Skip to main content
CVE-2024-10571 CRITICAL POC THREAT Emergency

The Chartify - WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 87.0%.

PHP Information Disclosure RCE WordPress LFI +1
NVD
CVSS 3.1
9.8
EPSS
87.0%
Threat
6.1
CVE-2024-52375 CRITICAL Emergency

Unrestricted file upload in the Datasets Manager by Arttia Creative WordPress plugin (versions up to and including 1.5) allows remote unauthenticated attackers to upload arbitrary files of dangerous types, leading to full server compromise via webshell execution. With a maximum CVSS score of 10.0, scope-changed impact, and an EPSS score of 54.56% in the 98th percentile, this represents a critical, high-probability exploitation target. No public exploit identified at time of analysis, but the attack surface and ease of weaponization make this an urgent priority.

File Upload
NVD
CVSS 3.1
10.0
EPSS
54.6%
CVE-2024-52380 CRITICAL Emergency

Unrestricted file upload in softpulseinfotech Picsmize plugin (versions up to and including 1.0.0) allows remote unauthenticated attackers to upload web shells and achieve full server compromise. CVSS 10.0 with a scope-changed vector reflects the severity, and the EPSS score of 54.26% (98th percentile) indicates elevated likelihood of exploitation attempts, though no public exploit identified at time of analysis.

File Upload
NVD
CVSS 3.1
10.0
EPSS
54.3%
CVE-2024-50823 CRITICAL POC Act Now

A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-4343 CRITICAL POC PATCH Act Now

A Python command injection vulnerability exists in the `SagemakerLLM` class's `complete()` method within `./private_gpt/components/llm/custom/sagemaker.py` of the imartinez/privategpt application,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Command Injection Privategpt
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2024-50833 CRITICAL POC Act Now

A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-49362 CRITICAL POC PATCH Act Now

Joplin is a free, open source note taking and to-do application. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Node.js Joplin
NVD GitHub
CVSS 3.1
9.6
EPSS
1.0%
CVE-2024-49778 HIGH POC This Week

A heap-based buffer overflow in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Tsmuxer
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-49777 HIGH POC This Week

A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS), Information Disclosure and Code Execution via a crafted MKV video file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure RCE Denial Of Service Tsmuxer
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-41209 HIGH POC This Week

A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Tsmuxer
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-9186 HIGH POC This Week

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Funnelkit Automations
NVD WPScan
CVSS 3.1
8.6
EPSS
2.2%
CVE-2024-52382 CRITICAL Act Now

Privilege escalation in medmatech Matix Popup Builder WordPress plugin (versions up to and including 1.0.0) allows remote unauthenticated attackers to gain elevated privileges by abusing missing authorization checks. With a CVSS score of 9.8 and an EPSS score of 13.56% (94th percentile), this represents elevated exploitation risk relative to typical CVEs, though no public exploit identified at time of analysis.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
13.6%
CVE-2024-3379 HIGH POC PATCH This Week

In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Lunary
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-3447 MEDIUM POC PATCH CISA This Month

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Heap Overflow Qemu Hci Compute Node
NVD
CVSS 3.1
6.0
EPSS
0.0%
Threat
4.7
CVE-2024-50968 HIGH POC This Week

A business logic vulnerability exists in the Add to Cart function of itsourcecode Agri-Trading Online Shopping System 1.0, which allows remote attackers to manipulate the quant parameter when adding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Agri Trading Online Shopping System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-5125 HIGH POC PATCH This Week

parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting (XSS) and Open Redirect due to inadequate input validation and processing of SVG files during the upload process. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

XSS Open Redirect Lollms Webui
NVD GitHub
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-50831 HIGH POC This Week

A SQL Injection was found in /admin/admin_user.php in kashipara E-learning Management System Project 1.0 via the username and password parameters. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-50830 HIGH POC This Week

A SQL Injection vulnerability was found in /admin/calendar_of_events.php in kashipara E-learning Management System Project 1.0 via the date_start, date_end, and title parameters. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-50829 HIGH POC This Week

A SQL Injection vulnerability was found in /admin/edit_subject.php in kashipara E-learning Management System Project 1.0 via the unit parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-50828 HIGH POC This Week

A SQL Injection vulnerability was found in /admin/edit_department.php in kashipara E-learning Management System Project 1.0 via the d parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-50827 HIGH POC This Week

A SQL Injection vulnerability was found in /admin/add_subject.php in kashipara E-learning Management System Project 1.0 via the subject_code parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-50826 HIGH POC This Week

A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-50825 HIGH POC This Week

A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-50824 HIGH POC This Week

A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-50835 HIGH POC This Week

A SQL Injection vulnerability was found in /admin/edit_student.php in KASHIPARA E-learning Management System Project 1.0 via the cys, un, ln, fn, and id parameters. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-50834 HIGH POC This Week

A SQL Injection was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0 via the firstname and lastname parameters. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-50832 HIGH POC This Week

A SQL Injection vulnerability was found in /admin/edit_class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-5082 HIGH POC This Week

A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2.15.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 4.0
7.1
EPSS
2.0%
CVE-2024-49776 MEDIUM POC This Month

A negative-size-param in tsMuxer version nightly-2024-04-05-01-53-02 allows attackers to cause Denial of Service (DoS) via a crafted TS video file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tsmuxer
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-41217 MEDIUM POC This Month

A heap-based buffer overflow in tsMuxer version nightly-2024-05-10-02-00-45 allows attackers to cause Denial of Service (DoS) via a crafted MKV video file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Tsmuxer
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-41206 MEDIUM POC This Month

A stack-based buffer over-read in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Information Disclosure via a crafted TS video file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Tsmuxer
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-11208 MEDIUM POC This Month

A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Central Authentication Service
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.7%
CVE-2024-52379 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in faizalbahasan kineticPay for WooCommerce kineticpay-for-woocommerce allows Upload a Web Shell to a Web Server.0.8. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload WordPress
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2024-52377 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in bdthemes Instant Image Generator ai-image allows Upload a Web Shell to a Web Server.5.2. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2024-52376 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for WordPress boat-rental-system allows Upload a Web Shell to a Web Server.0.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload WordPress
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2024-52374 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in DoThatTask Do That Task do-that-task allows Upload a Web Shell to a Web Server.5.5. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2024-52373 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Team Devexhub Devexhub Gallery devexhub-gallery allows Upload a Web Shell to a Web Server.0.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2024-52372 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in WebTechGlobal Easy CSV Importer BETA easy-csv-importer allows Upload a Web Shell to a Web Server.0.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2024-52370 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support hive-support allows Upload a Web Shell to a Web Server.1.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2024-52369 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Optimal Access KBucket kbucket allows Upload a Web Shell to a Web Server.2.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2024-52384 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in wpmonks Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation ai-content-generator allows Upload a Web Shell to a. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2024-48967 CRITICAL Act Now

The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2024-48966 CRITICAL Act Now

The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2024-31695 CRITICAL Act Now

A misconfiguration in the fingerprint authentication mechanism of Binance: BTC, Crypto and NFTS v2.85.4, allows attackers to bypass authentication when adding a new fingerprint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-52308 CRITICAL PATCH Act Now

The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Cli
NVD GitHub
CVSS 3.1
9.6
EPSS
0.9%
CVE-2024-52613 MEDIUM POC This Month

A heap-based buffer under-read in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) via a crafted MOV video file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Tsmuxer
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-4311 MEDIUM POC PATCH This Month

zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Zenml
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-50838 MEDIUM POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/department.php in KASHIPARA E-learning Management System Project 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow PHP XSS E Learning Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-50837 MEDIUM POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/admin_user.php in KASHIPARA E-learning Management System Project 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS E Learning Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-50842 MEDIUM POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/school_year.php in KASHIPARA E-learning Management System Project 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS E Learning Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy