Skip to main content
CVE-2024-51064 CRITICAL POC Act Now

Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection via the tid parameter to admin/queries.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Teachers Record Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-51065 CRITICAL POC Act Now

Phpgurukul Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in admin/index.php via the the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Beauty Parlour Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-51482 CRITICAL POC THREAT Act Now

ZoneMinder is a free, open source closed-circuit television software application. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub
CVSS 3.1
9.9
EPSS
36.9%
CVE-2024-48359 CRITICAL POC Act Now

Qualitor v8.24 was discovered to contain a remote code execution (RCE) vulnerability via the gridValoresPopHidden parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Qualitor
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2024-39332 CRITICAL POC Act Now

Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Webswing
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-42835 CRITICAL POC Act Now

langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Langflow
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-48307 CRITICAL POC THREAT Act Now

JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jeecg Boot
NVD GitHub
CVSS 3.1
9.8
EPSS
44.6%
CVE-2024-51063 CRITICAL POC Act Now

Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection in add-teacher.php via the mobile number or email parameter. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Teachers Record Management System
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-51060 CRITICAL POC Act Now

Projectworlds Online Admission System v1 is vulnerable to SQL Injection in index.php via the 'a_id' parameter. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Admission System
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-51478 CRITICAL POC PATCH Act Now

YesWiki is a wiki system written in PHP. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Yeswiki
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-48311 HIGH POC This Week

Piwigo v14.5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit album function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Piwigo
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-39720 HIGH POC PATCH This Week

An issue was discovered in Ollama before 0.1.46. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Ollama
NVD GitHub
CVSS 3.1
8.2
EPSS
2.5%
CVE-2024-51066 HIGH POC This Week

An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allows unauthorized access to the Personally Identifiable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Beauty Parlour Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-48360 HIGH POC This Week

Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /request/viewValidacao.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Qualitor
NVD GitHub
CVSS 3.1
7.5
EPSS
3.9%
CVE-2024-39722 HIGH POC This Week

An issue was discovered in Ollama before 0.1.46. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ollama
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2024-39721 HIGH POC This Week

An issue was discovered in Ollama before 0.1.34. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ollama
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2024-39719 HIGH POC This Week

An issue was discovered in Ollama through 0.3.14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ollama
NVD
CVSS 3.1
7.5
EPSS
4.2%
CVE-2024-10600 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.6. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Office Anywhere
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
6.3%
CVE-2024-10599 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Tongda OA 2017 up to 11.7.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Denial Of Service Office Anywhere
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-10598 MEDIUM POC This Month

A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Office Anywhere
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-10561 MEDIUM POC This Month

A vulnerability was found in Codezips Pet Shop Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pet Shop Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-10557 MEDIUM POC This Month

A vulnerability has been found in code-projects Blood Bank Management System 1.0 and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Blood Bank Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-10556 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Codezips Pet Shop Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pet Shop Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-50802 MEDIUM POC This Month

A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update() function in public_html/admin/controller/responses/listing_grid/email_templates.php. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Abantecart
NVD GitHub
CVSS 3.1
6.0
EPSS
0.4%
CVE-2024-50801 MEDIUM POC This Month

A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update() function in public_html/admin/controller/responses/listing_grid/collections.php. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Abantecart
NVD GitHub
CVSS 3.1
6.0
EPSS
0.4%
CVE-2024-42515 CRITICAL Act Now

Glossarizer through 1.5.2 improperly tries to convert text into HTML. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
9.9
EPSS
0.5%
CVE-2024-51260 CRITICAL Act Now

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the acme_process function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-51255 CRITICAL Act Now

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ruequest_certificate function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-48910 CRITICAL PATCH Act Now

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution XSS Dompurify
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-51259 CRITICAL Act Now

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the setup_cacertificate function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-10392 CRITICAL Act Now

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_image_upload' function in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress File Upload
NVD
CVSS 3.1
9.8
EPSS
13.1%
CVE-2024-49674 CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability in lukashuser EKC Tournament Manager ekc-tournament-manager allows Upload a Web Shell to a Web Server.2.1. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
9.6
EPSS
0.3%
CVE-2024-50354 MEDIUM POC PATCH This Month

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Deserialization Denial Of Service Gnark
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-10601 MEDIUM POC This Month

A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Office Anywhere
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10597 MEDIUM POC This Month

A vulnerability classified as critical has been found in ESAFENET CDG 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-10596 MEDIUM POC This Month

A vulnerability was found in ESAFENET CDG 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10595 MEDIUM POC This Month

A vulnerability was found in ESAFENET CDG 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-10594 MEDIUM POC This Month

A vulnerability was found in ESAFENET CDG 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-51254 HIGH This Week

DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-43984 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher allows Code Injection.1.13. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Podlove Podcast Publisher
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-21537 HIGH PATCH This Week

Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-10559 MEDIUM POC This Month

A vulnerability was found in SourceCodester Airport Booking Management System 1.0 and classified as critical. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Airport Booking Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.4%
CVE-2024-48200 HIGH This Week

An issue in MobaXterm v24.2 allows a local attacker to escalate privileges and execute arbitrary code via the remove function of the MobaXterm MSI is spawning one Administrative cmd (conhost.exe). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-43383 HIGH PATCH This Week

Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization RCE Apache Authentication Bypass Lucene Net
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2024-7883 LOW POC Monitor

When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Arm Compiler For Embedded Arm Compiler For Embedded Fusa Arm Compiler For Functional Safety Clang
NVD
CVSS 3.1
3.7
EPSS
0.5%
CVE-2024-8185 HIGH PATCH This Week

Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hashicorp Denial Of Service Vault Openbao
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-6479 MEDIUM This Month

The SIP Reviews Shortcode for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'no_of_reviews' attribute in the woocommerce_reviews shortcode in all versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Sip Reviews Shortcode For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-8934 MEDIUM This Month

A local user with administrative access rights can enter specialy crafted values for settings at the user interface (UI) of the TwinCAT Package Manager which then causes arbitrary OS commands to be. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-30149 MEDIUM This Month

HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Appscan Source
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-9165 MEDIUM This Month

The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.4.4. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy