Skip to main content
CVE-2024-49681 CRITICAL Emergency

SQL injection in the WP Sessions Time Monitoring Full Automatic WordPress plugin (versions up to and including 1.0.9) allows remote unauthenticated attackers to inject crafted SQL into backend queries, exposing sensitive WordPress database contents and degrading availability. No public exploit identified at time of analysis, but the EPSS percentile of 98% (51.33% probability) places this in the top tier of vulnerabilities likely to be exploited in the next 30 days.

SQLi
NVD VulDB
CVSS 3.1
9.3
EPSS
51.3%
CVE-2024-46478 CRITICAL POC PATCH Act Now

HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Htmldoc
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-47883 CRITICAL POC PATCH Act Now

The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF RCE Path Traversal XSS Butterfly
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%
CVE-2024-47881 HIGH POC PATCH This Week

OpenRefine is a free, open source tool for working with messy data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi RCE Openrefine
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-47879 HIGH POC PATCH This Week

OpenRefine is a free, open source tool for working with messy data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection CSRF Python RCE Openrefine
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-45262 HIGH POC This Week

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mt2500 Firmware Axt1800 Firmware Ax1800 Firmware B3000 Firmware +17
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-48208 HIGH POC This Week

pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Pure Ftpd
NVD GitHub
CVSS 3.1
8.6
EPSS
1.5%
CVE-2024-45261 HIGH POC This Week

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mt2500 Firmware Axt1800 Firmware Ax1800 Firmware B3000 Firmware +17
NVD GitHub
CVSS 3.1
8.0
EPSS
0.5%
CVE-2024-45260 HIGH POC This Week

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mt6000 Firmware B1300 Firmware Mt2500 Firmware Axt1800 Firmware +17
NVD GitHub
CVSS 3.1
8.0
EPSS
3.9%
CVE-2024-48423 HIGH POC This Week

An issue in assimp v.5.4.3 allows a local attacker to execute arbitrary code via the CallbackToLogRedirector function within the Assimp library. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Assimp
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-49359 HIGH POC This Week

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Zimaos
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-49357 HIGH POC THREAT This Week

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zimaos
NVD GitHub
CVSS 3.1
7.5
EPSS
20.6%
CVE-2024-48931 HIGH POC This Week

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Path Traversal Zimaos
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-6049 HIGH POC This Week

The web server of Lawo AG vsm LTC Time Sync (vTimeSync) is affected by a "..." (triple dot) path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2024-47880 MEDIUM POC PATCH This Month

OpenRefine is a free, open source tool for working with messy data. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

XSS Openrefine
NVD GitHub
CVSS 3.1
6.9
EPSS
0.4%
CVE-2024-10335 MEDIUM POC This Month

A vulnerability was found in SourceCodester Garbage Collection Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Garbage Collection Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-45259 MEDIUM POC This Month

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mt3000 Firmware Mt2500 Firmware Axt1800 Firmware Ax1800 Firmware +17
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-6826 MEDIUM POC This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-48426 MEDIUM POC This Month

A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Execute function in the Assimp library during fuzz testing with AddressSanitizer. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp
NVD GitHub
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-47882 MEDIUM POC PATCH This Month

OpenRefine is a free, open source tool for working with messy data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Openrefine
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-47878 MEDIUM POC PATCH This Month

OpenRefine is a free, open source tool for working with messy data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Openrefine
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-48538 CRITICAL Act Now

Incorrect access control in the firmware update and download processes of Neye3C v4.5.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-48539 CRITICAL Act Now

Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-41618 CRITICAL Act Now

Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to SQL Injection in the `transaction_delete_group` function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-41617 CRITICAL Act Now

Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE PHP
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-48514 CRITICAL PATCH Act Now

php-heic-to-jpg <= 1.0.5 is vulnerable to code injection (fixed in 1.0.6). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-48425 MEDIUM POC This Month

A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-48424 MEDIUM POC This Month

A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp library, specifically during the processing of OpenGEX files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-8312 MEDIUM POC This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-44206 CRITICAL Act Now

An issue in the handling of URL protocols was addressed with improved logic. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari Ipados Iphone Os +3
NVD VulDB
CVSS 3.1
9.3
EPSS
0.5%
CVE-2024-49358 MEDIUM POC This Month

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zimaos
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-10349 MEDIUM POC This Month

A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Best House Rental Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-10348 MEDIUM POC This Month

A vulnerability was found in SourceCodester Best House Rental Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Best House Rental Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-48932 MEDIUM POC This Month

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zimaos
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-48548 CRITICAL Act Now

The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.3
EPSS
0.2%
CVE-2024-10331 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Vehicle Record System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Vehicle Record System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10350 MEDIUM POC This Month

A vulnerability was found in code-projects Hospital Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hospital Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-48145 CRITICAL Act Now

A prompt injection vulnerability in the chatbox of Netangular Technologies ChatNet AI Version v1.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-48144 CRITICAL Act Now

A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-48143 CRITICAL Act Now

A lack of rate limiting in the OTP validation component of Digitory Multi Channel Integrated POS v1.0 allows attackers to gain access to the ordering system and place an excessive amount of food. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-10338 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodeHero Clothes Recommendation System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Clothes Recommendation System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-10337 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodeHero Clothes Recommendation System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Clothes Recommendation System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-45263 HIGH This Week

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

File Upload Mt6000 Firmware Mt3000 Firmware Mt2500 Firmware Axt1800 Firmware +17
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-48427 HIGH This Week

A SQL injection vulnerability in Sourcecodester Packers and Movers Management System v1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Packers And Movers Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-48441 HIGH This Week

Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router CommonCPExCPETS_v3.2.468.11.04_P4 was discovered to contain a command injection vulnerability via the component at_command.asp. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-48440 HIGH This Week

Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 was discovered to contain a command injection vulnerability via the component at_command.asp. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-10313 HIGH This Week

iniNet Solutions SpiderControl SCADA PC HMI Editor has a path traversal vulnerability. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
8.6
EPSS
0.5%
CVE-2024-48544 HIGH This Week

Incorrect access control in the firmware update and download processes of Sylvania Smart Home v3.0.3 allows attackers to access sensitive information by analyzing the code and data within the APK. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-48547 HIGH This Week

Incorrect access control in the firmware update and download processes of DreamCatcher Life v1.8.7 allows attackers to access sensitive information by analyzing the code and data within the APK file. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-48546 HIGH This Week

Incorrect access control in the firmware update and download processes of Wear Sync v1.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy