Skip to main content
CVE-2024-44812 CRITICAL POC Act Now

SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Complaint Site
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-40494 CRITICAL POC Act Now

Buffer Overflow in coap_msg.c in FreeCoAP allows remote attackers to execute arbitrary code or cause a denial of service (stack buffer overflow) via a crafted packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Freecoap
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-40493 CRITICAL POC Act Now

Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference RCE Denial Of Service Freecoap
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-31029 HIGH POC This Week

An issue in the server_handle_regular function of the test_coap_server.c file within the FreeCoAP project allows remote attackers to cause a Denial of Service through specially crafted packets. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Freecoap
NVD GitHub
CVSS 3.1
8.2
EPSS
0.5%
CVE-2024-48605 HIGH POC This Week

An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Helakuru
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-48570 HIGH POC This Week

Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Dates Reports parameter at /admin/bwdates-reports-ds.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Client Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-48657 HIGH POC This Week

SQL Injection vulnerability in hospital management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Hospital Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-46483 CRITICAL Act Now

Xlight FTP Server <3.9.4.3 has an integer overflow vulnerability in the packet parsing logic of the SFTP server, which can lead to a heap overflow with attacker-controlled content. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-48904 CRITICAL Act Now

An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Trend Micro Cloud Edge
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2024-43177 CRITICAL Act Now

IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Concert
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-48708 MEDIUM POC This Month

Collabtive 3.1 is vulnerable to Cross-Site Scripting (XSS) via the name parameter in (a) file tasklist.php under action = add/edit and in (b) file admin.php under action = adduser/edituser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Collabtive
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-48707 MEDIUM POC This Month

Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under (a) action=add or action=edit within managemilestone.php file and (b) action=addpro within admin.php file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Collabtive
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-48706 MEDIUM POC This Month

Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a) managemessage.php file and (b) managetask.php file respectively. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Collabtive
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-43698 CRITICAL Act Now

Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-41717 CRITICAL Act Now

Kieback & Peter's DDC4000 series is vulnerable to a path traversal vulnerability, which may allow an unauthenticated attacker to read files on the system. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-9129 CRITICAL Act Now

In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-8852 MEDIUM POC PATCH This Month

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.86 through publicly exposed log files. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure All In One Wp Migration
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2024-48919 CRITICAL Act Now

Cursor is a code editor built for programming with AI. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 4.0
9.2
EPSS
0.5%
CVE-2024-46902 CRITICAL Act Now

A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Trend Micro Deep Discovery Inspector
NVD
CVSS 3.1
9.1
EPSS
1.9%
CVE-2024-26519 CRITICAL Act Now

An issue in Casa Systems NTC-221 version 2.0.99.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the /www/cgi-bin/nas.cgi component. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass RCE
NVD
CVSS 3.1
9.0
EPSS
0.3%
CVE-2024-48656 MEDIUM POC This Month

Cross Site Scripting vulnerability in student management system in php with source code v.1.0.0 allows a remote attacker to execute arbitrary code. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Student Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-48652 MEDIUM POC This Month

Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Camaleon Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2024-46538 MEDIUM POC THREAT This Month

A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pfsense
NVD GitHub
CVSS 3.1
4.8
EPSS
77.9%
CVE-2024-45518 HIGH This Week

An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF RCE XSS Command Injection Collaboration
NVD
CVSS 3.1
8.8
EPSS
20.3%
CVE-2024-46240 MEDIUM POC This Month

Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under action=system and the company/contact parameters under action=addcust within admin.php file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Collabtive
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-38002 HIGH PATCH This Week

The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass RCE Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-26273 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.4.0 through 7.4.3.103, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE CSRF Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-26272 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE CSRF Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-26271 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE CSRF Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-10002 HIGH PATCH This Week

The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Rover Idx
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-47819 HIGH PATCH This Week

Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Umbraco Cms
NVD GitHub
CVSS 3.1
8.7
EPSS
0.3%
CVE-2024-43812 HIGH This Week

Kieback & Peter's DDC4000 series has an insufficiently protected credentials vulnerability, which may allow an unauthenticated attacker with access to /etc/passwd to read the password hashes of all. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.6
EPSS
0.2%
CVE-2024-9987 HIGH This Week

A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agents_modules_csv functionality.3. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Pandora Fms
NVD
CVSS 4.0
8.6
EPSS
0.4%
CVE-2024-35308 HIGH This Week

A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature.3. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Pandora Fms
NVD
CVSS 4.0
8.3
EPSS
0.6%
CVE-2024-46482 HIGH This Week

An arbitrary file upload vulnerability in the Ticket Generation function of Ladybird Web Solution Faveo-Helpdesk v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .html or. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS File Upload
NVD GitHub
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-9050 HIGH This Week

A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Code Injection
NVD VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-7587 HIGH This Week

Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Genesis64 Mc Works64
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-48903 HIGH This Week

An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Deep Security Agent
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-45334 HIGH This Week

Trend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Trend Micro Antivirus One
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-41183 HIGH This Week

Trend Micro VPN, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite under specific conditions that can lead to elevation of privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Trend Micro Vpn
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2024-9677 HIGH This Week

The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Uos
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-42643 HIGH This Week

Integer Overflow in fast_ping.c in SmartDNS Release46 allows remote attackers to cause a Denial of Service via misaligned memory access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-39753 HIGH This Week

An modOSCE SQL Injection vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

SQLi RCE Trend Micro Apex One
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2024-10234 HIGH This Week

A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Build Of Keycloak Jboss Enterprise Application Platform
NVD
CVSS 3.1
7.3
EPSS
0.7%
CVE-2024-9627 HIGH This Week

The TeploBot - Telegram Bot for WP plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'service_process' function in all versions up to,. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Teplobot
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2024-8901 MEDIUM This Month

The AWS ALB Route Directive Adapter For Istio repo https://github.com/awslabs/aws-alb-route-directive-adapter-for-istio/tree/master provides an OIDC authentication mechanism that was integrated into. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-10125 MEDIUM This Month

The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo https://github.com/awslabs/aws-alb-identity-aspnetcore#validatetokensignature contains Middleware that can be used in conjunction with the. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft
NVD GitHub
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-46903 MEDIUM This Month

A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Trend Micro Deep Discovery Inspector
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2024-48925 MEDIUM PATCH This Month

Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Umbraco Cms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-50311 MEDIUM This Month

A denial of service (DoS) vulnerability was found in OpenShift. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Openshift Container Platform
NVD
CVSS 3.1
6.5
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy