Skip to main content
CVE-2024-35426 CRITICAL POC Act Now

vmir e8117 was discovered to contain a stack overflow via the init_local_vars function at /src/vmir_wasm_parser.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Vmir
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-51211 CRITICAL POC Act Now

SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2024-7982 CRITICAL POC Act Now

The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and escape some parameters when accepting event registrations, which could allow unauthenticated users to. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Registrations For The Events Calendar
NVD WPScan
CVSS 3.1
9.6
EPSS
0.7%
CVE-2024-50966 CRITICAL POC Act Now

dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addAdmin. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Dingfanzu Cms
NVD GitHub
CVSS 3.1
9.3
EPSS
0.3%
CVE-2024-50808 HIGH POC This Week

SeaCms 13.1 is vulnerable to code injection in the notification module of the member message notification module in the backend user module, due to unsafe handling of the "notify" variable in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Seacms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-50634 HIGH POC This Week

A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform privilege escalation using a crafted JWT token. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Watcharr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-52009 HIGH POC PATCH This Week

Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp Information Disclosure Atlantis
NVD GitHub
CVSS 4.0
8.5
EPSS
0.7%
CVE-2024-27530 HIGH POC This Week

wasm3 139076a contains a Use-After-Free in ForEachModule. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Wasm3
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-27529 HIGH POC This Week

wasm3 139076a contains memory leaks in Read_utf8. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Wasm3
NVD GitHub
CVSS 3.1
8.4
EPSS
0.3%
CVE-2024-27528 HIGH POC This Week

wasm3 139076a suffers from Invalid Memory Read, leading to DoS and potential Code Execution. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure RCE Wasm3
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-35423 HIGH POC This Week

vmir e8117 was discovered to contain a heap buffer overflow via the wasm_parse_section_functions function at /src/vmir_wasm_parser.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Vmir
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-35422 HIGH POC This Week

vmir e8117 was discovered to contain a heap buffer overflow via the wasm_call function at /src/vmir_wasm_parser.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Vmir
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-25431 HIGH POC PATCH This Week

An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Webassembly Micro Runtime
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-27532 HIGH POC This Week

wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) 06df58f is vulnerable to NULL Pointer Dereference in function `block_type_get_result_types. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Webassembly Micro Runtime
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-27527 HIGH POC This Week

wasm3 139076a is vulnerable to Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wasm3
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-10998 HIGH POC This Week

A vulnerability was found in 1000 Projects Bookstore Management System 1.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bookstore Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-10996 HIGH POC This Week

A vulnerability was found in 1000 Projects Bookstore Management System 1.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bookstore Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-51152 HIGH POC This Week

File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Laravel Cms
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-10995 MEDIUM POC This Month

A vulnerability was found in Codezips Hospital Appointment System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hospital Appointment System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-10991 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hospital Appointment System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-10988 MEDIUM POC This Month

A vulnerability was found in code-projects E-Health Care System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Health Care System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-51055 MEDIUM POC This Month

An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Hoosk
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-10997 MEDIUM POC This Month

A vulnerability was found in 1000 Projects Bookstore Management System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bookstore Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-11026 MEDIUM POC This Month

A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on Android. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Java Google Freenow
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.6%
CVE-2024-35420 MEDIUM POC This Month

wac commit 385e1 was discovered to contain a heap overflow. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wac
NVD GitHub
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-35418 MEDIUM POC This Month

wac commit 385e1 was discovered to contain a heap overflow via the setup_call function at /wac-asan/wa.c. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Wac
NVD GitHub
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-35410 MEDIUM POC This Month

wac commit 385e1 was discovered to contain a heap overflow via the interpret function at /wac-asan/wa.c. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Wac
NVD GitHub
CVSS 3.1
6.2
EPSS
0.3%
CVE-2024-48073 CRITICAL Act Now

sunniwell HT3300 before 1.0.0.B022.2 is vulnerable to Insecure Permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-45764 CRITICAL Act Now

Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authentication vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Enterprise Sonic Distribution
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-50588 CRITICAL Act Now

An unauthenticated attacker with access to the local network of the medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-35425 MEDIUM POC This Month

vmir e8117 was discovered to contain a segmentation violation via the function_prepare_parse function at /src/vmir_function.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vmir
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-35424 MEDIUM POC This Month

vmir e8117 was discovered to contain a segmentation violation via the import_function function at /src/vmir_wasm_parser.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vmir
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-35421 MEDIUM POC This Month

vmir e8117 was discovered to contain a segmentation violation via the wasm_parse_block function at /src/vmir_wasm_parser.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vmir
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-35419 MEDIUM POC This Month

wac commit 385e1 was discovered to contain a heap overflow via the load_module function at /wac-asan/wa.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Wac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-10994 MEDIUM POC This Month

A vulnerability has been found in Codezips Online Institute Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload Online Institute Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-10993 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Codezips Online Institute Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload Online Institute Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-10990 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Online Veterinary Appointment System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Veterinary Appointment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-10989 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects E-Health Care System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Health Care System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-10987 MEDIUM POC This Month

A vulnerability was found in code-projects E-Health Care System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Health Care System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-50811 CRITICAL Act Now

hopetree izone lts c011b48 contains a server-side request forgery (SSRF) vulnerability in the active push function as \\apps\\tool\\apis\\bd_push.py does not securely filter user input through. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-11000 MEDIUM POC This Month

A vulnerability classified as problematic was found in CodeAstro Real Estate Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload Real Estate Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-10999 MEDIUM POC This Month

A vulnerability classified as problematic has been found in CodeAstro Real Estate Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload Real Estate Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-52002 HIGH This Week

Combodo iTop is a simple, web based IT Service Management tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Itop
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-50809 HIGH This Week

The theme.php file in SDCMS 2.8 has a command execution vulnerability that allows for the execution of system commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-24409 HIGH POC This Week

Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zoho Manageengine Admanager Plus
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
3.9%
CVE-2024-52004 HIGH This Week

MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Python
NVD GitHub
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-51157 MEDIUM POC This Month

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component http://erp.07fly.net:80/oa/OaSchedule/add.html. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF 07flycms
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-52007 HIGH PATCH This Week

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE
NVD GitHub
CVSS 3.1
8.6
EPSS
0.9%
CVE-2024-51998 HIGH PATCH This Week

changedetection.io is a free open source web page change detection tool. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
8.6
EPSS
0.7%
CVE-2024-51997 HIGH This Week

Trustee is a set of tools and components for attesting confidential guests and providing secrets to them. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.1
EPSS
0.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy