Skip to main content
CVE-2024-48237 CRITICAL POC Act Now

WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Controller\HomebaseController.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Wtcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-48581 CRITICAL POC Act Now

File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the admin_class.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE File Upload Best Courier Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-48580 CRITICAL POC Act Now

SQL Injection vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the email parameter of the login request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Best Courier Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-48579 CRITICAL POC Act Now

SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a remote attacker to execute arbitrary code via the username parameter of the login request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE SQLi Best House Rental Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-48428 CRITICAL POC Act Now

An issue in Olive VLE allows an attacker to obtain sensitive information via the reset password function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Olivevle
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-49753 CRITICAL POC PATCH Act Now

Zitadel is open-source identity infrastructure software. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zitadel
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-49380 HIGH POC PATCH This Week

Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Plenti
NVD GitHub
CVSS 4.0
8.9
EPSS
2.8%
CVE-2024-48655 HIGH POC This Week

An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Total Js
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-49381 HIGH POC PATCH This Week

Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Plenti
NVD GitHub
CVSS 4.0
7.7
EPSS
0.8%
CVE-2024-48230 HIGH POC This Week

funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Funadmin
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-48226 HIGH POC This Week

Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Funadmin
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-48223 HIGH POC This Week

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Funadmin
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-48222 HIGH POC This Week

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Funadmin
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-48218 HIGH POC This Week

Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Funadmin
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-10370 MEDIUM POC This Month

A vulnerability was found in Codezips Sales Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Sales Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-10369 MEDIUM POC This Month

A vulnerability was found in Codezips Sales Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Sales Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-10368 MEDIUM POC This Month

A vulnerability was found in Codezips Sales Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Sales Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-48236 MEDIUM POC This Month

An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String method of the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Java RCE Ofcms
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-48235 MEDIUM POC This Month

An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Java RCE Ofcms
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-48225 MEDIUM POC This Month

Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Funadmin
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-48743 MEDIUM POC This Month

Cross Site Scripting vulnerability in Sentry v.6.0.9 allows a remote attacker to execute arbitrary code via the z parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Sentry
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-48343 MEDIUM POC This Month

A SQL Injection vulnerability in ESAFENET CDG 5 and earlier allows an attacker to execute arbitrary code via the id parameter of the dataSearch.jsp page. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE Cdg
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-48228 MEDIUM POC This Month

An issue was found in funadmin 5.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Funadmin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-48204 CRITICAL Act Now

SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote attacker to execute arbitrary code via a crafted script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-9302 CRITICAL PATCH Act Now

The App Builder - Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.3.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Apple WordPress Google App Builder
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-47406 CRITICAL Act Now

Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass E Studio1058 Firmware E Studio1208 Firmware E Studio908 Firmware Bp 90C70 Firmware +316
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-9488 CRITICAL PATCH Act Now

The Comments - wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Wpdiscuz
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-10386 CRITICAL Act Now

CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Thinmanager
NVD
CVSS 4.0
9.3
EPSS
16.6%
CVE-2024-10381 CRITICAL Act Now

This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cosec Vega Faxq Firmware
NVD
CVSS 4.0
9.3
EPSS
0.8%
CVE-2024-10379 MEDIUM POC This Month

A vulnerability classified as problematic was found in ESAFENET CDG 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft Cdg
NVD VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-10378 MEDIUM POC This Month

A vulnerability classified as critical has been found in ESAFENET CDG 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10377 MEDIUM POC This Month

A vulnerability was found in ESAFENET CDG 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-10376 MEDIUM POC This Month

A vulnerability was found in ESAFENET CDG 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-10371 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Payroll Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Payroll Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-10353 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Online Exam System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10355 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Petrol Pump Management
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
1.0%
CVE-2024-48232 MEDIUM POC This Month

An issue was found in mipjz 5.0.5. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Mipjz
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-48227 MEDIUM POC This Month

Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Funadmin
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-48224 MEDIUM POC This Month

Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Funadmin
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-49757 MEDIUM POC PATCH This Month

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Zitadel
NVD GitHub
CVSS 3.1
4.9
EPSS
2.6%
CVE-2024-48239 MEDIUM POC This Month

An issue was discovered in WTCMS 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wtcms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-48233 MEDIUM POC This Month

mipjz 5.0.5 is vulnerable to Cross Site Scripting (XSS) in \app\setting\controller\ApiAdminSetting.php via the ICP parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Mipjz
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-37847 HIGH This Week

An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal File Upload Mango Mangoapi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-47014 HIGH This Week

Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-330537292. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-9598 HIGH PATCH This Week

The AMP for WP - Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.99.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Accelerated Mobile Pages
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-9235 HIGH PATCH This Week

The Mapster WP Maps plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to an insufficient capability check on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Privilege Escalation Mapster Wp Maps
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-48238 MEDIUM POC This Month

WTCMS 1.0 is vulnerable to SQL Injection in the edit_post method of /Admin\Controller\NavControl.class.php via the parentid parameter. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wtcms
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-10387 HIGH This Week

CVE-2024-10387 IMPACT A Denial-of-Service vulnerability exists in the affected product. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Thinmanager
NVD
CVSS 4.0
8.7
EPSS
8.0%
CVE-2024-10351 HIGH This Week

A vulnerability was found in Tenda RX9 Pro 22.03.02.20. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow Rx9 Pro Firmware
NVD VulDB
CVSS 4.0
8.7
EPSS
0.8%
CVE-2024-10011 HIGH This Week

The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Path Traversal Buddypress
NVD GitHub
CVSS 3.1
8.1
EPSS
1.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy