Skip to main content
CVE-2024-51115 CRITICAL POC Act Now

DCME-320 v7.4.12.90 was discovered to contain a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Dcme 320 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-51132 CRITICAL POC PATCH Act Now

An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XXE
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-51116 HIGH POC This Week

Tenda AC6 v2.0 V15.03.06.50 was discovered to contain a buffer overflow in the function 'formSetPPTPServer'. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac6 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-51382 HIGH POC This Week

Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 allows an attacker to reset the administrator's password. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass CSRF Jatos
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-51381 HIGH POC This Week

Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 that allows attackers to perform actions reserved for administrators, including creating admin accounts. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jatos
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-51380 HIGH POC This Week

Stored Cross-Site Scripting (XSS) vulnerability discovered in the Properties Component of JATOS v3.9.3. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation XSS Jatos
NVD
CVSS 3.1
8.4
EPSS
0.5%
CVE-2024-51379 HIGH POC This Week

Stored Cross-Site Scripting (XSS) vulnerability discovered in JATOS v3.9.3. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jatos
NVD
CVSS 3.1
8.4
EPSS
0.6%
CVE-2024-10845 HIGH POC This Week

A vulnerability has been found in 1000 Projects Bookstore Management System 1.0 and classified as critical. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bookstore Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-10844 HIGH POC This Week

A vulnerability, which was classified as critical, was found in 1000 Projects Bookstore Management System 1.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bookstore Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-51358 CRITICAL Act Now

An issue in Linux Server Heimdall v.2.6.1 allows a remote attacker to execute arbitrary code via a crafted script to the Add new application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-48746 CRITICAL Act Now

An issue in Lens Visual integration with Power BI v.4.0.0.3 allows a remote attacker to execute arbitrary code via the Natural language processing component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-48176 CRITICAL Act Now

Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Lylme Spage
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-42509 CRITICAL Act Now

Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Aruba
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2024-10687 CRITICAL PATCH Act Now

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery - Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi WordPress Contest Gallery
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-32870 MEDIUM POC This Month

Combodo iTop is a simple, web based IT Service Management tool. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Itop
NVD GitHub
CVSS 3.1
5.8
EPSS
0.7%
CVE-2024-51739 MEDIUM POC This Month

Combodo iTop is a simple, web based IT Service Management tool. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Itop
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2024-10841 MEDIUM POC This Month

A vulnerability classified as critical was found in romadebrian WEB-Sekolah 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Web Sekolah
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-10810 MEDIUM POC This Month

A vulnerability was found in code-projects E-Health Care System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Health Care System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10809 MEDIUM POC This Month

A vulnerability was found in code-projects E-Health Care System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Health Care System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10808 MEDIUM POC This Month

A vulnerability has been found in code-projects E-Health Care System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Health Care System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10842 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in romadebrian WEB-Sekolah 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Web Sekolah
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-10840 MEDIUM POC This Month

A vulnerability classified as problematic has been found in romadebrian WEB-Sekolah 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Web Sekolah
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-10807 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Hospital Management System 4.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hospital Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-10806 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Hospital Management System 4.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hospital Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2024-47460 CRITICAL Act Now

Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Command Injection Aruba
NVD
CVSS 3.1
9.0
EPSS
1.4%
CVE-2024-7059 HIGH This Week

A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the Web SDK role was found in the Genetec Security Center product line. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable. No vendor patch available.

RCE
NVD
CVSS 4.0
8.9
EPSS
0.5%
CVE-2024-51740 HIGH This Week

Combodo iTop is a simple, web based IT Service Management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Itop
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-50333 HIGH This Week

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-50332 HIGH This Week

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-49772 HIGH This Week

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-51023 HIGH This Week

D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address parameter in the SetNetworkTomographySettings function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-9878 MEDIUM POC PATCH This Month

The Photo Gallery by 10Web - Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.30 due to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Photo Gallery
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-10711 HIGH PATCH This Week

The WooCommerce Report plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Privilege Escalation WordPress CSRF Woocommerce Report
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-9883 MEDIUM POC This Month

The Pods WordPress plugin before 3.2.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pods
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-9459 HIGH This Week

Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Zoho Microsoft Manageengine Exchange Reporter Plus
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2024-7877 MEDIUM POC This Month

The Appointment Booking Calendar - Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simply Schedule Appointments
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-7876 MEDIUM POC This Month

The Appointment Booking Calendar - Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Appointment Type settings, which could allow. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simply Schedule Appointments
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-5578 MEDIUM POC This Month

The Table of Contents Plus WordPress plugin through 2408 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Table Of Contents Plus
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-31998 HIGH This Week

Combodo iTop is a simple, web based IT Service Management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Itop
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-51735 HIGH This Week

Osmedeus is a Workflow Engine for Offensive Security. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-9689 MEDIUM POC This Month

The Post From Frontend WordPress plugin through 1.0.0 does not have CSRF check when deleting posts, which could allow attackers to make logged in admin perform such action via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Post From Frontend
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-10114 HIGH This Week

The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass WordPress Woocommerce Social Login
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-10097 HIGH PATCH This Week

The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass WordPress Loginizer
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-51240 HIGH This Week

An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for privilege escalation from an admin account to root via the JSON-RPC-API, which is exposed by the luci-mod-rpc package. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
8.0
EPSS
0.3%
CVE-2024-52022 HIGH This Week

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware Xr300 Firmware R7000P Firmware +1
NVD GitHub
CVSS 3.1
8.0
EPSS
1.0%
CVE-2024-52021 HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at bsw_fix.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.0%
CVE-2024-52020 HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at wiz_fix2.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.0%
CVE-2024-52019 HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.6%
CVE-2024-52018 HIGH This Week

Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at genie_dyn.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Xr300 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.6%
CVE-2024-51024 HIGH This Week

D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the HostName parameter in the SetWanSettings function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.4%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy