Skip to main content
CVE-2024-44308 HIGH KEV THREAT Act Now

Arbitrary code execution in Apple Safari, iOS/iPadOS, macOS Sequoia, and visionOS occurs when processing maliciously crafted web content, with Apple confirming active exploitation on Intel-based Mac systems. The flaw is confirmed actively exploited (CISA KEV) and carries a CVSS 8.8 score requiring only user interaction (visiting a malicious page) to achieve remote code execution. EPSS at 1.55% (81st percentile) is moderate but the KEV listing signals real-world targeted abuse against Apple's WebKit-based browsing stack.

RCE Apple Intel
NVD VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-44309 MEDIUM KEV THREAT This Month

A cookie management issue was addressed with improved state management. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Apple Intel XSS
NVD VulDB
CVSS 3.1
6.3
EPSS
1.2%
CVE-2024-52765 CRITICAL POC THREAT Act Now

H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Gr 1800Ax Firmware
NVD
CVSS 3.1
9.8
EPSS
11.2%
CVE-2024-52770 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /admin/file_manage_control of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS File Upload Dedebiz
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-52771 CRITICAL POC Act Now

DedeBIZ v6.3.0 was discovered to contain an arbitrary file deletion vulnerability via the component /admin/file_manage_view. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Dedebiz
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2024-52581 HIGH POC PATCH This Week

Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Litestar
NVD GitHub
CVSS 4.0
8.2
EPSS
0.8%
CVE-2024-52739 HIGH POC This Week

D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE) vulnerabilities in the msp_info_htm function via the flag and cmd parameters. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8400 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
9.1%
CVE-2024-48536 HIGH POC This Week

Incorrect access control in eSoft Planner 3.24.08271-USA allow attackers to view all transactions performed by the company via supplying a crafted web request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Esoft Planner
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-48530 HIGH POC This Week

An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Esoft Planner
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-52598 HIGH POC This Week

2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF XSS 2fauth
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-11494 HIGH POC This Week

**UNSUPPORTED WHEN ASSIGNED** The improper authentication vulnerability in the Zyxel P-6101C ADSL modem firmware version P-6101CSA6AP_20140331 could allow an unauthenticated attacker to read some. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zyxel P6101C Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-52769 HIGH POC This Week

An arbitrary file upload vulnerability in the component /admin/friendlink_edit of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Dedebiz
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-52597 MEDIUM POC PATCH This Month

2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS 2fauth
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-9479 CRITICAL Act Now

Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.2. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
10.0
EPSS
0.4%
CVE-2024-9478 CRITICAL Act Now

Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.2. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
10.0
EPSS
0.4%
CVE-2024-52441 CRITICAL Act Now

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Rajesh Thanoch Quick Learn quick-learn allows Object Injection.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Prototype Pollution
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-52443 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in masikonis Geolocator geolocator allows Object Injection.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-52440 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in xpresslane Xpresslane Fast Checkout xpresslane-integration-for-woocommerce allows Object Injection.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-52439 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Mark O'Donnell Team Rosters team-rosters allows Object Injection.8.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-52442 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in userplus UserPlus userplus allows Privilege Escalation.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-52677 CRITICAL Act Now

HkCms <= v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Hkcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-48984 CRITICAL Act Now

An issue was discovered in MBed OS 6.16.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mbed Os
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-10094 CRITICAL Act Now

Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Infinity
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-52702 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the component install\index.php of MyBB v1.8.38 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Mybb
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-52701 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Piwigo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-48535 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Esoft Planner
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-48534 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability on the Camp Details module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Esoft Planner
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-48531 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability on the Rental Availability module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Esoft Planner
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-51209 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerabilities in Anuj Kumar's Client Management System Version 1.2 allow local attackers to inject arbitrary web script or HTML via the search input field parameter to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Client Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-48533 MEDIUM POC This Month

A discrepancy between responses for valid and invalid e-mail accounts in the Forgot your Login? module of eSoft Planner 3.24.08271-USA allows attackers to enumerate valid user e-mail accounts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Esoft Planner
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-11493 MEDIUM POC This Month

A vulnerability classified as problematic was found in 115cms up to 20240807. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS 115Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-11492 MEDIUM POC This Month

A vulnerability classified as problematic has been found in 115cms up to 20240807. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS 115Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-11491 MEDIUM POC This Month

A vulnerability was found in 115cms up to 20240807. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS 115Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-11490 MEDIUM POC This Month

A vulnerability was found in 115cms up to 20240807. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS 115Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-11489 MEDIUM POC This Month

A vulnerability was found in 115cms up to 20240807. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS 115Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-11488 MEDIUM POC This Month

A vulnerability was found in 115cms up to 20240807 and classified as problematic.html. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS 115Cms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-10127 CRITICAL Act Now

Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass M Files Server
NVD
CVSS 4.0
9.2
EPSS
0.6%
CVE-2024-33439 CRITICAL Act Now

An issue in Kasda LinkSmart Router KW5515 v1.7 and before allows an authenticated remote attacker to execute arbitrary OS commands via cgi parameters. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-29292 CRITICAL Act Now

Multiple OS Command Injection vulnerabilities affecting Kasda LinkSmart Router KW6512 <= v1.3 enable an authenticated remote attacker to execute arbitrary OS commands via various cgi parameters. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2024-52725 MEDIUM POC This Month

SemCms v4.8 was discovered to contain a SQL injection vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE SQLi Semcms
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-52757 MEDIUM POC This Month

D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Di 8003 Firmware
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-52754 MEDIUM POC This Month

D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Di 8003 Firmware
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-52445 HIGH This Week

Deserialization of Untrusted Data vulnerability in ModelTheme QRMenu Restaurant QR Menu Lite qrmenu-lite allows Object Injection.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-52438 HIGH This Week

Missing Authentication for Critical Function vulnerability in deco.agency de:branding debranding allows Privilege Escalation.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-52437 HIGH This Week

Missing Authentication for Critical Function vulnerability in Saul Morales Pacheco Banner System banner-system allows Privilege Escalation.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-52446 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Buying Buddy Buying Buddy IDX CRM buying-buddy-idx-crm allows Object Injection.2.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-51162 HIGH This Week

An issue in Audimex EE versions 15.1.20 and earlier allowing a remote attacker to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-10913 HIGH This Week

The Clone plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.6 via deserialization of untrusted input in the 'recursive_unserialized_replace'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization WordPress Information Disclosure PHP
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-48895 HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-52447 HIGH This Week

Path Traversal: '.../...//' vulnerability in corporatezen222 Contact Page With Google Map contact-page-with-google-map allows Path Traversal.6.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Path Traversal
NVD
CVSS 3.1
8.6
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy