Skip to main content
CVE-2024-53268 HIGH POC This Week

Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Microsoft Code Injection RCE Apple +1
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-11664 HIGH POC PATCH This Week

A vulnerability, which was classified as critical, has been found in eNMS up to 4.2. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Enms
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.9%
CVE-2024-53096 HIGH POC PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: mm: resolve faulty mmap_region() error path behaviour The mmap_region() function is somewhat terrifying, with spaghetti-like. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-11650 HIGH POC This Week

A vulnerability was found in Tenda i9 1.0.0.8(3828) and classified as critical. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Denial Of Service I9 Firmware
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
1.2%
CVE-2024-11673 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in 1000 Projects Bookstore Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Bookstore Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-11663 MEDIUM POC This Month

A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP E Commerce Site
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-11649 MEDIUM POC This Month

A vulnerability has been found in 1000 Projects Beauty Parlour Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Beauty Parlour Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-11648 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in 1000 Projects Beauty Parlour Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Beauty Parlour Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-11647 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in 1000 Projects Beauty Parlour Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Beauty Parlour Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-11646 MEDIUM POC This Month

A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Beauty Parlour Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-10709 MEDIUM POC This Month

The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Yadisk Files
NVD WPScan
CVSS 3.1
6.8
EPSS
0.7%
CVE-2024-50672 CRITICAL POC Act Now

A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-53255 MEDIUM POC PATCH This Month

BoidCMS is a free and open-source flat file CMS for building simple websites and blogs, developed using PHP and uses JSON as a database. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Boidcms
NVD GitHub
CVSS 4.0
5.3
EPSS
0.9%
CVE-2024-11661 MEDIUM POC This Month

A vulnerability was found in Codezips Free Exam Hall Seating Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload Free Exam Hall Seating Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-11660 MEDIUM POC This Month

A vulnerability was found in code-projects Farmacia 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Farmacia
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-52787 CRITICAL Act Now

An issue in the upload_documents method of libre-chat v0.0.6 allows attackers to execute a path traversal via supplying a crafted filename in an uploaded file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-11659 MEDIUM POC THREAT This Month

A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware Ens500 Ac Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
27.8%
CVE-2024-11658 MEDIUM POC THREAT This Month

A vulnerability has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware Ens500 Ac Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
27.8%
CVE-2024-11657 MEDIUM POC THREAT This Month

A vulnerability, which was classified as critical, was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware Ens500 Ac Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
27.8%
CVE-2024-11656 MEDIUM POC THREAT This Month

A vulnerability, which was classified as critical, has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware Ens500 Ac Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
27.5%
CVE-2024-11655 MEDIUM POC THREAT This Month

A vulnerability classified as critical was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware Ens500 Ac Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
27.5%
CVE-2024-11654 MEDIUM POC THREAT This Month

A vulnerability classified as critical has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware Ens500 Ac Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
27.8%
CVE-2024-11653 MEDIUM POC THREAT This Month

A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware Ens500 Ac Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
27.8%
CVE-2024-11652 MEDIUM POC THREAT This Month

A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens500 Ac Firmware Ens620Ext Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
28.9%
CVE-2024-11651 MEDIUM POC THREAT This Month

A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware Ens500 Ac Firmware
NVD VulDB
CVSS 4.0
5.1
EPSS
26.2%
CVE-2024-6393 MEDIUM POC This Month

The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.5 does not sanitise and escape some of its Images settings, which could allow high privilege users such as Admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Nextgen Gallery
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-52811 HIGH This Week

The ngtcp2 project is an effort to implement IETF QUIC protocol in C. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
8.2
EPSS
0.8%
CVE-2024-53554 HIGH This Week

A Client-Side Template Injection (CSTI) vulnerability in the component /project/new/scrum of Taiga v 8.6.1 allows remote attackers to execute arbitrary code by injecting a malicious payload within. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-53098 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/xe/ufence: Prefetch ufence addr to catch bogus address access_ok() only checks for addr overflow so also try to read the addr. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-8272 HIGH This Week

The com.uaudio.bsd.helper service, responsible for handling privileged operations, fails to implement critical client validation during XPC inter-process communication (IPC). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-7915 HIGH This Week

The application Sensei Mac Cleaner contains a local privilege escalation vulnerability, allowing an attacker to perform multiple operations as the root user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-7056 LOW POC Monitor

The WPForms WordPress plugin before 1.9.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpforms
NVD WPScan
CVSS 3.1
3.5
EPSS
0.5%
CVE-2024-10710 LOW POC Monitor

The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Yadisk Files
NVD WPScan
CVSS 3.1
3.5
EPSS
0.4%
CVE-2024-53916 HIGH PATCH This Week

In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-45756 HIGH This Week

An issue was discovered in Centreon centreon-open-tickets 24.10.x before 24.10.0, 24.04.x before 24.04.2, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-45755 HIGH This Week

An issue was discovered in Centreon centreon-dsm-server 24.10.x before 24.10.0, 24.04.x before 24.04.3, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-53099 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: bpf: Check validity of link->type in bpf_link_show_fdinfo() If a newly-added link type doesn't invoke BPF_LINK_TYPE(), accessing. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-53258 HIGH PATCH This Week

Autolab is a course management service that enables auto-graded programming assignments. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Autolab
NVD GitHub
CVSS 4.0
7.1
EPSS
0.5%
CVE-2024-27134 HIGH PATCH This Week

Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. Rated high severity (CVSS 7.0). This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Mlflow
NVD GitHub
CVSS 3.1
7.0
EPSS
0.1%
CVE-2024-10270 MEDIUM PATCH This Month

A vulnerability was found in the Keycloak-services package. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-53597 MEDIUM This Month

masterstack_imgcap v0.0.1 was discovered to contain a SQL injection vulnerability via the endpoint /submit. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-53556 MEDIUM This Month

An Open Redirect vulnerability in Taiga v6.8.1 allows attackers to redirect users to arbitrary websites via appending a crafted link to /login?next= in the login page URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Redirect
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-10451 MEDIUM PATCH This Month

A flaw was found in Keycloak. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Information Disclosure
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2024-52529 MEDIUM PATCH This Month

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cilium
NVD GitHub
CVSS 3.1
5.8
EPSS
0.5%
CVE-2024-53101 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized value issue in from_kuid and from_kgid ocfs2_setattr() uses attr->ia_mode, attr->ia_uid and attr->ia_gid in a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Linux Information Disclosure Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-53097 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm: krealloc: Fix MTE false alarm in __do_krealloc This patch addresses an issue introduced by commit 1a83a716ec233 ("mm: krealloc:. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-53599 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the /scroll.php endpoint of LafeLabs Chaos v0.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-32468 MEDIUM PATCH This Month

Deno is a runtime for JavaScript and TypeScript written in rust. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-11671 MEDIUM This Month

Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Remote Desktop Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-11670 MEDIUM This Month

Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Remote Desktop Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy