Skip to main content
CVE-2024-47308 MEDIUM POC THREAT This Month

Missing Authorization vulnerability in WPDeveloper Templately templately.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 40.9%.

Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
40.9%
Threat
4.0
CVE-2024-51252 CRITICAL POC Act Now

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-51431 CRITICAL POC Act Now

LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bl Wr1300H Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-43919 CRITICAL POC THREAT Act Now

Access Control vulnerability in YARPP YARPP allows .30.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Yet Another Related Posts Plugin
NVD GitHub
CVSS 3.1
9.8
EPSS
43.6%
CVE-2024-7456 CRITICAL POC Act Now

A SQL injection vulnerability exists in the `/api/v1/external-users` route of lunary-ai/lunary version v1.4.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lunary
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-28265 CRITICAL POC Act Now

IBOS v4.5.5 has an arbitrary file deletion vulnerability via \system\modules\dashboard\controllers\LoginController.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Ibos
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-51248 HIGH POC This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the modifyrow function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-51247 HIGH POC This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPPo function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-51245 HIGH POC This Week

In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-51244 HIGH POC This Week

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor3900 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-10662 HIGH POC This Week

A vulnerability was found in Tenda AC15 15.03.05.19 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac15 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2024-10661 HIGH POC This Week

A vulnerability has been found in Tenda AC15 15.03.05.19 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow Ac15 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.1%
CVE-2024-49770 HIGH POC This Week

`oak` is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Path Traversal
NVD GitHub
CVSS 4.0
7.7
EPSS
0.7%
CVE-2024-22733 HIGH POC This Week

TP Link MR200 V4 Firmware version 210201 was discovered to contain a null-pointer-dereference in the web administration panel on /cgi/login via the sign, Action or LoginStatus query parameters which. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Mr200 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-48270 HIGH POC This Week

An issue in the component /logins of oasys v1.1 allows attackers to access sensitive information via a burst attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Oasys
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-27524 HIGH POC PATCH This Week

Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the new_ticket.php component. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Chamilo Lms
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%
CVE-2024-51483 MEDIUM POC PATCH This Month

changedetection.io is free, open source web page change detection software. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 4.0
6.9
EPSS
2.3%
CVE-2024-10654 MEDIUM POC This Month

A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lr350 Firmware
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.5%
CVE-2024-10608 MEDIUM POC This Month

A vulnerability was found in code-projects Courier Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Courier Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-10607 MEDIUM POC This Month

A vulnerability was found in code-projects Courier Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Courier Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-10605 MEDIUM POC This Month

A vulnerability was found in code-projects Blood Bank Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Blood Bank Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2024-51407 MEDIUM POC This Month

Floodlight SDN OpenFlow Controller v.1.2 has an issue that allows local hosts to construct false broadcast ports causing inter-host communication anomalies. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Floodlight
NVD GitHub
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-51406 MEDIUM POC This Month

Floodlight SDN Open Flow Controller v.1.2 has an issue that allows local hosts to build fake LLDP packets that allow specific clusters to be missed by Floodlight, which in turn leads to missed hosts. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Open Sdn Controller
NVD GitHub
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-43998 CRITICAL Act Now

Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Blogpoet
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-43980 CRITICAL Act Now

Missing Authorization vulnerability in CozyThemes Fota WP allows Exploiting Incorrectly Configured Access Control Security Levels.4.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fotawp
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-43979 CRITICAL Act Now

Missing Authorization vulnerability in CozyThemes Blockbooster allows Accessing Functionality Not Properly Constrained by ACLs.0.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Blockbooster
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-43974 CRITICAL Act Now

Missing Authorization vulnerability in CozyThemes ReviveNews allows Accessing Functionality Not Properly Constrained by ACLs.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Revivenews
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-43929 CRITICAL Act Now

Missing Authorization vulnerability in eyecix JobSearch allows Accessing Functionality Not Properly Constrained by ACLs.5.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jobsearch Wp Job Board
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-43923 CRITICAL Act Now

Missing Authorization vulnerability in Arraytics Timetics allows Accessing Functionality Not Properly Constrained by ACLs.0.23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp Timetics
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-43341 CRITICAL Act Now

Missing Authorization vulnerability in CozyThemes Hello Agency allows Accessing Functionality Not Properly Constrained by ACLs.0.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hello Agency
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-43323 CRITICAL Act Now

Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.6.28. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Reviewx
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-43274 CRITICAL Act Now

Missing Authorization vulnerability in JS Help Desk JS Help Desk - Best Help Desk & Support Plugin allows Accessing Functionality Not Properly Constrained by ACLs.8.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Js Help Desk
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-39650 CRITICAL Act Now

Missing Authorization vulnerability in WPWeb Elite WooCommerce PDF Vouchers allows Accessing Functionality Not Properly Constrained by ACLs.9.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Woocommerce Pdf Vouchers
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-38748 CRITICAL Act Now

Access Control vulnerability in TheInnovs EleForms allows .9.9.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Eleforms
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-37470 CRITICAL Act Now

Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.4.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Woffice
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-37463 CRITICAL Act Now

Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Crm Perks Forms
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-37277 CRITICAL Act Now

Authorization Bypass Through User-Controlled Key vulnerability in Paid Memberships Pro allows Accessing Functionality Not Properly Constrained by ACLs.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Paid Memberships Pro
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-37119 CRITICAL Act Now

Missing Authorization vulnerability in Uncanny Owl Uncanny Automator Pro allows Exploiting Incorrectly Configured Access Control Security Levels.3.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Uncanny Automator
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-37094 CRITICAL Act Now

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels.2.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Masterstudy Lms
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-51377 MEDIUM POC This Month

An issue in Ladybird Web Solution Faveo Helpdesk & Servicedesk (On-Premise and Cloud) 9.2.0 allows a remote attacker to execute arbitrary code via the Subject and Identifier fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Faveo Helpdesk
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-10660 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in ESAFENET CDG 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD VulDB
CVSS 4.0
5.3
EPSS
5.0%
CVE-2024-10659 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdg
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10658 MEDIUM POC This Month

A vulnerability classified as critical was found in Tongda OA up to 11.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Office Anywhere
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-10657 MEDIUM POC This Month

A vulnerability classified as critical has been found in Tongda OA up to 11.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Office Anywhere
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-10656 MEDIUM POC This Month

A vulnerability was found in Tongda OA 2017 up to 11.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Office Anywhere
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-10655 MEDIUM POC This Month

A vulnerability was found in Tongda OA 2017 up to 11.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Office Anywhere
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10619 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Office Anywhere
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10618 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Tongda OA 2017 up to 11.10.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Office Anywhere
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10617 MEDIUM POC This Month

A vulnerability classified as critical was found in Tongda OA up to 11.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Office Anywhere
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10616 MEDIUM POC This Month

A vulnerability classified as critical has been found in Tongda OA up to 11.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Office Anywhere
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy