Skip to main content
CVE-2024-51793 CRITICAL POC THREAT Emergency

Unrestricted file upload in Ateeq Rafeeq's RepairBuddy (computer-repair-shop) WordPress plugin versions up to and including 3.8115 allows remote unauthenticated attackers to upload arbitrary files including web shells, leading to full server compromise. Publicly available exploit code exists, and the EPSS score of 45.04% (98th percentile) indicates a high likelihood of exploitation activity. The maximum CVSS score of 10.0 reflects scope change and complete confidentiality, integrity, and availability impact.

File Upload
NVD GitHub
CVSS 3.1
10.0
EPSS
45.0%
Threat
4.9
CVE-2024-51788 CRITICAL Emergency

Unrestricted file upload in Joshua Wolfe's The Novel Design Store Directory plugin (versions up to and including 4.3.0) allows remote unauthenticated attackers to upload web shells and achieve full server compromise. With a maximum CVSS of 10.0, scope change, and an EPSS of 56.19% (98th percentile), this is among the highest-risk WordPress plugin issues; no public exploit is identified at time of analysis but exploitation probability is extremely elevated. Reported by Patchstack, the flaw enables direct arbitrary code execution against any site running the affected plugin.

File Upload
NVD
CVSS 3.1
10.0
EPSS
56.2%
CVE-2024-51791 CRITICAL POC Act Now

Unrestricted file upload in the Made I.T. Forms WordPress plugin (forms-by-made-it) through version 2.8.0 enables remote unauthenticated attackers to upload arbitrary files, including PHP web shells, leading to full server compromise. With a maximum CVSS score of 10.0 and changed scope, the issue affects all installations up to and including 2.8.0; publicly available exploit code exists, though EPSS sits at 0.75% (73rd percentile) indicating moderate observed activity rather than mass exploitation.

File Upload
NVD GitHub
CVSS 3.1
10.0
EPSS
0.8%
CVE-2024-52533 CRITICAL POC Act Now

gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Glib Debian Linux Active Iq Unified Manager Ontap Tools
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-50667 CRITICAL POC Act Now

The boa httpd of Trendnet TEW-820AP 1.01.B01 has a stack overflow vulnerability in /boafrm/formIPv6Addr, /boafrm/formIpv6Setup, /boafrm/formDnsv6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tew 820Ap Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
6.5%
CVE-2024-50989 CRITICAL POC Act Now

A SQL injection vulnerability in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System v1.0 allows an attacker to execute arbitrary SQL commands via the "searchdata " parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Marriage Registration System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-51490 CRITICAL POC Act Now

Ampache is a web based audio/video streaming application and file manager. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ampache
NVD GitHub
CVSS 3.1
9.0
EPSS
0.5%
CVE-2024-11061 HIGH POC This Week

A vulnerability classified as critical was found in Tenda AC10 16.03.10.13. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac10 Firmware
NVD VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2024-51486 HIGH POC This Week

Ampache is a web based audio/video streaming application and file manager. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ampache
NVD GitHub
CVSS 3.1
8.4
EPSS
0.5%
CVE-2024-51186 HIGH POC This Week

D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection RCE Dir 820L Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-52530 HIGH POC This Week

GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Request Smuggling Libsoup
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-51748 HIGH POC This Week

Kanboard is project management software that focuses on the Kanban methodology. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal PHP Kanboard
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-51747 HIGH POC This Week

Kanboard is project management software that focuses on the Kanban methodology. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Kanboard
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-11077 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Job Recruitment 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Job Recruitment
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-52531 MEDIUM POC This Month

GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libsoup
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-50990 MEDIUM POC This Month

A Reflected Cross Site Scriptng (XSS) vulnerability was found in /omrs/user/search.php in PHPGurukul Online Marriage Registration System v1.0, which allows remote attackers to execute arbitrary code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Online Marriage Registration System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-51792 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Dang Ngoc Binh Audio Record audio-record allows Upload a Web Shell to a Web Server.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.4%
CVE-2024-51790 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in HB WEBSOL HB AUDIO GALLERY hb-audio-gallery allows Upload a Web Shell to a Web Server.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.4%
CVE-2024-51789 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in UjW0L Image Classify image-classify allows Upload a Web Shell to a Web Server.0.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.4%
CVE-2024-50636 CRITICAL Act Now

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Python RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-25255 CRITICAL Act Now

Sublime Text 4 was discovered to contain a command injection vulnerability via the New Build System module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-25254 CRITICAL Act Now

SuperScan v4.1 was discovered to contain a buffer overflow via the Hostname/IP parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Superscan
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-44546 CRITICAL Act Now

Powerjob >= 3.20 is vulnerable to SQL injection via the version parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Powerjob
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-36061 CRITICAL Act Now

EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ews356 Fit Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-51135 CRITICAL Act Now

An XML External Entity (XXE) vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS XXE
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-11068 CRITICAL Act Now

The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Information Disclosure Dsl6740C Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-11020 CRITICAL Act Now

Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Webopac
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-11018 CRITICAL Act Now

Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Webopac
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-11016 CRITICAL Act Now

Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Webopac
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-51489 MEDIUM POC This Month

Ampache is a web based audio/video streaming application and file manager. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ampache
NVD GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-51488 MEDIUM POC This Month

Ampache is a web based audio/video streaming application and file manager. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ampache
NVD GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-51487 MEDIUM POC This Month

Ampache is a web based audio/video streaming application and file manager. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ampache
NVD GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-51485 MEDIUM POC This Month

Ampache is a web based audio/video streaming application and file manager. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ampache
NVD GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-51484 MEDIUM POC This Month

Ampache is a web based audio/video streaming application and file manager. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Ampache
NVD GitHub
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-11078 MEDIUM POC This Month

A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Job Recruitment
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-11076 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Job Recruitment 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Job Recruitment
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-11074 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tailoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-11073 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Hospital Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Hospital Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-11070 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Publiccms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-11059 MEDIUM POC This Month

A vulnerability was found in Project Worlds Free Download Online Shopping System up to 192.168.1.88. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Free Download Online Shopping System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-46962 CRITICAL Act Now

The SYQ com.downloader.video.fast (aka Master Video Downloader) application through 2.0 for Android allows an attacker to execute arbitrary JavaScript code via the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Google
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-51190 MEDIUM POC This Month

TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the ptRule_ApplicationName_1.1.6.0.0 parameter on the. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

XSS Tew 651Br Firmware Tew 652Brp Firmware Tew 652Bru Firmware
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-51189 MEDIUM POC This Month

TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

XSS Tew 651Br Firmware Tew 652Brp Firmware Tew 652Bru Firmware
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-51188 MEDIUM POC This Month

TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the vsRule_VirtualServerName_1.1.10.0.0 parameter on the. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

XSS Tew 651Br Firmware Tew 652Brp Firmware Tew 652Bru Firmware
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-51187 MEDIUM POC This Month

TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the firewallRule_Name_1.1.1.0.0 parameter on the. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

XSS Tew 651Br Firmware Tew 652Brp Firmware Tew 652Bru Firmware
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-51054 MEDIUM POC This Month

A Cross Site Scriptng (XSS) vulnerability was found in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System 1.0, which allows remote attackers to execute arbitrary code via the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Online Marriage Registration System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-50991 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability was found in /ums-sp/admin/registered-users.php in PHPGurukul User Management System v1.0, which allows remote attackers to execute arbitrary code via the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS User Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-11017 HIGH This Week

Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Webopac
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-41992 HIGH This Week

Wi-Fi Alliance wfa_dut (in Wi-Fi Test Suite) through 9.0.0 allows OS command injection via 802.11x frames because the system() library function is used. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2024-10345 HIGH This Week

In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
8.7
EPSS
0.5%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy