Skip to main content
CVE-2024-49778 HIGH POC This Week

A heap-based buffer overflow in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Tsmuxer
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-49777 HIGH POC This Week

A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS), Information Disclosure and Code Execution via a crafted MKV video file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure RCE Denial Of Service Tsmuxer
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-41209 HIGH POC This Week

A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Tsmuxer
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-9186 HIGH POC This Week

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Funnelkit Automations
NVD WPScan
CVSS 3.1
8.6
EPSS
2.2%
CVE-2024-3379 HIGH POC PATCH This Week

In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Lunary
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-50968 HIGH POC This Week

A business logic vulnerability exists in the Add to Cart function of itsourcecode Agri-Trading Online Shopping System 1.0, which allows remote attackers to manipulate the quant parameter when adding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Agri Trading Online Shopping System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-5125 HIGH POC PATCH This Week

parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting (XSS) and Open Redirect due to inadequate input validation and processing of SVG files during the upload process. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

XSS Open Redirect Lollms Webui
NVD GitHub
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-50831 HIGH POC This Week

A SQL Injection was found in /admin/admin_user.php in kashipara E-learning Management System Project 1.0 via the username and password parameters. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-50830 HIGH POC This Week

A SQL Injection vulnerability was found in /admin/calendar_of_events.php in kashipara E-learning Management System Project 1.0 via the date_start, date_end, and title parameters. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-50829 HIGH POC This Week

A SQL Injection vulnerability was found in /admin/edit_subject.php in kashipara E-learning Management System Project 1.0 via the unit parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-50828 HIGH POC This Week

A SQL Injection vulnerability was found in /admin/edit_department.php in kashipara E-learning Management System Project 1.0 via the d parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-50827 HIGH POC This Week

A SQL Injection vulnerability was found in /admin/add_subject.php in kashipara E-learning Management System Project 1.0 via the subject_code parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-50826 HIGH POC This Week

A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-50825 HIGH POC This Week

A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-50824 HIGH POC This Week

A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-50835 HIGH POC This Week

A SQL Injection vulnerability was found in /admin/edit_student.php in KASHIPARA E-learning Management System Project 1.0 via the cys, un, ln, fn, and id parameters. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-50834 HIGH POC This Week

A SQL Injection was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0 via the firstname and lastname parameters. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-50832 HIGH POC This Week

A SQL Injection vulnerability was found in /admin/edit_class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Learning Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-5082 HIGH POC This Week

A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2.15.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 4.0
7.1
EPSS
2.0%
CVE-2024-10962 HIGH PATCH This Week

The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.9.107 via deserialization of untrusted input in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization WordPress Information Disclosure PHP Migration Backup Staging
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-9693 HIGH This Week

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab Kubernetes
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-52302 HIGH POC This Week

common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Java File Upload
NVD GitHub Exploit-DB
CVSS 4.0
8.7
EPSS
3.2%
CVE-2024-9472 HIGH This Week

A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Paloalto Denial Of Service
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-2551 HIGH This Week

A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Paloalto Denial Of Service Pan Os
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-2550 HIGH This Week

A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Paloalto Denial Of Service Pan Os
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-52371 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DonnellC Global Gateway e4 | Payeezy Gateway | globe-gateway-e4.0. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
8.6
EPSS
0.4%
CVE-2024-52381 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Shoaib Rehmat ZIJ KART zij-kart allows PHP Local File Inclusion.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD
CVSS 3.1
8.1
EPSS
2.9%
CVE-2024-10394 HIGH This Week

A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Openafs
NVD
CVSS 4.0
8.4
EPSS
0.2%
CVE-2024-11136 HIGH This Week

The default TCL Camera application exposes a provider vulnerable to path traversal vulnerability. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
8.2
EPSS
0.2%
CVE-2024-3502 HIGH PATCH This Week

In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists where account recovery hashes of users are inadvertently exposed to unauthorized actors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Lunary
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-3501 HIGH PATCH This Week

In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of `GET /v1/users/me` and `GET. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Lunary
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-10921 HIGH This Week

An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service MongoDB
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-45670 HIGH This Week

IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Soar
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2024-7730 HIGH This Week

A heap buffer overflow was found in the virtio-snd device in QEMU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Qemu
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-10397 HIGH This Week

A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Memory Corruption Openafs
NVD
CVSS 4.0
7.7
EPSS
0.4%
CVE-2024-52378 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in labs64 DigiPass digipass allows Absolute Path Traversal.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-52383 HIGH This Week

Missing Authorization vulnerability in aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One ai-auto-tool allows Exploiting Incorrectly Configured Access Control Security. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-3760 HIGH PATCH This Week

In lunary-ai/lunary version 1.2.7, there is a lack of rate limiting on the forgot password page, leading to an email bombing vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Lunary
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-9633 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-47916 HIGH This Week

Boa web server - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-47915 HIGH This Week

VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-45254 HIGH This Week

VaeMendis - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-45253 HIGH This Week

Avigilon - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-11206 HIGH This Week

Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-37285 HIGH PATCH This Week

A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Elastic Kibana
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-51659 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in GeekRMX Twitter @Anywhere Plus twitter-anywhere-plus allows Stored XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-51658 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Henrik Hoff WP Course Manager wp-course-manager allows Stored XSS.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-51687 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Platform.ly Platform.ly Official platformly allows Stored XSS.ly Official: from n/a through <= 1.1.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-51684 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu W3P SEO wp-perfect-plugin allows Stored XSS.8.6. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-51688 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in fraudlabspro FraudLabs Pro SMS Verification fraudlabs-pro-sms-verification allows Stored XSS.10.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy