Skip to main content
CVE-2024-50526 CRITICAL POC Act Now

Unrestricted file upload in the Multi Purpose Mail Form WordPress plugin (versions through 1.0.2) by Lindeni Mahlalela allows unauthenticated remote attackers to upload arbitrary files including web shells, yielding full server compromise. CVSS is 10.0 with scope change, and publicly available exploit code exists; EPSS sits at 1.14% (78th percentile), indicating moderate but not yet widespread automated exploitation interest.

File Upload
NVD GitHub
CVSS 3.1
10.0
EPSS
1.1%
CVE-2024-48061 CRITICAL POC Act Now

langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Langflow
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-48050 CRITICAL POC PATCH Act Now

In agentscope <=v0.0.4, the file agentscope\web\workstation\workflow_utils.py has the function is_callable_expression. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Agentscope
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-51327 CRITICAL POC Act Now

SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Travel Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-51136 CRITICAL POC Act Now

An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted XML file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XXE Openimaj
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-30616 HIGH POC PATCH This Week

Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-51329 HIGH POC This Week

A Host header injection vulnerability in Agile-Board 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Agile Board
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-51665 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Noor Alam Magical Addons For Elementor magical-addons-for-elementor allows Server Side Request Forgery.2.1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. Epss exploitation probability 35.4% and no vendor patch available.

SSRF Elementor
NVD
CVSS 3.1
4.9
EPSS
35.4%
CVE-2024-51326 HIGH POC This Week

SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execute arbitrary code via the 't2' parameter in deletesubcategory.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP RCE Travel Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-48809 HIGH POC This Week

An issue in Open Networking Foundations sdran-in-a-box v.1.4.3 and onos-a1t v.0.2.3 allows a remote attacker to cause a denial of service via the onos-a1t component of the sdran-in-a-box,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Onos A1T Sdran In A Box
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-51127 HIGH POC This Week

An issue in the createTempFile method of hornetq v2.4.9 allows attackers to arbitrarily overwrite files or access sensitive information. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Hornetq
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%
CVE-2024-45164 HIGH POC This Week

Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Secure Internet Access Enterprise Threatavert
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-10750 HIGH POC This Week

A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as problematic. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Tenda Denial Of Service I22 Firmware
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.8%
CVE-2024-10791 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hospital Appointment System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-10761 MEDIUM POC PATCH This Month

A vulnerability was found in Umbraco CMS up to 10.7.7/12.3.6/13.5.2/14.3.1/15.1.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Umbraco Cms
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-10758 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP News Buzz Content Management System
NVD Exploit-DB GitHub VulDB
CVSS 4.0
6.9
EPSS
1.4%
CVE-2024-10752 MEDIUM POC This Month

A vulnerability was found in Codezips Pet Shop Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pet Shop Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-34885 MEDIUM POC This Month

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bitrix24
NVD GitHub
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-34891 MEDIUM POC This Month

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Bitrix24
NVD GitHub
CVSS 3.1
6.8
EPSS
0.3%
CVE-2024-48052 MEDIUM POC This Month

In gradio <=4.42.0, the gr.DownloadButton function has a hidden server-side request forgery (SSRF) vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Gradio
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-48463 MEDIUM POC PATCH This Month

Bruno before 1.29.1 uses Electron shell.openExternal without validation (of http or https) for opening windows within the Markdown docs viewer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Microsoft Bruno
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-51408 MEDIUM POC This Month

AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Appsmith
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-50525 CRITICAL Act Now

Unrestricted file upload in the Helloprint WordPress plugin (versions through 2.0.4) allows remote unauthenticated attackers to upload web shells and achieve full server compromise. The CVSS 10.0 score reflects network-reachable, no-auth exploitation with scope change and full CIA impact, though no public exploit has been identified at time of analysis and EPSS remains modest at 1.23% (79th percentile).

File Upload
NVD
CVSS 3.1
10.0
EPSS
1.2%
CVE-2024-50531 CRITICAL Act Now

Unrestricted file upload in the RSVPMaker for Toastmasters WordPress plugin (versions through 6.2.4) allows remote unauthenticated attackers to upload web shells and achieve full server compromise. The CVSS 10.0 score reflects scope change with complete confidentiality, integrity, and availability impact, though no public exploit identified at time of analysis and EPSS remains modest at 0.89% (75th percentile).

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.9%
CVE-2024-50527 CRITICAL Act Now

Unrestricted file upload in the Stacks Mobile App Builder WordPress plugin (versions up to and including 5.2.3) permits remote unauthenticated attackers to upload arbitrary files, including web shells, to vulnerable WordPress sites. The CVSS 10.0 score with a scope-changed vector reflects full compromise potential of the underlying web server, though no public exploit has been identified at time of analysis and the EPSS score of 0.89% (75th percentile) suggests no widespread exploitation observed yet.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.9%
CVE-2024-50523 CRITICAL Act Now

Unrestricted file upload in the RainbowLink All Post Contact Form WordPress plugin (versions up to and including 1.8.2) allows remote unauthenticated attackers to upload web shells and achieve full server compromise. The CVSS 10.0 score with scope change (S:C) indicates the impact extends beyond the vulnerable component to the underlying WordPress host. No public exploit identified at time of analysis, and EPSS of 0.89% (75th percentile) suggests moderate but not yet widespread exploitation interest.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.9%
CVE-2024-48059 MEDIUM POC This Month

gaizhenbiao/chuanhuchatgpt project, version <=20240802 is vulnerable to stored Cross-Site Scripting (XSS) in WebSocket session transmission. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Chuanhuchatgpt
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-48057 MEDIUM POC This Month

localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Localai
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-30618 MEDIUM POC PATCH This Month

A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Chamilo Lms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-51328 MEDIUM POC This Month

Cross Site Scripting vulnerability in addcategory.php in projectworld's Travel Management System v1.0 allows remote attacker to inject arbitrary code via the t2 parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Travel Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-50530 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Stars SMTP Mailer stars-smtp-mailer allows Upload a Web Shell to a Web Server.2.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.9%
CVE-2024-50529 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in rudrainn Training - Courses training allows Upload a Web Shell to a Web Server.0.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.9%
CVE-2024-51501 CRITICAL PATCH Act Now

Refit is an automatic type-safe REST library for .NET Core, Xamarin and .NET The various header-related Refit attributes (Header, HeaderCollection and Authorize) are vulnerable to CRLF injection. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
CVSS 4.0
10.0
EPSS
0.5%
CVE-2024-51661 CRITICAL Act Now

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Command Injection.19. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.1
EPSS
2.8%
CVE-2024-10035 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Special Elements used in a Command ('Command Injection'), Improper Neutralization of Special Elements used in an. Rated critical severity (CVSS 9.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Coslat
NVD VulDB
CVSS 4.0
9.2
EPSS
1.1%
CVE-2024-30617 MEDIUM POC PATCH This Month

A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request that posts a fake post onto the user's social wall without. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP CSRF Chamilo Lms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-10805 MEDIUM POC This Month

A vulnerability was found in code-projects University Event Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP University Event Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10768 MEDIUM POC This Month

A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-10766 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Codezips Free Exam Hall Seating Management System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Free Exam Hall Seating Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10765 MEDIUM POC This Month

A vulnerability classified as critical was found in Codezips Online Institute Management System up to 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Institute Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10764 MEDIUM POC This Month

A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Institute Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-51561 CRITICAL Act Now

This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Aero Wave 2 0
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-51558 CRITICAL Act Now

This vulnerability exists in the Wave 2.0 due to missing restrictions for excessive failed authentication attempts on its API based login. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Aero Wave 2 0
NVD
CVSS 4.0
9.3
EPSS
0.5%
CVE-2024-10760 MEDIUM POC This Month

A vulnerability was found in code-projects University Event Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP University Event Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-10759 MEDIUM POC This Month

A vulnerability has been found in itsourcecode Farm Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Farm Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10757 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in PHPGurukul Online Shopping Portal 2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-10756 MEDIUM POC This Month

A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-10755 MEDIUM POC This Month

A vulnerability classified as problematic has been found in PHPGurukul Online Shopping Portal 2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-10754 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-10753 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Shopping Portal
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy