Skip to main content
CVE-2024-51366 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-51367 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard v2.0.0.2 allows attackers to execute arbitrary code via uploading a crafted .xml file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection File Upload RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-11320 MEDIUM POC THREAT This Month

Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism.4. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Pandora Fms
NVD
CVSS 4.0
6.9
EPSS
91.2%
CVE-2024-52803 CRITICAL POC PATCH Act Now

LLama Factory enables fine-tuning of large language models. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Command Injection Llama Factory
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2024-51151 CRITICAL POC THREAT Act Now

D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
29.7%
CVE-2024-51364 HIGH POC This Week

An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers to execute arbitrary code via uploading a crafted .xml file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-53334 HIGH POC This Week

TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflow in infostat.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A810R Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-48288 HIGH POC THREAT This Week

TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to command injection due to the lack of malicious code verification on both the frontend and backend. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Ipc42C Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
10.3%
CVE-2024-48286 HIGH POC THREAT This Week

Linksys E3000 1.0.06.002_US is vulnerable to command injection via the diag_ping_start function. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E3000 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
12.4%
CVE-2024-53335 HIGH POC This Week

TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflow in downloadFlile.cgi. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A810R Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-10400 HIGH POC PATCH THREAT This Week

The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the ‘rating_filter’ parameter in all versions up to, and including, 2.7.6 due to insufficient escaping on the user supplied. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi WordPress Tutor Lms
NVD
CVSS 3.1
7.5
EPSS
82.5%
CVE-2024-28027 HIGH POC This Week

Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mc Lr Router Firmware
NVD
CVSS 3.1
7.2
EPSS
7.5%
CVE-2024-28026 HIGH POC This Week

Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mc Lr Router Firmware
NVD
CVSS 3.1
7.2
EPSS
5.8%
CVE-2024-28025 HIGH POC This Week

Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mc Lr Router Firmware
NVD
CVSS 3.1
7.2
EPSS
7.5%
CVE-2024-21786 HIGH POC THREAT This Week

An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mc Lr Router Firmware
NVD
CVSS 3.1
7.2
EPSS
10.5%
CVE-2024-11592 MEDIUM POC This Month

A vulnerability has been found in 1000 Projects Beauty Parlour Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Beauty Parlour Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-11591 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in 1000 Projects Beauty Parlour Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Beauty Parlour Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-11590 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in 1000 Projects Bookstore Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bookstore Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-53333 MEDIUM POC THREAT This Month

TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex200 Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
18.9%
CVE-2024-53425 MEDIUM POC This Month

A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Assimp
NVD GitHub
CVSS 3.1
6.2
EPSS
0.3%
CVE-2024-8525 CRITICAL Act Now

An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 4.0
10.0
EPSS
1.4%
CVE-2024-29224 CRITICAL Act Now

An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Gocast
NVD
CVSS 3.1
9.8
EPSS
6.3%
CVE-2024-28892 CRITICAL Act Now

An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Gocast
NVD
CVSS 3.1
9.8
EPSS
6.4%
CVE-2024-21855 CRITICAL Act Now

A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gocast
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2024-11596 MEDIUM POC This Month

ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Wireshark
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-52052 CRITICAL Act Now

Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application property and poison a stream target for high-privilege remote code. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Streaming Engine
NVD
CVSS 4.0
9.4
EPSS
0.5%
CVE-2024-10482 MEDIUM POC This Month

The Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO WordPress plugin before 1.5.0 does not sanitise uploaded SVG files, which could allow users with a role as low as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Media Library Tools
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-11589 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Tailoring Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-11587 MEDIUM POC This Month

A vulnerability was found in idcCMS 1.60. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Idccms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.9%
CVE-2024-11588 MEDIUM POC This Month

A vulnerability was found in AVL-DiTEST-DiagDev libdoip 1.0.0. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libdoip
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.8%
CVE-2024-30896 CRITICAL POC Act Now

InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub Exploit-DB
CVSS 3.1
9.1
EPSS
5.2%
CVE-2024-52755 MEDIUM POC This Month

D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the host_ip parameter in the ipsec_road_asp function. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Memory Corruption Di 8003 Firmware
NVD GitHub
CVSS 3.1
4.9
EPSS
0.8%
CVE-2024-10898 HIGH This Week

The Contact Form 7 Email Add on plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the cf7_email_add_on_add_admin_template() function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE WordPress LFI +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-9768 MEDIUM POC This Month

The Formidable Forms WordPress plugin before 6.14.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Formidable Forms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-9600 MEDIUM POC This Month

The Ditty WordPress plugin before 3.1.47 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ditty
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2024-5029 MEDIUM POC This Month

The CM Table Of Contents WordPress plugin before 1.2.4 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Cm Table Of Contents
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-52053 HIGH This Week

Stored Cross-Site Scripting in the Manager component of Wowza Streaming Engine below 4.9.1 allows an unauthenticated attacker to inject client-side JavaScript into the web dashboard to automatically. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Streaming Engine
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-7517 HIGH This Week

A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD
CVSS 4.0
8.5
EPSS
0.6%
CVE-2024-8157 MEDIUM POC This Month

The Alphabetical List WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Alphabetical List
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-11388 MEDIUM This Month

The Dino Game - Embed Google Chrome Dinosaur Game in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dino-game' shortcode in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS WordPress Dino Game Chrome
NVD
CVSS 3.1
6.4
EPSS
9.1%
CVE-2024-52055 HIGH This Week

Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to read any file on the file system if the target directory contains an XML definition file. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Streaming Engine
NVD
CVSS 4.0
8.2
EPSS
1.0%
CVE-2024-52799 HIGH This Week

Argo Workflows Chart is used to set up argo and its needed dependencies through one command. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE
NVD GitHub
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-9828 MEDIUM POC This Month

The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'load_orders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Taskbuilder
NVD WPScan
CVSS 3.1
4.1
EPSS
0.5%
CVE-2024-11432 MEDIUM This Month

The SuevaFree Essential Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'counter' shortcode in all versions up to, and including, 1.1.3 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.4
EPSS
8.0%
CVE-2024-52289 HIGH PATCH This Week

authentik is an open-source identity provider. Rated high severity (CVSS 7.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Authentik
NVD GitHub
CVSS 4.0
7.9
EPSS
1.1%
CVE-2024-53095 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Kubernetes Use After Free Memory Corruption Information Disclosure Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-7026 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Teknogis Informatics Closed Circuit Vehicle Tracking Software allows SQL Injection, Blind SQL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-51337 LOW POC Monitor

Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixed in v.28.0.00 allows a remote attacker to obtain sensitive information via the email parameter found in /Gibbon/modules/User. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Gibbon
NVD GitHub
CVSS 3.1
3.5
EPSS
0.6%
CVE-2024-53432 HIGH This Week

While parsing certain malformed PLY files, PCL version 1.14.1 crashes due to an uncaught std::out_of_range exception in PCLPointCloud2::at. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-53429 HIGH This Week

Open62541 v1.4.6 is has an assertion failure in fuzz_binary_decode, which leads to a crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy