozilla Firefox
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-49388 CRITICAL Act Now

Sensitive information manipulation due to improper authorization. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Cyber Protect
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-9952 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Eyewear Shop
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-21172 CRITICAL Act Now

Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Oracle Hospitality Opera 5
NVD
CVSS 3.1
9.0
EPSS
0.5%
CVE-2024-38139 HIGH PATCH This Week

Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Microsoft Dataverse
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-9959 HIGH This Week

Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted Chrome. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-9955 HIGH This Week

Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-9954 HIGH This Week

Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
6.3%
CVE-2024-21255 HIGH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: XMLPublisher). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-21254 HIGH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Bi Publisher
NVD
CVSS 3.1
8.8
EPSS
0.5%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy