Skip to main content
CVE-2024-10924 CRITICAL POC PATCH THREAT Act Now

The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass WordPress Really Simple Security
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
81.7%
CVE-2024-50649 CRITICAL POC Act Now

The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Python Book
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-50648 CRITICAL POC Act Now

yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Yshopmall
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-10443 CRITICAL POC THREAT Act Now

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Synology Photos Beephotos
NVD
CVSS 3.1
9.8
EPSS
28.4%
CVE-2024-11120 CRITICAL POC KEV THREAT Act Now

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gv Vs12 Firmware Gv Vs11 Firmware Gv Dsp Lpr Firmware Gvlx 4 Firmware
NVD
CVSS 3.1
9.8
EPSS
28.6%
CVE-2024-51164 CRITICAL POC Act Now

Multiple parameters have SQL injection vulnerability in JEPaaS 7.2.8 via /je/login/btnLog/insertBtnLog, which could allow a remote user to submit a specially crafted query, allowing an attacker to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jepaas
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-44625 HIGH POC PATCH THREAT This Week

Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gogs
NVD
CVSS 3.1
8.8
EPSS
14.9%
CVE-2024-11248 HIGH POC This Week

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac10 Firmware
NVD VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2024-11237 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Vn020 F3V T Firmware
NVD GitHub VulDB Exploit-DB
CVSS 4.0
8.7
EPSS
5.2%
CVE-2024-51141 HIGH POC This Week

An issue in TOTOLINK Bluetooth Wireless Adapter A600UB allows a local attacker to execute arbitrary code via the WifiAutoInstallDriver.exe and MSASN1.dll components. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE A6000Ub Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-24431 HIGH POC This Week

A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2.7.0 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet with a zero-length EMM message length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Denial Of Service Open5gs
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-50654 HIGH POC This Week

lilishop <=4.2.4 is vulnerable to Incorrect Access Control, which can allow attackers to obtain coupons beyond the quantity limit by capturing and sending the data packets for coupon collection in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lilishop
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2024-50653 HIGH POC This Week

CRMEB <=5.4.0 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Crmeb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-50650 HIGH POC This Week

python_book V1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Python Book
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-50986 HIGH POC This Week

An issue in Clementine v.1.3.1 allows a local attacker to execute arbitrary code via a crafted DLL file. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Clementine
NVD GitHub
CVSS 3.1
7.3
EPSS
1.0%
CVE-2024-11258 MEDIUM POC This Month

A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Beauty Parlour Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-11257 MEDIUM POC This Month

A vulnerability classified as critical has been found in 1000 Projects Beauty Parlour Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Beauty Parlour Management System
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-11256 MEDIUM POC This Month

A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Portfolio Management System Mca
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-11243 MEDIUM POC This Month

A vulnerability classified as problematic has been found in code-projects Online Shop Store 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Shop Store
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-11241 MEDIUM POC This Month

A vulnerability was found in code-projects Job Recruitment 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Job Recruitment
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-11238 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Landray Ekp
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
5.6%
CVE-2024-9529 MEDIUM POC This Month

The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure PHP Advanced Custom Fields
NVD WPScan
CVSS 3.1
6.6
EPSS
0.4%
CVE-2024-50651 MEDIUM POC This Month

java_shop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java Shop
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-1240 MEDIUM POC PATCH This Month

An open redirection vulnerability exists in pyload/pyload version 0.5.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Pyload
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-0787 MEDIUM POC PATCH This Month

phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass PHP Phpipam
NVD GitHub
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-10104 MEDIUM POC This Month

The Jobs for WordPress plugin before 2.7.8 does not sanitise and escape some of its Job settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Jobs For Wordpress
NVD WPScan
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-44758 CRITICAL Act Now

An arbitrary file upload vulnerability in the component /Production/UploadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to execute arbitrary code via uploading crafted files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE File Upload Nus M9 Erp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-45971 CRITICAL PATCH Act Now

Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit 1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0 allow a malicious server to cause a stack-based buffer overflow via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libiec61850
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-45970 CRITICAL PATCH Act Now

Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit ac925fae8e281ac6defcd630e9dd756264e9c5bc allow a malicious server to cause a stack-based buffer overflow via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libiec61850
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-50724 CRITICAL Act Now

KASO v9.0 was discovered to contain a SQL injection vulnerability via the person_id parameter at /cardcase/editcard.jsp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-51142 MEDIUM POC This Month

Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows an attacker to execute arbitrary code via the svkey parameter of the storageapi.php file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Chamilo Lms
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-50655 MEDIUM POC This Month

emlog pro <=2.3.18 is vulnerable to Cross Site Scripting (XSS), which allows attackers to write malicious JavaScript code in published articles. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Emlog
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-52526 MEDIUM POC PATCH This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-51497 MEDIUM POC PATCH This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-51496 MEDIUM POC PATCH This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-51495 MEDIUM POC PATCH This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-51494 MEDIUM POC PATCH This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-50352 MEDIUM POC PATCH THREAT This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
36.7%
CVE-2024-50351 MEDIUM POC PATCH This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-50350 MEDIUM POC PATCH This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-49764 MEDIUM POC PATCH This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-49759 MEDIUM POC PATCH This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-49754 MEDIUM POC PATCH THREAT This Month

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
69.8%
CVE-2024-1097 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in craigk5n/webcalendar version 1.3.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webcalendar
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-51037 MEDIUM POC This Month

An issue in kodbox v.1.52.04 and before allows a remote attacker to obtain sensitive information via the captcha feature in the password reset function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kodbox
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-11259 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in code-projects Farmacia 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Farmacia
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-11251 MEDIUM POC This Month

A vulnerability was found in erzhongxmu Jeewms up to 20241108. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jeewms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-11250 MEDIUM POC This Month

A vulnerability was found in code-projects Inventory Management up to 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Inventory Management
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-52528 CRITICAL Act Now

Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
9.3
EPSS
0.6%
CVE-2024-11247 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Eyewear Shop
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy