Skip to main content
CVE-2024-11056 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Tenda AC10 16.03.10.13. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac10 Firmware
NVD VulDB
CVSS 4.0
8.7
EPSS
1.0%
CVE-2024-11048 HIGH POC This Week

A vulnerability was found in D-Link DI-8003 16.07.16A1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Di 8003 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2024-11047 HIGH POC This Week

A vulnerability was found in D-Link DI-8003 16.07.16A1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Di 8003 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2024-11057 MEDIUM POC This Month

A vulnerability has been found in Codezips Hospital Appointment System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hospital Appointment System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-11055 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in 1000 Projects Beauty Parlour Management System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Beauty Parlour Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-46613 CRITICAL Act Now

WeeChat before 4.4.2 has an integer overflow and resultant buffer overflow at core/core-string.c when there are more than two billion items in a list. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Weechat
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-11054 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Simple Music Cloud Community System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload Simple Music Cloud Community System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-11051 MEDIUM POC This Month

A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Hibos
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-11050 MEDIUM POC This Month

A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204 and classified as problematic.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hibos
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-11046 MEDIUM POC This Month

A vulnerability was found in D-Link DI-8003 16.07.16A1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8003 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
4.2%
CVE-2024-11058 MEDIUM POC This Month

A vulnerability was found in CodeAstro Real Estate Management System up to 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Real Estate Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-10958 HIGH PATCH This Week

The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection WordPress RCE Wp Photo Album Plus
NVD
CVSS 3.1
7.3
EPSS
1.6%
CVE-2024-51576 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpza AMP Img Shortcode amp-img-shortcode allows Stored XSS.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-51578 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lpagg 3D Presentation 3d-presentation allows Stored XSS.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-51577 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in neville.lugton bpmn.io bpmnio allows Stored XSS.io: from n/a through <= 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-51584 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anas2004 Marquee Elementor with Posts marquee-elementor allows DOM-Based XSS.2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-51581 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicheaddons Restaurant & Cafe Addon for Elementor restaurant-cafe-addon-for-elementor allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-51580 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zootemplate Clever Addons for Elementor cafe-lite allows Stored XSS.2.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elementor
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-51583 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginsPoint Kento Ads Rotator kento-ads-rotator allows Stored XSS.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-11049 MEDIUM This Month

A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Zkbio Time
NVD VulDB
CVSS 4.0
6.3
EPSS
0.4%
CVE-2024-10265 MEDIUM PATCH This Month

The Form Maker by 10Web - Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Form Maker
NVD
CVSS 3.1
6.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy